[Git][security-tracker-team/security-tracker][master] Pre-merge already linux changes for upcoming point releases

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Mar 26 08:59:57 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ba1ccccc by Salvatore Bonaccorso at 2022-03-26T09:59:23+01:00
Pre-merge already linux changes for upcoming point releases

- - - - -


3 changed files:

- data/CVE/list
- data/next-oldstable-point-update.txt
- data/next-point-update.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1624,6 +1624,7 @@ CVE-2022-1012
 	RESERVED
 CVE-2022-1011 (A flaw use after free in the Linux kernel FUSE filesystem was found in ...)
 	- linux <unfixed>
+	[bullseye] - linux 5.10.106-1
 	NOTE: https://git.kernel.org/linus/0c4bcfdecb1ac0967619ee7ff44871d93c08c909 (5.17-rc8)
 CVE-2022-1010
 	RESERVED
@@ -1678,6 +1679,7 @@ CVE-2022-0996 (A vulnerability was found in the 389 Directory Server that allows
 	TODO: check details
 CVE-2022-0995 (An out-of-bounds (OOB) memory write flaw was found in the Linux kernel ...)
 	- linux <unfixed>
+	[bullseye] - linux 5.10.106-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	[stretch] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2063786
@@ -7913,6 +7915,8 @@ CVE-2022-24959 (An issue was discovered in the Linux kernel before 5.16.5. There
 	NOTE: https://git.kernel.org/linus/29eb31542787e1019208a2e1047bb7c76c069536 (5.17-rc2)
 CVE-2022-24958 (drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 m ...)
 	- linux 5.16.14-1
+	[bullseye] - linux 5.10.106-1
+	[buster] - linux 4.19.235-1
 	NOTE: Fixed by: https://git.kernel.org/linus/89f3594d0de58e8a57d92d497dea9fee3d4b9cda (5.17-rc1)
 	NOTE: Fixed by: https://git.kernel.org/linus/501e38a5531efbd77d5c73c0ba838a889bfc1d74 (5.17-rc1)
 CVE-2022-24957
@@ -11105,6 +11109,8 @@ CVE-2022-23961
 	RESERVED
 CVE-2022-23960 (Certain Arm Cortex and Neoverse processors through 2022-03-08 do not p ...)
 	- linux 5.16.14-1
+	[bullseye] - linux 5.10.106-1
+	[buster] - linux 4.19.235-1
 	NOTE: https://www.vusec.net/projects/bhi-spectre-bhb/
 	NOTE: https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/spectre-bhb
 	NOTE: https://xenbits.xen.org/xsa/advisory-398.html
@@ -14474,24 +14480,37 @@ CVE-2022-23043 (Zenario CMS 9.2 allows an authenticated admin user to bypass the
 	NOT-FOR-US: Zenario CMS
 CVE-2022-23042 (Linux PV device frontends vulnerable to attacks by backends T[his CNA  ...)
 	- linux 5.16.14-1
+	[bullseye] - linux 5.10.106-1
+	[buster] - linux 4.19.235-1
 	NOTE: https://xenbits.xen.org/xsa/advisory-396.html
 CVE-2022-23041 (Linux PV device frontends vulnerable to attacks by backends T[his CNA  ...)
 	- linux 5.16.14-1
+	[bullseye] - linux 5.10.106-1
+	[buster] - linux 4.19.235-1
 	NOTE: https://xenbits.xen.org/xsa/advisory-396.html
 CVE-2022-23040 (Linux PV device frontends vulnerable to attacks by backends T[his CNA  ...)
 	- linux 5.16.14-1
+	[bullseye] - linux 5.10.106-1
+	[buster] - linux 4.19.235-1
 	NOTE: https://xenbits.xen.org/xsa/advisory-396.html
 CVE-2022-23039 (Linux PV device frontends vulnerable to attacks by backends T[his CNA  ...)
 	- linux 5.16.14-1
+	[bullseye] - linux 5.10.106-1
+	[buster] - linux 4.19.235-1
 	NOTE: https://xenbits.xen.org/xsa/advisory-396.html
 CVE-2022-23038 (Linux PV device frontends vulnerable to attacks by backends T[his CNA  ...)
 	- linux 5.16.14-1
+	[bullseye] - linux 5.10.106-1
 	NOTE: https://xenbits.xen.org/xsa/advisory-396.html
 CVE-2022-23037 (Linux PV device frontends vulnerable to attacks by backends T[his CNA  ...)
 	- linux 5.16.14-1
+	[bullseye] - linux 5.10.106-1
+	[buster] - linux 4.19.235-1
 	NOTE: https://xenbits.xen.org/xsa/advisory-396.html
 CVE-2022-23036 (Linux PV device frontends vulnerable to attacks by backends T[his CNA  ...)
 	- linux 5.16.14-1
+	[bullseye] - linux 5.10.106-1
+	[buster] - linux 4.19.235-1
 	NOTE: https://xenbits.xen.org/xsa/advisory-396.html
 CVE-2022-23035 (Insufficient cleanup of passed-through device IRQs The management of I ...)
 	- xen 4.16.0+51-g0941d6cb-1
@@ -19440,6 +19459,7 @@ CVE-2021-4150 (A use-after-free flaw was found in the add_partition in block/par
 	NOTE: https://git.kernel.org/linus/9fbfabfda25d8774c5a08634fdd2da000a924890 (5.15-rc7)
 CVE-2021-4149 (A vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tre ...)
 	- linux 5.14.16-1
+	[buster] - linux 4.19.235-1
 	NOTE: https://git.kernel.org/linus/19ea40dddf1833db868533958ca066f368862211 (5.15-rc6)
 CVE-2021-4148 (A vulnerability was found in the Linux kernel's block_invalidatepage i ...)
 	- linux 5.14.16-1


=====================================
data/next-oldstable-point-update.txt
=====================================
@@ -216,24 +216,6 @@ CVE-2021-40985
 	[buster] - htmldoc 1.9.3-1+deb10u3
 CVE-2022-23308
 	[buster] - libxml2 2.9.4+dfsg1-7+deb10u3
-CVE-2021-4149
-	[buster] - linux 4.19.235-1
-CVE-2022-23036
-	[buster] - linux 4.19.235-1
-CVE-2022-23037
-	[buster] - linux 4.19.235-1
-CVE-2022-23039
-	[buster] - linux 4.19.235-1
-CVE-2022-23040
-	[buster] - linux 4.19.235-1
-CVE-2022-23041
-	[buster] - linux 4.19.235-1
-CVE-2022-23042
-	[buster] - linux 4.19.235-1
-CVE-2022-23960
-	[buster] - linux 4.19.235-1
-CVE-2022-24958
-	[buster] - linux 4.19.235-1
 CVE-2020-10001
 	[buster] - cups 2.2.10-6+deb10u5
 CVE-2021-46709


=====================================
data/next-point-update.txt
=====================================
@@ -134,28 +134,6 @@ CVE-2022-25640
 	[bullseye] - wolfssl 4.6.0+p1-0+deb11u1
 CVE-2022-23308
 	[bullseye] - libxml2 2.9.10+dfsg-6.7+deb11u1
-CVE-2022-0995
-	[bullseye] - linux 5.10.106-1
-CVE-2022-1011
-	[bullseye] - linux 5.10.106-1
-CVE-2022-23036
-	[bullseye] - linux 5.10.106-1
-CVE-2022-23037
-	[bullseye] - linux 5.10.106-1
-CVE-2022-23038
-	[bullseye] - linux 5.10.106-1
-CVE-2022-23039
-	[bullseye] - linux 5.10.106-1
-CVE-2022-23040
-	[bullseye] - linux 5.10.106-1
-CVE-2022-23041
-	[bullseye] - linux 5.10.106-1
-CVE-2022-23042
-	[bullseye] - linux 5.10.106-1
-CVE-2022-23960
-	[bullseye] - linux 5.10.106-1
-CVE-2022-24958
-	[bullseye] - linux 5.10.106-1
 CVE-2021-0561
 	[bullseye] - flac 1.3.3-2+deb11u1
 CVE-2021-45005



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba1cccccc6ede50e6175c6777370b9e974600829

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba1cccccc6ede50e6175c6777370b9e974600829
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220326/ba8cb448/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list