[Git][security-tracker-team/security-tracker][master] Mark several linux CVEs as fixed in 5.10.46-1

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jun 24 13:52:27 BST 2021



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
43465100 by Salvatore Bonaccorso at 2021-06-24T14:51:58+02:00
Mark several linux CVEs as fixed in 5.10.46-1

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -919,7 +919,7 @@ CVE-2021-35041 (The blockchain node in FISCO-BCOS V2.7.2 may have a bug when dea
 	TODO: check
 CVE-2021-3609
 	RESERVED
-	- linux <unfixed>
+	- linux 5.10.46-1
 	NOTE: https://www.openwall.com/lists/oss-security/2021/06/19/1
 CVE-2021-35040
 	RESERVED
@@ -1659,7 +1659,7 @@ CVE-2021-34695
 CVE-2021-34694
 	RESERVED
 CVE-2021-34693 (net/can/bcm.c in the Linux kernel through 5.12.10 allows local users t ...)
-	- linux <unfixed>
+	- linux 5.10.46-1
 	NOTE: https://www.openwall.com/lists/oss-security/2021/06/15/1
 	NOTE: https://github.com/nrb547/kernel-exploitation/tree/main/cve-2021-34693
 	NOTE: https://lore.kernel.org/netdev/trinity-87eaea25-2a7d-4aa9-92a5-269b822e5d95-1623609211076@3c-app-gmx-bs04/T/
@@ -3383,7 +3383,7 @@ CVE-2018-25015 (An issue was discovered in the Linux kernel before 4.14.16. Ther
 CVE-2021-3587 [nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect]
 	RESERVED
 	{DLA-2690-1 DLA-2689-1}
-	- linux <unfixed>
+	- linux 5.10.46-1
 	[buster] - linux 4.19.194-1
 	NOTE: https://git.kernel.org/linus/4ac06a1e013cf5fdd963317ffd3b968560f33bba
 CVE-2021-3582 [hw/rdma: Fix possible mremap overflow in the pvrdma device]
@@ -3677,7 +3677,7 @@ CVE-2021-33796
 CVE-2021-3573
 	RESERVED
 	{DLA-2690-1 DLA-2689-1}
-	- linux <unfixed>
+	- linux 5.10.46-1
 	[buster] - linux 4.19.194-1
 	NOTE: https://www.openwall.com/lists/oss-security/2021/06/08/2
 CVE-2021-33795
@@ -4085,7 +4085,7 @@ CVE-2021-33626
 CVE-2021-33625
 	RESERVED
 CVE-2021-33624 (In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch  ...)
-	- linux <unfixed>
+	- linux 5.10.46-1
 	NOTE: https://www.openwall.com/lists/oss-security/2021/06/21/1
 CVE-2021-33623 (The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.j ...)
 	NOT-FOR-US: Node.js trim-newlines package
@@ -4328,7 +4328,7 @@ CVE-2021-33525 (EyesOfNetwork eonweb through 5.3-11 allows Remote Command Execut
 	NOT-FOR-US: EyesOfNetwork (EON) eonweb
 CVE-2021-3564 (A flaw double-free memory corruption in the Linux kernel HCI device in ...)
 	{DLA-2690-1 DLA-2689-1}
-	- linux <unfixed>
+	- linux 5.10.46-1
 	[buster] - linux 4.19.194-1
 	NOTE: https://www.openwall.com/lists/oss-security/2021/05/25/1
 CVE-2021-33524
@@ -16034,7 +16034,7 @@ CVE-2021-28692 [inappropriate x86 IOMMU timeout detection / handling]
 	NOTE: https://xenbits.xen.org/xsa/advisory-373.html
 CVE-2021-28691 [Guest triggered use-after-free in Linux xen-netback]
 	RESERVED
-	- linux <unfixed>
+	- linux 5.10.46-1
 	[buster] - linux <not-affected> (Vulnerable code introduced later)
 	[stretch] - linux <not-affected> (Vulnerable code introduced later)
 	NOTE: https://xenbits.xen.org/xsa/advisory-374.html
@@ -52770,7 +52770,7 @@ CVE-2020-26148 (md_push_block_bytes in md4c.c in md4c 0.4.5 allows attackers to
 	NOTE: https://github.com/mity/md4c/commit/22ca89a3008966c4316d6b0a158b1a49f9038df0
 CVE-2020-26147 (An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, ...)
 	{DLA-2690-1 DLA-2689-1}
-	- linux <unfixed>
+	- linux 5.10.46-1
 	[buster] - linux 4.19.194-1
 	NOTE: https://papers.mathyvanhoef.com/usenix2021.pdf
 	NOTE: https://www.fragattacks.com/
@@ -52779,7 +52779,7 @@ CVE-2020-26147 (An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA,
 CVE-2020-26146 (An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The  ...)
 	NOT-FOR-US: Samsung
 CVE-2020-26145 (An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The  ...)
-	- linux <unfixed>
+	- linux 5.10.46-1
 	NOTE: https://papers.mathyvanhoef.com/usenix2021.pdf
 	NOTE: https://www.fragattacks.com/
 	NOTE: https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/
@@ -52798,7 +52798,7 @@ CVE-2020-26142 (An issue was discovered in the kernel in OpenBSD 6.6. The WEP, W
 	NOTE: https://www.fragattacks.com/
 	NOTE: https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/
 CVE-2020-26141 (An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for  ...)
-	- linux <unfixed>
+	- linux 5.10.46-1
 	NOTE: https://papers.mathyvanhoef.com/usenix2021.pdf
 	NOTE: https://www.fragattacks.com/
 	NOTE: https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/
@@ -52810,7 +52810,7 @@ CVE-2020-26140 (An issue was discovered in the ALFA Windows 10 driver 6.1316.120
 	NOTE: https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/
 CVE-2020-26139 (An issue was discovered in the kernel in NetBSD 7.1. An Access Point ( ...)
 	{DLA-2690-1 DLA-2689-1}
-	- linux <unfixed>
+	- linux 5.10.46-1
 	[buster] - linux 4.19.194-1
 	NOTE: https://papers.mathyvanhoef.com/usenix2021.pdf
 	NOTE: https://www.fragattacks.com/
@@ -56566,7 +56566,7 @@ CVE-2020-24589 (The Management Console in WSO2 API Manager through 3.1.0 and API
 	NOT-FOR-US: WSO2
 CVE-2020-24588 (The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2,  ...)
 	{DLA-2690-1 DLA-2689-1}
-	- linux <unfixed>
+	- linux 5.10.46-1
 	[buster] - linux 4.19.194-1
 	- firmware-nonfree <unfixed>
 	[stretch] - firmware-nonfree <not-affected> (Vulnerable code not present)
@@ -56583,7 +56583,7 @@ CVE-2020-24588 (The 802.11 standard that underpins Wi-Fi Protected Access (WPA,
 	NOTE: At least in stretch the vulnerable code is not in firmware-nonfree, only in linux source.
 CVE-2020-24587 (The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2,  ...)
 	{DLA-2690-1 DLA-2689-1}
-	- linux <unfixed>
+	- linux 5.10.46-1
 	[buster] - linux 4.19.194-1
 	- firmware-nonfree <unfixed>
 	[stretch] - firmware-nonfree <not-affected> (Vulnerable code not present)
@@ -56597,7 +56597,7 @@ CVE-2020-24587 (The 802.11 standard that underpins Wi-Fi Protected Access (WPA,
 	NOTE: At least in stretch the vulnerable code is not in firmware-nonfree, only in linux source.
 CVE-2020-24586 (The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2,  ...)
 	{DLA-2690-1 DLA-2689-1}
-	- linux <unfixed>
+	- linux 5.10.46-1
 	[buster] - linux 4.19.194-1
 	- firmware-nonfree <unfixed>
 	[stretch] - firmware-nonfree <not-affected> (Vulnerable code not present)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/434651003ba026207cf32f9b3084c4403dd71e33

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/434651003ba026207cf32f9b3084c4403dd71e33
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210624/d8a1fdde/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list