[Git][security-tracker-team/security-tracker][master] Track fixed version for some linux CVEs via unstable

Salvatore Bonaccorso carnil at debian.org
Thu Feb 13 06:23:38 GMT 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4e9b4757 by Salvatore Bonaccorso at 2020-02-13T07:23:09+01:00
Track fixed version for some linux CVEs via unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1370,7 +1370,7 @@ CVE-2020-8317
 CVE-2020-8316
 	RESERVED
 CVE-2020-8428 (fs/namei.c in the Linux kernel before 5.5 has a may_create_in_sticky u ...)
-	- linux <unfixed>
+	- linux 5.4.19-1
 	[jessie] - linux <not-affected> (Vulnerable code introduced later)
 	NOTE: Fixed by: https://git.kernel.org/linus/d0cb50185ae942b03c4327be322055d622dc79f6
 CVE-2020-8315 (In Python (CPython) 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 thr ...)
@@ -18894,7 +18894,7 @@ CVE-2019-19047 (A memory leak in the mlx5_fw_fatal_reporter_dump() function in d
 	[jessie] - linux <not-affected> (Vulnerability introduced later)
 	NOTE: https://git.kernel.org/linus/c7ed6d0183d5ea9bc31bcaeeba4070bd62546471
 CVE-2019-19046 (** DISPUTED ** A memory leak in the __ipmi_bmc_register() function in  ...)
-	- linux <unfixed> (unimportant)
+	- linux 5.4.19-1 (unimportant)
 	NOTE: Only a memory leak on the probe path
 CVE-2019-19045 (A memory leak in the mlx5_fpga_conn_create_cq() function in drivers/ne ...)
 	- linux 5.3.15-1
@@ -18909,7 +18909,7 @@ CVE-2019-19044 (Two memory leaks in the v3d_submit_cl_ioctl() function in driver
 	[jessie] - linux <not-affected> (Vulnerability introduced later)
 	NOTE: https://git.kernel.org/linus/29cd13cfd7624726d9e6becbae9aa419ef35af7f
 CVE-2019-19043 (A memory leak in the i40e_setup_macvlans() function in drivers/net/eth ...)
-	- linux <unfixed>
+	- linux 5.4.19-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	[stretch] - linux <not-affected> (Vulnerable code not present)
 	[jessie] - linux <not-affected> (Vulnerable code not present)
@@ -33752,13 +33752,13 @@ CVE-2019-14898 [RHEL-7 specific incompete fix issue for CVE-2019-11599]
 	- linux <not-affected> (RHEL-7 specific incomplete fix for CVE-2019-11599)
 CVE-2019-14897 (A stack-based buffer overflow was found in the Linux kernel, version k ...)
 	{DLA-2068-1}
-	- linux <unfixed>
+	- linux 5.4.19-1
 	[buster] - linux 4.19.98-1
 	[stretch] - linux 4.9.210-1
 	NOTE: https://www.openwall.com/lists/oss-security/2019/11/22/1
 CVE-2019-14896 (A heap-based buffer overflow vulnerability was found in the Linux kern ...)
 	{DLA-2068-1}
-	- linux <unfixed>
+	- linux 5.4.19-1
 	[buster] - linux 4.19.98-1
 	[stretch] - linux 4.9.210-1
 	NOTE: https://www.openwall.com/lists/oss-security/2019/11/22/1
@@ -69297,7 +69297,7 @@ CVE-2019-3017 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtu
 	- virtualbox 6.0.14-dfsg-1
 	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
 CVE-2019-3016 (In a Linux KVM guest that has PV TLB enabled, a process in the guest k ...)
-	- linux <unfixed>
+	- linux 5.4.19-1
 CVE-2019-3015 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
 	NOT-FOR-US: Oracle
 CVE-2019-3014 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4e9b475738af5f04c209c61d217238d5d8274f6b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4e9b475738af5f04c209c61d217238d5d8274f6b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200213/fbadb0ea/attachment.html>


More information about the debian-security-tracker-commits mailing list