[Git][security-tracker-team/security-tracker][master] Track fixed version for linux upload to unstable
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Sep 18 20:09:40 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
067fc687 by Salvatore Bonaccorso at 2021-09-18T21:09:09+02:00
Track fixed version for linux upload to unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2130,7 +2130,7 @@ CVE-2021-40491 (The ftp client in GNU Inetutils before 2.2 does not validate add
NOTE: https://lists.gnu.org/archive/html/bug-inetutils/2021-06/msg00002.html
NOTE: https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=58cb043b190fd04effdaea7c9403416b436e50dd
CVE-2021-40490 (A race condition was discovered in ext4_write_inline_data_end in fs/ex ...)
- - linux <unfixed>
+ - linux 5.14.6-1
NOTE: https://lore.kernel.org/linux-ext4/000000000000e5080305c9e51453@google.com/
CVE-2021-40437
RESERVED
@@ -2377,7 +2377,7 @@ CVE-2021-3754
RESERVED
CVE-2021-3753
RESERVED
- - linux <unfixed>
+ - linux 5.14.6-1
NOTE: https://git.kernel.org/linus/2287a51ba822384834dafc1c798453375d1107c7
CVE-2021-3752
RESERVED
@@ -2793,7 +2793,7 @@ CVE-2021-40148
RESERVED
CVE-2021-3743
RESERVED
- - linux <unfixed>
+ - linux 5.14.6-1
NOTE: https://lists.openwall.net/netdev/2021/08/17/124
NOTE: https://git.kernel.org/linus/7e78c597c3ebfd0cb329aa09a838734147e4f117
CVE-2021-3742
@@ -2967,7 +2967,7 @@ CVE-2021-40081
RESERVED
CVE-2021-3739
RESERVED
- - linux <unfixed>
+ - linux 5.14.6-1
[buster] - linux <not-affected> (Vulnerable code introduced later)
[stretch] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://www.openwall.com/lists/oss-security/2021/08/25/3
@@ -3932,7 +3932,7 @@ CVE-2021-3733 [Denial of service when identifying crafted invalid RFCs]
NOTE: https://github.com/python/cpython/commit/3fbe96123aeb66664fa547a8f6022efa2dc8788f (3.6.14)
CVE-2021-3732 [overlayfs: Mounting overlayfs inside an unprivileged user namespace can reveal files]
RESERVED
- - linux <unfixed>
+ - linux 5.14.6-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1995249
NOTE: https://git.kernel.org/linus/427215d85e8d1476da1a86b8d67aceb485eb3631
CVE-2021-39615 (** UNSUPPORTED WHEN ASSIGNED ** D-Link DSR-500N version 1.02 contains ...)
@@ -6973,7 +6973,7 @@ CVE-2021-38301
RESERVED
CVE-2021-38300
RESERVED
- - linux <unfixed>
+ - linux 5.14.6-1
NOTE: https://www.openwall.com/lists/oss-security/2021/09/15/5
NOTE: https://lore.kernel.org/bpf/20210915160437.4080-1-piotras@gmail.com/
CVE-2021-38299
@@ -7192,13 +7192,13 @@ CVE-2021-38206 (The mac80211 subsystem in the Linux kernel before 5.12.13, when
- linux 5.10.46-1
NOTE: https://git.kernel.org/linus/bddc0c411a45d3718ac535a070f349be8eca8d48
CVE-2021-38205 (drivers/net/ethernet/xilinx/xilinx_emaclite.c in the Linux kernel befo ...)
- - linux <unfixed>
+ - linux 5.14.6-1
NOTE: https://git.kernel.org/linus/d0d62baa7f505bd4c59cd169692ff07ec49dde37
CVE-2021-38204 (drivers/usb/host/max3421-hcd.c in the Linux kernel before 5.13.6 allow ...)
- - linux <unfixed> (unimportant)
+ - linux 5.14.6-1 (unimportant)
NOTE: https://git.kernel.org/linus/b5fdf5c6e6bee35837e160c00ac89327bdad031b
CVE-2021-38203 (btrfs in the Linux kernel before 5.13.4 allows attackers to cause a de ...)
- - linux <unfixed>
+ - linux 5.14.6-1
NOTE: https://git.kernel.org/linus/1cb3db1cf383a3c7dbda1aa0ce748b0958759947
CVE-2021-38202 (fs/nfsd/trace.h in the Linux kernel before 5.13.4 might allow remote a ...)
- linux <not-affected> (Vulnerable code introduced later)
@@ -7210,7 +7210,7 @@ CVE-2021-38200 (arch/powerpc/perf/core-book3s.c in the Linux kernel before 5.12.
- linux <not-affected> (Vulnerable code introduced later)
NOTE: https://git.kernel.org/linus/60b7ed54a41b550d50caf7f2418db4a7e75b5bdc
CVE-2021-38199 (fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect co ...)
- - linux <unfixed>
+ - linux 5.14.6-1
NOTE: https://git.kernel.org/linus/dd99e9f98fbf423ff6d365b37a98e8879170f17c
CVE-2021-38198 (arch/x86/kvm/mmu/paging_tmpl.h in the Linux kernel before 5.12.11 inco ...)
- linux 5.10.46-1
@@ -7391,7 +7391,7 @@ CVE-2021-38162 (SAP Web Dispatcher versions - 7.49, 7.53, 7.77, 7.81, KRNL64NUC
CVE-2021-38161
RESERVED
CVE-2021-38166 (In kernel/bpf/hashtab.c in the Linux kernel through 5.13.8, there is a ...)
- - linux <unfixed>
+ - linux 5.14.6-1
[buster] - linux <not-affected> (Vulnerable code introduced later)
[stretch] - linux <not-affected> (Vulnerable code introduced later)
CVE-2021-38159 (In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0 ...)
@@ -7417,7 +7417,7 @@ CVE-2021-38165 (Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI
NOTE: https://lynx.invisible-island.net/current/CHANGES.html#v2.9.0dev.9
NOTE: https://invisible-mirror.net/archives/lynx/patches/lynx2.9.0dev.9.patch.gz
CVE-2021-38160 (** DISPUTED ** In drivers/char/virtio_console.c in the Linux kernel be ...)
- - linux <unfixed>
+ - linux 5.14.6-1
NOTE: https://git.kernel.org/linus/d00d8da5869a2608e97cfede094dfc5e11462a46
CVE-2021-38154 (Certain Canon devices manufactured in 2012 through 2020 (such as image ...)
NOT-FOR-US: Canon
@@ -7906,7 +7906,7 @@ CVE-2021-3681
CVE-2021-3680 (showdoc is vulnerable to Missing Cryptographic Step ...)
NOT-FOR-US: showdoc
CVE-2021-3679 (A lack of CPU resource in the Linux kernel tracing module functionalit ...)
- - linux <unfixed>
+ - linux 5.14.6-1
NOTE: https://git.kernel.org/linus/67f0d6d9883c13174669f88adac4f0ee656cc16a
CVE-2021-3678 (showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random N ...)
NOT-FOR-US: showdoc
@@ -8797,7 +8797,7 @@ CVE-2021-37539
CVE-2021-3666 (body-parser-xml is vulnerable to Improperly Controlled Modification of ...)
NOT-FOR-US: Node body-parser-xml
CVE-2021-37576 (arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on t ...)
- - linux <unfixed>
+ - linux 5.14.6-1
[stretch] - linux <ignored> (powerpc architectures not included in LTS)
NOTE: https://git.kernel.org/linus/f62f3c20647ebd5fb6ecb8f0b477b9281c44c10a (5.14-rc3)
CVE-2021-37538 (Multiple SQL injection vulnerabilities in SmartDataSoft SmartBlog for ...)
@@ -9658,7 +9658,7 @@ CVE-2021-37140
RESERVED
CVE-2021-3656 [KVM: nSVM: always intercept VMLOAD/VMSAVE when nested]
RESERVED
- - linux <unfixed>
+ - linux 5.14.6-1
[stretch] - linux <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2021/08/16/1
CVE-2021-37139
@@ -10465,7 +10465,7 @@ CVE-2021-36775
RESERVED
CVE-2021-3653 [KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl]
RESERVED
- - linux <unfixed>
+ - linux 5.14.6-1
NOTE: https://www.openwall.com/lists/oss-security/2021/08/16/1
CVE-2020-36427 (GNOME gThumb before 3.10.1 allows an application crash via a malformed ...)
- gthumb 3:3.11.1-0.1 (unimportant)
@@ -14539,7 +14539,7 @@ CVE-2021-3609
CVE-2021-35040
RESERVED
CVE-2021-35039 (kernel/module.c in the Linux kernel before 5.12.14 mishandles Signatur ...)
- - linux <unfixed>
+ - linux 5.14.6-1
[stretch] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://www.openwall.com/lists/oss-security/2021/07/06/3
NOTE: https://git.kernel.org/linus/0c18f29aae7ce3dadd26d8ee3505d07cc982df75
@@ -21553,7 +21553,7 @@ CVE-2021-32080
CVE-2021-32079
RESERVED
CVE-2021-32078 (An Out-of-Bounds Read was discovered in arch/arm/mach-footbridge/perso ...)
- - linux <unfixed> (unimportant)
+ - linux 5.14.6-1 (unimportant)
NOTE: https://kirtikumarar.com/CVE-2021-32078.txt
NOTE: https://git.kernel.org/linus/298a58e165e447ccfaae35fe9f651f9d7e15166f (5.13-rc1)
CVE-2021-3539 (EspoCRM 6.1.6 and prior suffers from a persistent (type II) cross-site ...)
@@ -66802,7 +66802,7 @@ CVE-2017-18924 (** DISPUTED ** oauth2-server (aka node-oauth2-server) through 3.
CVE-2020-26542 (An issue was discovered in the MongoDB Simple LDAP plugin through 2020 ...)
NOT-FOR-US: MongoDB plugin
CVE-2020-26541 (The Linux kernel through 5.8.13 does not properly enforce the Secure B ...)
- - linux <unfixed>
+ - linux 5.14.6-1
[stretch] - linux <not-affected> (Secure Boot key import not supported)
NOTE: https://lkml.org/lkml/2020/9/15/1871
CVE-2020-26540 (An issue was discovered in Foxit Reader and PhantomPDF before 4.1 on m ...)
@@ -71827,7 +71827,7 @@ CVE-2020-24506 (Out of bound read in a subsystem in the Intel(R) CSME versions b
CVE-2020-24505 (Insufficient input validation in the firmware for the Intel(R) 700-ser ...)
NOT-FOR-US: Intel NIC firmware
CVE-2020-24504 (Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapt ...)
- - linux <unfixed>
+ - linux 5.14.6-1
[bullseye] - linux <ignored> (Minor issue, too intrusive to backport)
[buster] - linux <not-affected> (Vulnerable code not present)
[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -89484,7 +89484,7 @@ CVE-2020-16120 (Overlayfs did not properly perform permission checking when copy
[stretch] - linux <not-affected> (Vulnerable configuration combination not possible)
NOTE: https://www.openwall.com/lists/oss-security/2020/10/13/6
CVE-2020-16119 (Use-after-free vulnerability in the Linux kernel exploitable by a loca ...)
- - linux <unfixed>
+ - linux 5.14.6-1
[bullseye] - linux <no-dsa> (Minor issue, blacklisted by default, revisit if fixed upstream)
[buster] - linux <no-dsa> (Minor issue, blacklisted by default, revisit if fixed upstream)
NOTE: https://www.openwall.com/lists/oss-security/2020/10/13/7
@@ -124161,7 +124161,7 @@ CVE-2020-3704 (u'While processing invalid connection request PDU which is nonsta
CVE-2020-3703 (u'Buffer over-read issue in Bluetooth peripheral firmware due to lack ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-3702 (u'Specifically timed and handcrafted traffic can cause internal errors ...)
- - linux <unfixed>
+ - linux 5.14.6-1
NOTE: https://lore.kernel.org/linux-wireless/CABvG-CVvPF++0vuGzCrBj8+s=Bcx1GwWfiW1_Somu_GVncTAcQ@mail.gmail.com/
NOTE: https://lore.kernel.org/stable/20210818084859.vcs4vs3yd6zetmyt@pali/t/#mf8b430d4f19f1b939a29b6c5098fdc514fd1a928
CVE-2020-3701 (Use after free issue while processing error notification from camx dri ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/067fc687325392ea1e06d35b387e4833e58c1261
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/067fc687325392ea1e06d35b387e4833e58c1261
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210918/a2bb6e06/attachment.htm>
More information about the debian-security-tracker-commits
mailing list