[Git][security-tracker-team/security-tracker][master] Track fixed version for linux upload via unstable

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Apr 18 13:49:25 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c69c1aba by Salvatore Bonaccorso at 2022-04-18T14:47:31+02:00
Track fixed version for linux upload via unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -358,7 +358,7 @@ CVE-2022-1354
 	RESERVED
 CVE-2022-1353 [af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register]
 	RESERVED
-	- linux <unfixed>
+	- linux 5.17.3-1
 	NOTE: https://git.kernel.org/linus/9a564bccb78a76740ea9d75a259942df8143d02c (5.17)
 CVE-2022-1352
 	RESERVED
@@ -1292,7 +1292,7 @@ CVE-2022-28895
 CVE-2022-28894
 	RESERVED
 CVE-2022-28893 (The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xp ...)
-	- linux <unfixed>
+	- linux 5.17.3-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	[stretch] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/f00432063db1a0db484e85193eccc6845435b80e (5.18-rc2)
@@ -2519,14 +2519,14 @@ CVE-2022-28392
 CVE-2022-28391 (BusyBox through 1.35.0 allows remote attackers to execute arbitrary co ...)
 	TODO: check
 CVE-2022-28390 (ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kerne ...)
-	- linux <unfixed>
+	- linux 5.17.3-1
 	NOTE: https://git.kernel.org/linus/c70222752228a62135cee3409dccefd494a24646 (5.18-rc1)
 CVE-2022-28389 (mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux ker ...)
-	- linux <unfixed>
+	- linux 5.17.3-1
 	[stretch] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/04c9b00ba83594a29813d6b1fb8fdc93a3915174 (5.18-rc1)
 CVE-2022-28388 (usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux ker ...)
-	- linux <unfixed>
+	- linux 5.17.3-1
 	NOTE: https://git.kernel.org/linus/3d3925ff6433f98992685a9679613a2cc97f3ce2 (5.18-rc1)
 CVE-2022-28387
 	RESERVED
@@ -2700,11 +2700,11 @@ CVE-2022-1206
 	RESERVED
 CVE-2022-1205
 	RESERVED
-	- linux <unfixed>
+	- linux 5.17.3-1
 	NOTE: https://www.openwall.com/lists/oss-security/2022/04/02/4
 CVE-2022-1204
 	RESERVED
-	- linux <unfixed>
+	- linux 5.17.3-1
 	NOTE: https://www.openwall.com/lists/oss-security/2022/04/02/2
 CVE-2022-1203
 	RESERVED
@@ -3308,7 +3308,7 @@ CVE-2022-1159 (Rockwell Automation Studio 5000 Logix Designer (all versions) are
 	NOT-FOR-US: Rockwell Automation
 CVE-2022-1158
 	RESERVED
-	- linux <unfixed>
+	- linux 5.17.3-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	[stretch] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/2a8859f373b0a86f0ece8ec8312607eacf12485d (5.18-rc1)
@@ -18979,7 +18979,7 @@ CVE-2022-0177
 	REJECTED
 CVE-2021-4204 [eBPF Improper Input Validation Vulnerability]
 	RESERVED
-	- linux <unfixed>
+	- linux 5.17.3-1
 	[buster] - linux <not-affected> (Vulnerable code introduced later)
 	[stretch] - linux <not-affected> (Vulnerable code introduced later)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/01/11/4
@@ -19329,7 +19329,7 @@ CVE-2022-0169 (The Photo Gallery by 10Web WordPress plugin before 1.6.0 does not
 	NOT-FOR-US: WordPress plugin
 CVE-2022-0168
 	RESERVED
-	- linux <unfixed>
+	- linux 5.17.3-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	[stretch] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2037386
@@ -26204,7 +26204,7 @@ CVE-2021-44790 (A carefully crafted request body can cause a buffer overflow in
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-44790
 	NOTE: Fixed by: https://svn.apache.org/r1896039
 CVE-2021-4095 (A NULL pointer dereference was found in the Linux kernel's KVM when di ...)
-	- linux <unfixed>
+	- linux 5.17.3-1
 	[bullseye] - linux <not-affected> (Vulnerable code introduced later)
 	[buster] - linux <not-affected> (Vulnerable code introduced later)
 	[stretch] - linux <not-affected> (Vulnerable code introduced later)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c69c1aba889bb3488ee4098420e76a9876d02c48

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c69c1aba889bb3488ee4098420e76a9876d02c48
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220418/33834a56/attachment.htm>

More information about the debian-security-tracker-commits mailing list