[Git][security-tracker-team/security-tracker][master] Sync some linux CVEs with kernel-sec triaging

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Mar 23 21:17:05 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e586f823 by Salvatore Bonaccorso at 2022-03-23T22:16:30+01:00
Sync some linux CVEs with kernel-sec triaging

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -240,6 +240,7 @@ CVE-2021-46739
 	RESERVED
 CVE-2022-27666 (In the Linux kernel before 5.16.15, there is a buffer overflow in ESP  ...)
 	- linux <unfixed>
+	[stretch] - linux <not-affected> (Vulnerable code introduced later)
 	NOTE: https://git.kernel.org/linus/ebe48d368e97d007bfeb76fcb065d6cfc4c96645 (5.17-rc8)
 CVE-2022-27665
 	RESERVED
@@ -1258,8 +1259,11 @@ CVE-2022-0999
 	RESERVED
 CVE-2022-0998
 	RESERVED
-	- linux <unfixed> (unimportant)
-	NOTE: https://git.kernel.org/linus/870aaff92e959e29d40f9cfdb5ed06ba2fc2dae0 (5.17-rc1)
+	- linux 5.15.15-1 (unimportant)
+	[bullseye] - linux 5.10.92-1
+	[buster] - linux <not-affected> (ulnerable code not present)
+	[stretch] - linux <not-affected> (ulnerable code not present)
+	NOTE: https://git.kernel.org/linus/3ed21c1451a14d139e1ceb18f2fa70865ce3195a (5.16-rc6)
 	NOTE: CONFIG_VHOST_VDPA not set in Debian
 CVE-2022-0997
 	RESERVED
@@ -1271,6 +1275,8 @@ CVE-2022-0996
 CVE-2022-0995 [kernel bug in the watch_queue subsystem]
 	RESERVED
 	- linux <unfixed>
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	[stretch] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2063786
 CVE-2022-0994
 	RESERVED
@@ -10024,6 +10030,7 @@ CVE-2022-0401 (Path Traversal in NPM w-zip prior to 1.0.12. ...)
 CVE-2022-0400 [Out of bounds read in the smc protocol stack]
 	RESERVED
 	- linux <unfixed>
+	[stretch] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2044575
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2040604 (not public)
 CVE-2022-0399 (The Advanced Product Labels for WooCommerce WordPress plugin before 1. ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e586f8233fa18b68925139319fee9064c80964f2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e586f8233fa18b68925139319fee9064c80964f2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220323/6139cb00/attachment.htm>

More information about the debian-security-tracker-commits mailing list