[Git][security-tracker-team/security-tracker][master] Track fixed versions for CVE fixes for linux/5.5.13-1 upload

Salvatore Bonaccorso carnil at debian.org
Mon Mar 30 05:06:06 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
88024286 by Salvatore Bonaccorso at 2020-03-30T06:05:28+02:00
Track fixed versions for CVE fixes for linux/5.5.13-1 upload

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -142,7 +142,7 @@ CVE-2019-20633 (GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Fr
 	- patch <not-affected> (Incomplete fix for CVE-2018-6952 not applied)
 	NOTE: https://savannah.gnu.org/bugs/index.php?56683
 CVE-2020-10942 (In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net. ...)
-	- linux <unfixed>
+	- linux 5.5.13-1
 	NOTE: https://git.kernel.org/linus/42d84c8490f9f0931786f1623191fcab397c3d64 (5.6-rc4)
 CVE-2020-10941 (Arm Mbed TLS before 2.6.15 allows attackers to obtain sensitive inform ...)
 	- mbedtls 2.16.5-1
@@ -3819,7 +3819,7 @@ CVE-2020-9387
 CVE-2020-9386 (In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before ...)
 	- mahara <removed>
 CVE-2020-9391 (An issue was discovered in the Linux kernel 5.4 and 5.5 through 5.5.6  ...)
-	- linux <unfixed>
+	- linux 5.5.13-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	[stretch] - linux <not-affected> (Vulnerable code not present)
 	[jessie] - linux <not-affected> (Vulnerable code not present)
@@ -3829,7 +3829,7 @@ CVE-2020-9385 (A NULL Pointer Dereference exists in libzint in Zint 2.7.1 becaus
 CVE-2020-9384
 	RESERVED
 CVE-2020-9383 (An issue was discovered in the Linux kernel through 5.5.6. set_fdc in  ...)
-	- linux <unfixed>
+	- linux 5.5.13-1
 	NOTE: https://git.kernel.org/linus/2e90ca68b0d2f5548804f22f0dd61145516171e3
 CVE-2020-9382 (An issue was discovered in the Widgets extension through 1.4.0 for Med ...)
 	NOT-FOR-US: Widgets extension for MediaWiki
@@ -4774,7 +4774,7 @@ CVE-2020-8994 (An issue was discovered on XIAOMI AI speaker MDZ-25-DT 1.34.36, a
 CVE-2020-8993
 	RESERVED
 CVE-2020-8992 (ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux k ...)
-	- linux <unfixed>
+	- linux 5.5.13-1
 	NOTE: https://patchwork.ozlabs.org/patch/1236118/
 CVE-2020-8991 (** DISPUTED ** vg_lookup in daemons/lvmetad/lvmetad-core.c in LVM2 2.0 ...)
 	- lvm2 2.03.01-2
@@ -5562,13 +5562,13 @@ CVE-2020-8641 (Lotus Core CMS 1.0.1 allows authenticated Local File Inclusion of
 CVE-2019-20447 (Jobberbase 2.0 has SQL injection via the PATH_INFO to the jobs-in endp ...)
 	NOT-FOR-US: Jobberbase CMS
 CVE-2020-8649 (There is a use-after-free vulnerability in the Linux kernel through 5. ...)
-	- linux <unfixed>
+	- linux 5.5.13-1
 	NOTE: https://git.kernel.org/linus/513dc792d6060d5ef572e43852683097a8420f56
 CVE-2020-8648 (There is a use-after-free vulnerability in the Linux kernel through 5. ...)
-	- linux <unfixed>
+	- linux 5.5.13-1
 	NOTE: https://git.kernel.org/linus/07e6124a1a46b4b5a9b3cacc0c306b50da87abf5
 CVE-2020-8647 (There is a use-after-free vulnerability in the Linux kernel through 5. ...)
-	- linux <unfixed>
+	- linux 5.5.13-1
 	NOTE: https://git.kernel.org/linus/513dc792d6060d5ef572e43852683097a8420f56
 CVE-2020-8640
 	RESERVED
@@ -19197,7 +19197,7 @@ CVE-2019-19770 (In the Linux kernel 4.19.83, there is a use-after-free (read) in
 	- linux <unfixed>
 	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=205713
 CVE-2019-19769 (In the Linux kernel 5.3.10, there is a use-after-free (read) in the pe ...)
-	- linux <unfixed>
+	- linux 5.5.13-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	[stretch] - linux <not-affected> (Vulnerable code not present)
 	[jessie] - linux <not-affected> (Vulnerable code not present)
@@ -20092,7 +20092,7 @@ CVE-2020-2733
 	RESERVED
 CVE-2020-2732 [kvm: nVMX: L2 guest may trick the L0 hypervisor to access sensitive L1 resources]
 	RESERVED
-	- linux <unfixed>
+	- linux 5.5.13-1
 	NOTE: https://git.kernel.org/linus/07721feee46b4b248402133228235318199b05ec
 	NOTE: https://git.kernel.org/linus/35a571346a94fb93b5b3b6a599675ef3384bc75c
 	NOTE: https://git.kernel.org/linus/e71237d3ff1abf9f3388337cfebf53b96df2020d
@@ -29837,7 +29837,7 @@ CVE-2020-0011 (In get_auth_result of fpc_ta_hw_auth.c, there is a possible out o
 CVE-2020-0010 (In fpc_ta_get_build_info of fpc_ta_kpi.c, there is a possible out of b ...)
 	NOT-FOR-US: FPC components for Android
 CVE-2020-0009 (In calc_vm_may_flags of ashmem.c, there is a possible arbitrary write  ...)
-	- linux <unfixed>
+	- linux 5.5.13-1
 	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1949
 CVE-2020-0008 (In LowEnergyClient::MtuChangedCallback of low_energy_client.cc, there  ...)
 	NOT-FOR-US: Android



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8802428660e63aee1fb814d0973ec9bec9823443

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8802428660e63aee1fb814d0973ec9bec9823443
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200330/207e16ee/attachment.html>

More information about the debian-security-tracker-commits mailing list