[Git][security-tracker-team/security-tracker][master] Merge in changes for linux in 11.2 bullseye point release

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Dec 18 08:41:57 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e8bb92f5 by Salvatore Bonaccorso at 2021-12-18T09:41:01+01:00
Merge in changes for linux in 11.2 bullseye point release

- - - - -


2 changed files:

- data/CVE/list
- data/next-point-update.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1216,6 +1216,7 @@ CVE-2021-4084 (pimcore is vulnerable to Improper Neutralization of Input During
 CVE-2021-4083
 	RESERVED
 	- linux <unfixed>
+	[bullseye] - linux 5.10.84-1
 	NOTE: https://git.kernel.org/linus/054aa8d439b9185d4f5eb9a90282d1ce74772969 (5.16-rc4)
 CVE-2021-4082 (pimcore is vulnerable to Cross-Site Request Forgery (CSRF) ...)
 	NOT-FOR-US: Pimcore
@@ -2968,6 +2969,7 @@ CVE-2021-4003
 CVE-2021-4002 [hugetlbfs: flush TLBs correctly after huge_pmd_unshare]
 	RESERVED
 	- linux 5.15.5-1
+	[bullseye] - linux 5.10.84-1
 	NOTE: https://www.openwall.com/lists/oss-security/2021/11/25/1
 	NOTE: https://git.kernel.org/linus/a4a118f2eead1d6c49e00765de89878288d4b890
 CVE-2021-44143 (A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unc ...)
@@ -3105,6 +3107,7 @@ CVE-2021-44080
 CVE-2021-4001 [race condition when the EBPF map is frozen]
 	RESERVED
 	- linux 5.15.5-1
+	[bullseye] - linux 5.10.84-1
 	[buster] - linux <not-affected> (Vulnerable code introduced later)
 	[stretch] - linux <not-affected> (Vulnerable code introduced later)
 	NOTE: https://git.kernel.org/linus/353050be4c19e102178ccc05988101887c25ae53
@@ -3402,6 +3405,7 @@ CVE-2021-43976 (In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/
 	NOTE: https://patchwork.kernel.org/project/linux-wireless/patch/YX4CqjfRcTa6bVL+@Zekuns-MBP-16.fios-router.home/
 CVE-2021-43975 (In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in driver ...)
 	- linux <unfixed>
+	[bullseye] - linux 5.10.84-1
 	NOTE: https://lore.kernel.org/netdev/163698540868.13805.17800408021782408762.git-patchwork-notify@kernel.org/T/
 CVE-2021-43974
 	RESERVED
@@ -5918,6 +5922,7 @@ CVE-2021-43390 (An Out-of-Bounds Write vulnerability exists when reading a DGN f
 CVE-2021-43389 (An issue was discovered in the Linux kernel before 5.14.15. There is a ...)
 	{DLA-2843-1}
 	- linux 5.14.16-1
+	[bullseye] - linux 5.10.84-1
 	NOTE: https://www.openwall.com/lists/oss-security/2021/10/19/1
 	NOTE: https://git.kernel.org/linus/1f3e2e97c003f80c4b087092b225c8787ff91e4d
 CVE-2021-43388 (Unisys Cargo Mobile Application before 1.2.29 uses cleartext to store  ...)
@@ -6228,6 +6233,7 @@ CVE-2021-3922
 	RESERVED
 CVE-2021-43267 (An issue was discovered in net/tipc/crypto.c in the Linux kernel befor ...)
 	- linux 5.14.16-1
+	[bullseye] - linux 5.10.84-1
 	[buster] - linux <not-affected> (Vulnerable code introduced later)
 	[stretch] - linux <not-affected> (Vulnerable code introduced later)
 	NOTE: https://git.kernel.org/linus/fa40d9734a57bcbfa79a280189799f76c88f7bb0 (5.15)
@@ -7714,6 +7720,7 @@ CVE-2021-43046 (The Interior Server and Gateway Server components of TIBCO Softw
 	NOT-FOR-US: TIBCO
 CVE-2021-43056 (An issue was discovered in the Linux kernel for powerpc before 5.14.15 ...)
 	- linux 5.14.16-1
+	[bullseye] - linux 5.10.84-1
 	[buster] - linux <not-affected> (Vulnerable code introduced later)
 	[stretch] - linux <not-affected> (Vulnerable code introduced later)
 	NOTE: https://git.kernel.org/linus/cdeb5d7d890e14f3b70e8087e745c4a6a7d9f337 (5.15-rc6)
@@ -8455,6 +8462,7 @@ CVE-2021-42740 (The shell-quote package before 1.7.3 for Node.js allows command
 CVE-2021-42739 (The firewire subsystem in the Linux kernel through 5.14.13 has a buffe ...)
 	{DLA-2843-1}
 	- linux 5.14.16-1
+	[bullseye] - linux 5.10.84-1
 	NOTE: https://seclists.org/oss-sec/2021/q2/46
 	NOTE: https://lore.kernel.org/linux-media/YHaulytonFcW+lyZ@mwanda/
 CVE-2021-42738 (Adobe Prelude version 10.1 (and earlier) is affected by a memory corru ...)
@@ -10633,6 +10641,7 @@ CVE-2021-42328
 	RESERVED
 CVE-2021-42327 (dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu ...)
 	- linux 5.14.16-1
+	[bullseye] - linux 5.10.84-1
 	[buster] - linux <not-affected> (Vulnerability introduced later)
 	[stretch] - linux <not-affected> (Vulnerability introduced later)
 	NOTE: https://lists.freedesktop.org/archives/amd-gfx/2021-October/070170.html
@@ -11737,6 +11746,7 @@ CVE-2021-41865 (HashiCorp Nomad and Nomad Enterprise 1.1.1 through 1.1.5 allowed
 CVE-2021-41864 (prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kern ...)
 	{DLA-2843-1}
 	- linux 5.14.12-1
+	[bullseye] - linux 5.10.84-1
 	NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=30e29a9a2bc6a4888335a6ede968b75cd329657a
 CVE-2021-41863
 	RESERVED
@@ -14961,6 +14971,7 @@ CVE-2021-3773
 CVE-2021-3772 [Invalid chunks may be used to remotely remove existing associations]
 	RESERVED
 	- linux 5.14.16-1
+	[bullseye] - linux 5.10.84-1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2000694
 CVE-2021-3771
 	RESERVED
@@ -15163,6 +15174,7 @@ CVE-2021-40440 (Microsoft Dynamics Business Central Cross-site Scripting Vulnera
 CVE-2021-3764 [DoS in ccp_run_aes_gcm_cmd() function]
 	RESERVED
 	- linux 5.14.12-1
+	[bullseye] - linux 5.10.84-1
 	[stretch] - linux <not-affected> (Vulnerability introduced later)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1997467
 	NOTE: https://git.kernel.org/linus/505d9dcb0f7ddf9d075e729523a33d38642ae680 (5.15-rc4)
@@ -15376,6 +15388,7 @@ CVE-2021-3760
 	RESERVED
 	{DLA-2843-1}
 	- linux 5.14.16-1 (unimportant)
+	[bullseye] - linux 5.10.84-1
 	NOTE: https://www.openwall.com/lists/oss-security/2021/10/26/2
 	NOTE: https://git.kernel.org/linus/1b1499a817c90fd1ce9453a2c98d2a01cca0e775 (5.15-rc6)
 	NOTE: CONFIG_NFC_NCI is not set in Debian
@@ -15862,6 +15875,7 @@ CVE-2021-3745 (flatcore-cms is vulnerable to Unrestricted Upload of File with Da
 CVE-2021-3744 [crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()]
 	RESERVED
 	- linux 5.14.12-1
+	[bullseye] - linux 5.10.84-1
 	[stretch] - linux <not-affected> (Vulnerability introduced later)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2000627
 	NOTE: https://git.kernel.org/linus/505d9dcb0f7ddf9d075e729523a33d38642ae680 (5.15-rc4)
@@ -25051,6 +25065,7 @@ CVE-2021-36351 (SQL Injection Vulnerability in Care2x Open Source Hospital Infor
 CVE-2021-3640 [Linux kernel: UAF in sco_send_frame function]
 	RESERVED
 	- linux 5.15.3-1
+	[bullseye] - linux 5.10.84-1
 	NOTE: https://www.openwall.com/lists/oss-security/2021/07/22/1
 CVE-2021-3639 [Prevent redirect to URLs that begin with '///']
 	RESERVED
@@ -65961,6 +65976,7 @@ CVE-2021-20321
 	RESERVED
 	{DLA-2843-1}
 	- linux 5.14.12-1
+	[bullseye] - linux 5.10.84-1
 	NOTE: https://git.kernel.org/linus/a295aef603e109a47af355477326bd41151765b6 (5.15-rc5)
 CVE-2021-20320
 	RESERVED
@@ -77436,6 +77452,7 @@ CVE-2020-27821 (A flaw was found in the memory management API of QEMU during the
 	NOTE: Introduced by: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=48564041a73adbbff52834f9edbe3806fceefab7 (v3.0)
 CVE-2020-27820 (A vulnerability was found in Linux kernel, where a use-after-frees in  ...)
 	- linux 5.15.5-1 (unimportant)
+	[bullseye] - linux 5.10.84-1
 	NOTE: No security impact, requires physical access to the computer
 CVE-2020-27819 (An issue was discovered in libxls before and including 1.6.1 when read ...)
 	- r-cran-readxl <not-affected> (Embeds libxls, but not affected)


=====================================
data/next-point-update.txt
=====================================
@@ -62,40 +62,6 @@ CVE-2021-23445
 	[bullseye] - datatables.js 1.10.21+dfsg-2+deb11u1
 CVE-2021-40391
 	[bullseye] - gerbv 2.7.0-2+deb11u1
-CVE-2020-27820
-	[bullseye] - linux 5.10.84-1
-CVE-2021-20321
-	[bullseye] - linux 5.10.84-1
-CVE-2021-3640
-	[bullseye] - linux 5.10.84-1
-CVE-2021-3744
-	[bullseye] - linux 5.10.84-1
-CVE-2021-3760
-	[bullseye] - linux 5.10.84-1
-CVE-2021-3764
-	[bullseye] - linux 5.10.84-1
-CVE-2021-3772
-	[bullseye] - linux 5.10.84-1
-CVE-2021-4001
-	[bullseye] - linux 5.10.84-1
-CVE-2021-4002
-	[bullseye] - linux 5.10.84-1
-CVE-2021-4083
-	[bullseye] - linux 5.10.84-1
-CVE-2021-41864
-	[bullseye] - linux 5.10.84-1
-CVE-2021-42327
-	[bullseye] - linux 5.10.84-1
-CVE-2021-42739
-	[bullseye] - linux 5.10.84-1
-CVE-2021-43056
-	[bullseye] - linux 5.10.84-1
-CVE-2021-43267
-	[bullseye] - linux 5.10.84-1
-CVE-2021-43389
-	[bullseye] - linux 5.10.84-1
-CVE-2021-43975
-	[bullseye] - linux 5.10.84-1
 CVE-2021-44543
 	[bullseye] - privoxy 3.0.32-2+deb11u1
 CVE-2021-44542



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e8bb92f535453a83e58b68c0ff6536e500b9d831

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e8bb92f535453a83e58b68c0ff6536e500b9d831
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211218/f3d1be33/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list