[Git][security-tracker-team/security-tracker][master] Mark several linux CVEs as fixed in 5.10.46-1
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jun 24 13:52:27 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
43465100 by Salvatore Bonaccorso at 2021-06-24T14:51:58+02:00
Mark several linux CVEs as fixed in 5.10.46-1
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -919,7 +919,7 @@ CVE-2021-35041 (The blockchain node in FISCO-BCOS V2.7.2 may have a bug when dea
TODO: check
CVE-2021-3609
RESERVED
- - linux <unfixed>
+ - linux 5.10.46-1
NOTE: https://www.openwall.com/lists/oss-security/2021/06/19/1
CVE-2021-35040
RESERVED
@@ -1659,7 +1659,7 @@ CVE-2021-34695
CVE-2021-34694
RESERVED
CVE-2021-34693 (net/can/bcm.c in the Linux kernel through 5.12.10 allows local users t ...)
- - linux <unfixed>
+ - linux 5.10.46-1
NOTE: https://www.openwall.com/lists/oss-security/2021/06/15/1
NOTE: https://github.com/nrb547/kernel-exploitation/tree/main/cve-2021-34693
NOTE: https://lore.kernel.org/netdev/trinity-87eaea25-2a7d-4aa9-92a5-269b822e5d95-1623609211076@3c-app-gmx-bs04/T/
@@ -3383,7 +3383,7 @@ CVE-2018-25015 (An issue was discovered in the Linux kernel before 4.14.16. Ther
CVE-2021-3587 [nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect]
RESERVED
{DLA-2690-1 DLA-2689-1}
- - linux <unfixed>
+ - linux 5.10.46-1
[buster] - linux 4.19.194-1
NOTE: https://git.kernel.org/linus/4ac06a1e013cf5fdd963317ffd3b968560f33bba
CVE-2021-3582 [hw/rdma: Fix possible mremap overflow in the pvrdma device]
@@ -3677,7 +3677,7 @@ CVE-2021-33796
CVE-2021-3573
RESERVED
{DLA-2690-1 DLA-2689-1}
- - linux <unfixed>
+ - linux 5.10.46-1
[buster] - linux 4.19.194-1
NOTE: https://www.openwall.com/lists/oss-security/2021/06/08/2
CVE-2021-33795
@@ -4085,7 +4085,7 @@ CVE-2021-33626
CVE-2021-33625
RESERVED
CVE-2021-33624 (In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch ...)
- - linux <unfixed>
+ - linux 5.10.46-1
NOTE: https://www.openwall.com/lists/oss-security/2021/06/21/1
CVE-2021-33623 (The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.j ...)
NOT-FOR-US: Node.js trim-newlines package
@@ -4328,7 +4328,7 @@ CVE-2021-33525 (EyesOfNetwork eonweb through 5.3-11 allows Remote Command Execut
NOT-FOR-US: EyesOfNetwork (EON) eonweb
CVE-2021-3564 (A flaw double-free memory corruption in the Linux kernel HCI device in ...)
{DLA-2690-1 DLA-2689-1}
- - linux <unfixed>
+ - linux 5.10.46-1
[buster] - linux 4.19.194-1
NOTE: https://www.openwall.com/lists/oss-security/2021/05/25/1
CVE-2021-33524
@@ -16034,7 +16034,7 @@ CVE-2021-28692 [inappropriate x86 IOMMU timeout detection / handling]
NOTE: https://xenbits.xen.org/xsa/advisory-373.html
CVE-2021-28691 [Guest triggered use-after-free in Linux xen-netback]
RESERVED
- - linux <unfixed>
+ - linux 5.10.46-1
[buster] - linux <not-affected> (Vulnerable code introduced later)
[stretch] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://xenbits.xen.org/xsa/advisory-374.html
@@ -52770,7 +52770,7 @@ CVE-2020-26148 (md_push_block_bytes in md4c.c in md4c 0.4.5 allows attackers to
NOTE: https://github.com/mity/md4c/commit/22ca89a3008966c4316d6b0a158b1a49f9038df0
CVE-2020-26147 (An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, ...)
{DLA-2690-1 DLA-2689-1}
- - linux <unfixed>
+ - linux 5.10.46-1
[buster] - linux 4.19.194-1
NOTE: https://papers.mathyvanhoef.com/usenix2021.pdf
NOTE: https://www.fragattacks.com/
@@ -52779,7 +52779,7 @@ CVE-2020-26147 (An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA,
CVE-2020-26146 (An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The ...)
NOT-FOR-US: Samsung
CVE-2020-26145 (An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The ...)
- - linux <unfixed>
+ - linux 5.10.46-1
NOTE: https://papers.mathyvanhoef.com/usenix2021.pdf
NOTE: https://www.fragattacks.com/
NOTE: https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/
@@ -52798,7 +52798,7 @@ CVE-2020-26142 (An issue was discovered in the kernel in OpenBSD 6.6. The WEP, W
NOTE: https://www.fragattacks.com/
NOTE: https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/
CVE-2020-26141 (An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for ...)
- - linux <unfixed>
+ - linux 5.10.46-1
NOTE: https://papers.mathyvanhoef.com/usenix2021.pdf
NOTE: https://www.fragattacks.com/
NOTE: https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/
@@ -52810,7 +52810,7 @@ CVE-2020-26140 (An issue was discovered in the ALFA Windows 10 driver 6.1316.120
NOTE: https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/
CVE-2020-26139 (An issue was discovered in the kernel in NetBSD 7.1. An Access Point ( ...)
{DLA-2690-1 DLA-2689-1}
- - linux <unfixed>
+ - linux 5.10.46-1
[buster] - linux 4.19.194-1
NOTE: https://papers.mathyvanhoef.com/usenix2021.pdf
NOTE: https://www.fragattacks.com/
@@ -56566,7 +56566,7 @@ CVE-2020-24589 (The Management Console in WSO2 API Manager through 3.1.0 and API
NOT-FOR-US: WSO2
CVE-2020-24588 (The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, ...)
{DLA-2690-1 DLA-2689-1}
- - linux <unfixed>
+ - linux 5.10.46-1
[buster] - linux 4.19.194-1
- firmware-nonfree <unfixed>
[stretch] - firmware-nonfree <not-affected> (Vulnerable code not present)
@@ -56583,7 +56583,7 @@ CVE-2020-24588 (The 802.11 standard that underpins Wi-Fi Protected Access (WPA,
NOTE: At least in stretch the vulnerable code is not in firmware-nonfree, only in linux source.
CVE-2020-24587 (The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, ...)
{DLA-2690-1 DLA-2689-1}
- - linux <unfixed>
+ - linux 5.10.46-1
[buster] - linux 4.19.194-1
- firmware-nonfree <unfixed>
[stretch] - firmware-nonfree <not-affected> (Vulnerable code not present)
@@ -56597,7 +56597,7 @@ CVE-2020-24587 (The 802.11 standard that underpins Wi-Fi Protected Access (WPA,
NOTE: At least in stretch the vulnerable code is not in firmware-nonfree, only in linux source.
CVE-2020-24586 (The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, ...)
{DLA-2690-1 DLA-2689-1}
- - linux <unfixed>
+ - linux 5.10.46-1
[buster] - linux 4.19.194-1
- firmware-nonfree <unfixed>
[stretch] - firmware-nonfree <not-affected> (Vulnerable code not present)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/434651003ba026207cf32f9b3084c4403dd71e33
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/434651003ba026207cf32f9b3084c4403dd71e33
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210624/d8a1fdde/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list