[Git][security-tracker-team/security-tracker][master] Ignore some eBPF related linux issues for stretch (sync with kernel-sec)

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon May 16 06:02:22 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0fdd84d7 by Salvatore Bonaccorso at 2022-05-16T07:01:44+02:00
Ignore some eBPF related linux issues for stretch (sync with kernel-sec)

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -27579,6 +27579,7 @@ CVE-2021-4160 (There is a carry propagation bug in the MIPS32 and MIPS64 squarin
 CVE-2021-4159 [bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds()]
 	RESERVED
 	- linux 5.7.6-1
+	[stretch] - linux <ignored> (Too risky to backport, and mitigated by default)
 	NOTE: Fixed by: https://git.kernel.org/linus/294f2fc6da27620a506e6c050241655459ccd6bd (5.7-rc1)
 CVE-2021-45464 [hypervisor escape and host code execution]
 	RESERVED
@@ -57925,6 +57926,7 @@ CVE-2021-35477 (In the Linux kernel through 5.13.7, an unprivileged BPF program
 	{DLA-2785-1}
 	- linux 5.10.46-4
 	[buster] - linux 4.19.208-1
+	[stretch] - linux <ignored> (Too risky to backport, and mitigated by default)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/08/01/3
 CVE-2021-35476
 	RESERVED
@@ -60064,6 +60066,7 @@ CVE-2021-34556 (In the Linux kernel through 5.13.7, an unprivileged BPF program
 	{DLA-2785-1}
 	- linux 5.10.46-4
 	[buster] - linux 4.19.208-1
+	[stretch] - linux <ignored> (Too risky to backport, and mitigated by default)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/08/01/3
 CVE-2021-34555 (OpenDMARC 1.4.1 and 1.4.1.1 allows remote attackers to cause a denial  ...)
 	- opendmarc 1.4.0~beta1+dfsg-6 (bug #990001)
@@ -62259,6 +62262,7 @@ CVE-2021-33624 (In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a b
 	{DLA-2785-1}
 	- linux 5.10.46-1
 	[buster] - linux 4.19.208-1
+	[stretch] - linux <ignored> (Too risky to backport, and mitigated by default)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/06/21/1
 CVE-2021-33623 (The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.j ...)
 	- node-trim-newlines 3.0.0+~3.0.0-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0fdd84d77592c53e3418bb06a703548a88bcde5c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0fdd84d77592c53e3418bb06a703548a88bcde5c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220516/e25a2066/attachment.htm>

More information about the debian-security-tracker-commits mailing list