[Git][security-tracker-team/security-tracker][master] 2 commits: Process NFUs

Thu Oct 20 21:49:33 BST 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
402ffef6 by Salvatore Bonaccorso at 2022-10-20T22:48:53+02:00
Process NFUs

- - - - -
f9eb202b by Salvatore Bonaccorso at 2022-10-20T22:48:54+02:00
Add CVE-2022-353{3,4}/libbpf

I'm not tracking them as well for the source in src:linux on purpose
here. libbpf is externaly build and not from src:linux. Technically one
can argue this still makes it src:linux with unimportant severity in the
tracker, but ommiting to avoid cluttering the linux CVEs which are
relevant.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1086,7 +1086,7 @@ CVE-2022-3541 (A vulnerability classified as critical has been found in Linux Ke
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/12aece8b01507a2d357a1861f470e83621fbb6f2 (6.1-rc1)
 CVE-2022-3540 (An issue has been discovered in hunter2 affecting all versions before  ...)
-	TODO: check
+	NOT-FOR-US: hunter2
 CVE-2022-3539
 	RESERVED
 CVE-2022-3538
@@ -1102,13 +1102,13 @@ CVE-2022-42985
 CVE-2022-42984
 	RESERVED
 CVE-2022-42983 (anji-plus AJ-Report 0.9.8.6 allows remote attackers to bypass login au ...)
-	TODO: check
+	NOT-FOR-US: anji-plus AJ-Report
 CVE-2022-42982
 	RESERVED
 CVE-2022-42981
 	RESERVED
 CVE-2022-42980 (go-admin (aka GO Admin) 2.0.12 uses the string go-admin as a productio ...)
-	TODO: check
+	NOT-FOR-US: go-admin (aka GO Admin)
 CVE-2022-42979
 	RESERVED
 CVE-2022-42978
@@ -1118,7 +1118,7 @@ CVE-2022-42977
 CVE-2022-42976
 	RESERVED
 CVE-2022-42975 (socket/transport.ex in Phoenix before 1.6.14 mishandles check_origin w ...)
-	TODO: check
+	NOT-FOR-US: Phoenix
 CVE-2022-42974
 	RESERVED
 CVE-2022-42973
@@ -1133,9 +1133,14 @@ CVE-2022-3535 (A vulnerability classified as problematic was found in Linux Kern
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/0152dfee235e87660f52a117fc9f70dc55956bb4 (6.1-rc1)
 CVE-2022-3534 (A vulnerability classified as critical has been found in Linux Kernel. ...)
-	TODO: check
+	- libbpf <unfixed>
+	NOTE: Introduced by: https://github.com/libbpf/libbpf/commit/7ac1547f32f060d84b06c74edbb2c6896cc07949 (v0.2)
+	NOTE: Fixed by: https://github.com/libbpf/libbpf/commit/54caf920db0e489de90f3aaaa41e2a51ddbcd084
 CVE-2022-3533 (A vulnerability was found in Linux Kernel. It has been rated as proble ...)
-	TODO: check
+	- libbpf <unfixed>
+	[bullseye] - libbpf <not-affected> (Vulnerable code introduced later)
+	NOTE: Introduced by: https://github.com/libbpf/libbpf/commit/557499a13ede6ea86883d070af06621fe990572f (v0.8.0)
+	NOTE: Fixed by: https://github.com/libbpf/libbpf/commit/881a10980b7ded995da5d9cc1919992c36c9d2be
 CVE-2022-3532 (A vulnerability was found in Linux Kernel. It has been declared as pro ...)
 	- linux <unfixed> (unimportant)
 	NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=6e8280b958c5d7edc514cf347a800b23b7732b2b



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a04e63e1eccc11582d33811e5930eadbfbd5292f...f9eb202baa123d9e8a6b043cba07419d44350616

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a04e63e1eccc11582d33811e5930eadbfbd5292f...f9eb202baa123d9e8a6b043cba07419d44350616
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221020/6894c7fb/attachment-0001.htm>
