[Git][security-tracker-team/security-tracker][master] delete glibc annotations conflicting with elts tracker
Helmut Grohne (@helmutg)
helmutg at debian.org
Mon Nov 7 09:36:21 GMT 2022
Helmut Grohne pushed to branch master at Debian Security Tracker / security-tracker
Commits:
954ccfc8 by Helmut Grohne at 2022-11-07T10:35:21+01:00
delete glibc annotations conflicting with elts tracker
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -63932,13 +63932,11 @@ CVE-2022-23219 (The deprecated compatibility function clnt_create in the sunrpc
{DLA-3152-1}
- glibc 2.33-3
[bullseye] - glibc 2.31-13+deb11u3
- [stretch] - glibc <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22542
CVE-2022-23218 (The deprecated compatibility function svcunix_create in the sunrpc mod ...)
{DLA-3152-1}
- glibc 2.33-3
[bullseye] - glibc 2.31-13+deb11u3
- [stretch] - glibc <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28768
CVE-2022-23217
RESERVED
@@ -74458,7 +74456,6 @@ CVE-2021-3999 (A flaw was found in glibc. An off-by-one buffer overflow and unde
{DLA-3152-1}
- glibc 2.33-4
[bullseye] - glibc 2.31-13+deb11u4
- [stretch] - glibc <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28769
NOTE: https://www.openwall.com/lists/oss-security/2022/01/24/4
NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=23e0e8f5f1fb5ed150253d986ecccdc90c2dcd5e
@@ -99017,7 +99014,6 @@ CVE-2021-35943 (Couchbase Server 6.5.x and 6.6.x through 6.6.2 has Incorrect Acc
CVE-2021-35942 (The wordexp function in the GNU C Library (aka glibc) through 2.33 may ...)
{DLA-3152-1}
- glibc 2.31-13 (bug #990542)
- [stretch] - glibc <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28011
NOTE: https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=5adda61f62b77384718b4c0d8336ade8f2b4b35c
CVE-2021-35941 (Western Digital WD My Book Live (2.x and later) and WD My Book Live Du ...)
@@ -104600,7 +104596,6 @@ CVE-2021-33574 (The mq_notify function in the GNU C Library (aka glibc) versions
[experimental] - glibc 2.32-0experimental0
- glibc 2.32-1 (bug #989147)
[bullseye] - glibc 2.31-13+deb11u3
- [stretch] - glibc <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=27896
NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=42d359350510506b87101cf77202fefcbfc790cb
NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=217b6dc298156bdb0d6aea9ea93e7e394a5ff091
@@ -123608,7 +123603,6 @@ CVE-2021-26273 (The Agent in NinjaRMM 5.0.909 has Incorrect Access Control. ...)
CVE-2021-3326 (The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and ...)
{DLA-3152-1}
- glibc 2.31-10 (bug #981198)
- [stretch] - glibc <no-dsa> (Minor issue)
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2146
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=27256
NOTE: https://sourceware.org/pipermail/libc-alpha/2021-January/122058.html
@@ -135695,7 +135689,6 @@ CVE-2020-35931 (An issue was discovered in Foxit Reader before 10.1.1 (and befor
CVE-2019-25013 (The iconv feature in the GNU C Library (aka glibc or libc6) through 2. ...)
{DLA-3152-1}
- glibc 2.31-9 (bug #979273)
- [stretch] - glibc <postponed> (Minor issue; can be fixed in next update)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24973
NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;a=commit;h=ee7a3144c9922808181009b7b3e50e852fb4999b
CVE-2019-25012 (The Webform Report project 7.x-1.x-dev for Drupal allows remote attack ...)
@@ -152223,7 +152216,6 @@ CVE-2020-27619 (In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.p
CVE-2020-27618 (The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and ...)
{DLA-3152-1}
- glibc 2.31-5 (bug #973914)
- [stretch] - glibc <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=26224
NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=9a99c682144bdbd40792ebf822fe9264e0376fb5
CVE-2020-27617 (eth_get_gso_type in net/eth.c in QEMU 4.2.1 allows guest OS users to t ...)
@@ -195790,8 +195782,6 @@ CVE-2020-10030 (An issue has been found in PowerDNS Recursor 4.1.0 up to and inc
CVE-2020-10029 (The GNU C Library (aka glibc or libc6) before 2.32 could overflow an o ...)
{DLA-3152-1}
- glibc 2.30-1 (bug #953108)
- [stretch] - glibc <no-dsa> (Minor issue)
- [jessie] - glibc <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25487
NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9333498794cde1d5cca518badf79533a24114b6f
NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c10acd40262486dac597001aecc20ad9d3bd0e4a
@@ -218183,8 +218173,6 @@ CVE-2020-1753 (A security flaw was found in Ansible Engine, all Ansible 2.7.x ve
CVE-2020-1752 (A use-after-free vulnerability introduced in glibc upstream version 2. ...)
{DLA-3152-1}
- glibc 2.30-3 (bug #953788)
- [stretch] - glibc <no-dsa> (Minor issue)
- [jessie] - glibc <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25414
NOTE: Introduced in: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f2962a71959fd254a7a223437ca4b63b9e81130c (2.14)
NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ddc650e9b3dc916eab417ce9f79e67337b05035c
@@ -219072,7 +219060,6 @@ CVE-2019-19127 (An authentication bypass vulnerability is present in the standal
CVE-2019-19126 (On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 ...)
{DLA-3152-1}
- glibc 2.29-8 (bug #945250)
- [stretch] - glibc <no-dsa> (Minor issue)
[jessie] - glibc <not-affected> (Vulnerable code introduced in 2.23)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25204
NOTE: Introduced by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=object;h=b9eb92ab05204df772eb4929eccd018637c9f3e9
@@ -253528,8 +253515,6 @@ CVE-2019-9170 (An issue was discovered in GitLab Community and Enterprise Editio
NOTE: https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/
CVE-2019-9169 (In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_n ...)
- glibc 2.28-9 (bug #924612)
- [stretch] - glibc <no-dsa> (Minor issue)
- [jessie] - glibc <no-dsa> (Minor issue)
- eglibc <removed>
NOTE: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34140
NOTE: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34142
@@ -300931,7 +300916,6 @@ CVE-2018-11237 (An AVX-512-optimized implementation of the mempcpy function in t
CVE-2018-11236 (stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 a ...)
- glibc 2.27-4 (low; bug #899071)
[stretch] - glibc 2.24-11+deb9u4
- [jessie] - glibc <no-dsa> (Minor issue, can be fixed along in future DSA or point update)
- eglibc <removed>
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22786
NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5460617d1567657621107d895ee2dd83bc1f88f2
@@ -314011,8 +313995,6 @@ CVE-2018-6552 (Apport does not properly handle crashes originating from a PID na
CVE-2018-6551 (The malloc implementation in the GNU C Library (aka glibc or libc6), f ...)
[experimental] - glibc 2.26.9000+20180127.7e23a7dd-0experimental0
- glibc 2.27-1
- [stretch] - glibc <no-dsa> (Minor issue)
- [jessie] - glibc <not-affected> (Issue introduced in 2.24, 2.26 only for i386)
- eglibc <not-affected> (Issue introduced in 2.24 for powerpc, 2.26 only for i386)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22774
NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;a=commit;h=8e448310d74b283c5cd02b9ed7fb997b47bf9b22
@@ -314324,8 +314306,6 @@ CVE-2017-18080 (The saveConfigureSecurity resource in Atlassian Bamboo before ve
CVE-2018-6485 (An integer overflow in the implementation of the posix_memalign in mem ...)
[experimental] - glibc 2.26.9000+20180127.7e23a7dd-0experimental0
- glibc 2.27-1 (bug #878159)
- [stretch] - glibc <no-dsa> (Minor issue)
- [jessie] - glibc <no-dsa> (Minor issue)
- eglibc <removed>
[wheezy] - eglibc <ignored> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22343
@@ -317857,8 +317837,6 @@ CVE-2018-1000004 (In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versi
[stretch] - linux 4.9.80-1
CVE-2018-1000001 (In glibc 2.26 and earlier there is confusion in the usage of getcwd() ...)
- glibc 2.26-4 (bug #887001)
- [stretch] - glibc <postponed> (Minor issue, can be fixed along in next DSA or preferably point release)
- [jessie] - glibc <postponed> (Minor issue, can be fixed along in next DSA or preferably point release)
- eglibc <removed>
[wheezy] - eglibc <postponed> (Minor issue, can be fixed along in next DSA)
NOTE: https://www.openwall.com/lists/oss-security/2018/01/11/5
@@ -329778,14 +329756,12 @@ CVE-2017-1000410 (The Linux kernel version 3.3-rc1 and later is affected by a vu
CVE-2017-1000409 (A buffer overflow in glibc 2.5 (released on September 29, 2006) and ca ...)
- glibc 2.25-5 (bug #884133)
[stretch] - glibc 2.24-11+deb9u4
- [jessie] - glibc <no-dsa> (Minor issue)
- eglibc <removed>
[wheezy] - eglibc <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2017/12/11/4
CVE-2017-1000408 (A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached ...)
- glibc 2.25-5 (bug #884132)
[stretch] - glibc 2.24-11+deb9u4
- [jessie] - glibc <no-dsa> (Minor issue)
- eglibc <removed>
[wheezy] - eglibc <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2017/12/11/4
@@ -332616,7 +332592,6 @@ CVE-2017-16998
CVE-2017-16997 (elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2 ...)
- glibc 2.25-6 (bug #884615)
[stretch] - glibc 2.24-11+deb9u4
- [jessie] - glibc <no-dsa> (Minor issue)
- eglibc <removed>
[wheezy] - eglibc <no-dsa> (Minor issue)
NOTE: Upstream bug: https://sourceware.org/bugzilla/show_bug.cgi?id=22625
@@ -337471,7 +337446,6 @@ CVE-2017-15805 (Cisco Small Business SA520 and SA540 devices with firmware 2.1.7
CVE-2017-15804 (The glob function in glob.c in the GNU C Library (aka glibc or libc6) ...)
- glibc 2.25-3 (low; bug #879955)
[stretch] - glibc 2.24-11+deb9u4
- [jessie] - glibc <no-dsa> (Minor issue)
- eglibc <removed> (low)
[wheezy] - eglibc <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22332
@@ -337798,7 +337772,6 @@ CVE-2017-15671 (The glob function in glob.c in the GNU C Library (aka glibc or l
[experimental] - glibc 2.26-0experimental0
- glibc 2.25-3 (low; bug #879500)
[stretch] - glibc 2.24-11+deb9u4
- [jessie] - glibc <no-dsa> (Minor issue)
- eglibc <removed> (low)
[wheezy] - eglibc <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22325
@@ -337807,7 +337780,6 @@ CVE-2017-15670 (The GNU C Library (aka glibc or libc6) before 2.27 contains an o
[experimental] - glibc 2.26-0experimental0
- glibc 2.25-3 (low; bug #879501)
[stretch] - glibc 2.24-11+deb9u4
- [jessie] - glibc <no-dsa> (Minor issue)
- eglibc <removed> (low)
[wheezy] - eglibc <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22320
@@ -348657,7 +348629,6 @@ CVE-2017-12134 (The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c
CVE-2017-12133 (Use-after-free vulnerability in the clntudp_call function in sunrpc/cl ...)
- glibc 2.24-15 (bug #870648)
[stretch] - glibc 2.24-11+deb9u2
- [jessie] - glibc <no-dsa> (Minor issue)
- eglibc <removed>
[wheezy] - eglibc <no-dsa> (Minor issue)
NOTE: issue introduced by fix for CVE-2016-4429
@@ -348666,8 +348637,6 @@ CVE-2017-12133 (Use-after-free vulnerability in the clntudp_call function in sun
CVE-2017-12132 (The DNS stub resolver in the GNU C Library (aka glibc or libc6) before ...)
[experimental] - glibc 2.25-0experimental1
- glibc 2.25-1 (bug #870650)
- [stretch] - glibc <no-dsa> (Minor issue)
- [jessie] - glibc <no-dsa> (Minor issue)
- eglibc <removed>
[wheezy] - eglibc <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21361
@@ -367402,7 +367371,6 @@ CVE-2017-6077 (ping.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.
CVE-2016-10228 (The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and e ...)
{DLA-3152-1}
- glibc 2.31-3 (low; bug #856503)
- [stretch] - glibc <no-dsa> (Minor issue)
[jessie] - glibc <no-dsa> (Minor issue)
- eglibc <removed>
[wheezy] - eglibc <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/954ccfc86b985f390a91d3f8abf60414b245887b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/954ccfc86b985f390a91d3f8abf60414b245887b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221107/18831e04/attachment.htm>
More information about the debian-security-tracker-commits
mailing list