[Git][security-tracker-team/security-tracker][master] Sync status for some src:linux issues with kernel-sec

Salvatore Bonaccorso carnil at debian.org
Mon Apr 20 22:14:40 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
adc88418 by Salvatore Bonaccorso at 2020-04-20T23:13:46+02:00
Sync status for some src:linux issues with kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4162,8 +4162,8 @@ CVE-2020-10709
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1824033
 CVE-2020-10708 [race condition in kernel/audit.c may allow low privilege users trigger kernel panic]
 	RESERVED
-	- linux <undetermined>
-	TODO: further check in kernel-sec
+	- linux <unfixed> (unimportant)
+	NOTE: Disputed and negligigle imapct
 CVE-2020-10707
 	REJECTED
 CVE-2020-10706
@@ -8130,6 +8130,8 @@ CVE-2020-8993
 	RESERVED
 CVE-2020-8992 (ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux k ...)
 	- linux 5.5.13-1
+	[stretch] - linux <not-affected> (Vulnerable code not present)
+	[jessie] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://patchwork.ozlabs.org/patch/1236118/
 CVE-2020-8991 (** DISPUTED ** vg_lookup in daemons/lvmetad/lvmetad-core.c in LVM2 2.0 ...)
 	- lvm2 2.03.01-2
@@ -8505,6 +8507,7 @@ CVE-2020-8833
 	RESERVED
 CVE-2020-8832 (The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 (" ...)
 	- linux 4.16.5-1
+	[jessie] - linux <not-affected> (No support for this hardware)
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1862840
 	NOTE: The CVE is for an incomplete fix for CVE-2019-14615 which technically only
 	NOTE: affects upstream versions (and downstreams) which applied the fix fo
@@ -22719,7 +22722,7 @@ CVE-2019-19769 (In the Linux kernel 5.3.10, there is a use-after-free (read) in
 	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=205705
 	NOTE: https://git.kernel.org/linus/6d390e4b5d48ec03bb87e63cf0a2bff5f4e116da
 CVE-2019-19768 (In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the ...)
-	- linux <unfixed>
+	- linux 5.5.13-1
 	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=205711
 CVE-2019-19767 (The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as d ...)
 	{DLA-2114-1 DLA-2068-1}
@@ -27162,7 +27165,8 @@ CVE-2019-19321
 CVE-2019-19320
 	RESERVED
 CVE-2019-19319 (In the Linux kernel 5.0.21, a setxattr operation, after a mount of a c ...)
-	- linux 5.3.15-1
+	- linux 5.2.6-1
+	[buster] - linux 4.19.87-1
 CVE-2019-19318 (In the Linux kernel 5.3.11, mounting a crafted btrfs image twice can c ...)
 	- linux 5.4.6-1
 CVE-2019-19317 (lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed b ...)
@@ -28381,6 +28385,8 @@ CVE-2019-18886 (An issue was discovered in Symfony 4.2.0 to 4.2.11 and 4.3.0 to
 	NOTE: Fixed by: https://github.com/symfony/symfony/commit/7bd4a92fc9cc15d9a9fbb9eb1041e01b977f8332 (v4.2.12)
 CVE-2019-18885 (fs/btrfs/volumes.c in the Linux kernel before 5.1 allows a btrfs_verif ...)
 	- linux 5.2.6-1
+	[stretch] - linux <not-affected> (Vulnerable code not present)
+	[jessie] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/09ba3bc9dd150457c506e4661380a6183af651c1 (5.1-rc1)
 CVE-2019-18884 (index.php/team_members/add_team_member in RISE Ultimate Project Manage ...)
 	NOT-FOR-US: RISE
@@ -33434,6 +33440,9 @@ CVE-2020-0042 (In fpc_ta_hw_auth_unwrap_key of fpc_ta_hw_auth_qsee.c, there is a
 	NOT-FOR-US: FPC components for Android
 CVE-2020-0041 (In binder_transaction of binder.c, there is a possible out of bounds w ...)
 	- linux 5.4.6-1
+	[buster] - linux <not-affected> (Vulnerability introduced later)
+	[stretch] - linux <not-affected> (Vulnerability introduced later)
+	[jessie] - linux <not-affected> (Vulnerability introduced later)
 	NOTE: https://git.kernel.org/linus/16981742717b04644a41052570fb502682a315d2
 CVE-2020-0040
 	RESERVED
@@ -33504,6 +33513,7 @@ CVE-2020-0010 (In fpc_ta_get_build_info of fpc_ta_kpi.c, there is a possible out
 	NOT-FOR-US: FPC components for Android
 CVE-2020-0009 (In calc_vm_may_flags of ashmem.c, there is a possible arbitrary write  ...)
 	- linux 5.5.13-1
+	[jessie] - linux <ignored> (Driver is not enabled or supported)
 	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1949
 CVE-2020-0008 (In LowEnergyClient::MtuChangedCallback of low_energy_client.cc, there  ...)
 	NOT-FOR-US: Android



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/adc884184fb84e01edff7d093d265e898bcb3e36

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/adc884184fb84e01edff7d093d265e898bcb3e36
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200420/ecf33302/attachment.html>

More information about the debian-security-tracker-commits mailing list