[Git][security-tracker-team/security-tracker][master] Track fixed version for several linux issues fixed via unstable

Thu Aug 17 21:06:06 BST 2023


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9eca932c by Salvatore Bonaccorso at 2023-08-17T22:05:24+02:00
Track fixed version for several linux issues fixed via unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -728,7 +728,7 @@ CVE-2023-4282 (The EmbedPress plugin for WordPress is vulnerable to unauthorized
 CVE-2023-4275
 	REJECTED
 CVE-2023-4128 (A use-after-free flaw was found in net/sched/cls_fw.c in classifiers ( ...)
-	- linux <unfixed>
+	- linux 6.4.11-1
 	NOTE: https://git.kernel.org/linus/3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81 (6.5-rc5)
 	NOTE: https://git.kernel.org/linus/76e42ae831991c828cffa8c37736ebfb831ad5ec (6.5-rc5)
 	NOTE: https://git.kernel.org/linus/b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8 (6.5-rc5)
@@ -962,7 +962,7 @@ CVE-2023-38710 [Invalid IKEv2 REKEY proposal causes restart]
 	NOTE: https://libreswan.org/security/CVE-2023-38710/CVE-2023-38710.txt
 	NOTE: https://libreswan.org/security/CVE-2023-38710/CVE-2023-38710.patch
 CVE-2023-4273 (A flaw was found in the exFAT driver of the Linux kernel. The vulnerab ...)
-	- linux <unfixed>
+	- linux 6.4.11-1
 	NOTE: https://git.kernel.org/linus/d42334578eba1390859012ebb91e1e556d51db49 (6.5-rc5)
 CVE-2023-40012 (uthenticode is a small cross-platform library for partially verifying  ...)
 	NOT-FOR-US: uthenticode
@@ -1477,7 +1477,7 @@ CVE-2023-32292 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
 CVE-2023-2423 (A vulnerability was discovered in the Rockwell Automation Armor PowerF ...)
 	NOT-FOR-US: Rockwell Automation
 CVE-2023-34319 [xen/netback: Fix buffer overrun triggered by unusual packet]
-	- linux <unfixed>
+	- linux 6.4.11-1
 	NOTE: https://git.kernel.org/linus/534fc31d09b706a16d83533e16b5dc855caf7576
 	NOTE: https://xenbits.xen.org/xsa/advisory-432.html
 CVE-2023-3573 (In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0 ...)
@@ -1558,7 +1558,7 @@ CVE-2023-4200 (A vulnerability has been found in SourceCodester Inventory Manage
 CVE-2023-4199 (A vulnerability, which was classified as critical, was found in Source ...)
 	NOT-FOR-US: SourceCodester Inventory Management System
 CVE-2023-4155
-	- linux <unfixed>
+	- linux 6.4.11-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/7588dbcebcbf0193ab5b76987396d0254270b04a
@@ -1952,7 +1952,7 @@ CVE-2023-38497 (Cargo downloads the Rust project\u2019s dependencies and compile
 	NOTE: https://github.com/rust-lang/wg-security-response/tree/main/patches/CVE-2023-38497
 	NOTE: https://github.com/rust-lang/cargo/security/advisories/GHSA-j3xp-wfr4-hx87
 CVE-2023-4147 (A use-after-free flaw was found in the Linux kernel\u2019s Netfilter f ...)
-	- linux <unfixed>
+	- linux 6.4.11-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/0ebc1064e4874d5987722a2ddbc18f94aa53b211 (6.5-rc4)
 CVE-2023-4145 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/custo ...)
@@ -2623,7 +2623,7 @@ CVE-2023-34359 (ASUS RT-AX88U's httpd is subject to an unauthenticated DoS condi
 CVE-2023-34358 (ASUS RT-AX88U's httpd is subject to an unauthenticated DoS condition.  ...)
 	NOT-FOR-US: ASUS
 CVE-2023-4004 (A use-after-free flaw was found in the Linux kernel's netfilter in the ...)
-	- linux <unfixed>
+	- linux 6.4.11-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/87b5a5c209405cb6b57424cdfa226a6dbd349232 (6.5-rc3)
 CVE-2023-3976
@@ -23300,7 +23300,7 @@ CVE-2023-1208 (This HTTP Headers WordPress plugin before 1.18.11 allows arbitrar
 CVE-2023-1207 (This HTTP Headers WordPress plugin before 1.18.8 has an import functio ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-1206 (A hash collision flaw was found in the IPv6 connection lookup table in ...)
-	- linux <unfixed>
+	- linux 6.4.11-1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2175903
 	NOTE: https://git.kernel.org/linus/d11b0df7ddf1831f3e170972f43186dad520bfcc (6.5-rc4)
 CVE-2023-27853 (NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a format s ...)
@@ -24991,7 +24991,7 @@ CVE-2023-1077 (In the Linux kernel, pick_next_rt_entity() may return a type conf
 	NOTE: https://git.kernel.org/linus/7c4a5b89a0b5a57a64b601775b296abf77a9fe97
 	NOTE: https://www.openwall.com/lists/oss-security/2023/03/01/7
 CVE-2023-4194 (A flaw was found in the Linux kernel's TUN/TAP functionality. This iss ...)
-	- linux <unfixed>
+	- linux 6.4.11-1
 	NOTE: https://git.kernel.org/linus/9bc3047374d5bec163e83e743709e23753376f0c (6.5-rc5)
 	NOTE: https://git.kernel.org/linus/5c9241f3ceab3257abe2923a59950db0dc8bb737 (6.5-rc5)
 CVE-2023-1076 (A flaw was found in the Linux Kernel. The tun/tap sockets have their s ...)
@@ -55673,7 +55673,7 @@ CVE-2023-20590
 CVE-2023-20589 (An attacker with specialized hardware and physical access to an impact ...)
 	NOT-FOR-US: AMD
 CVE-2023-20588 (A division-by-zero error on some AMD processors can potentially return ...)
-	- linux <unfixed>
+	- linux 6.4.11-1
 	NOTE: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7007.html
 	NOTE: https://git.kernel.org/linus/77245f1c3c6495521f6a3af082696ee2f8ce3921
 CVE-2023-20587



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9eca932c04e75517fa3f86ce50bb5b98c425ff3f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9eca932c04e75517fa3f86ce50bb5b98c425ff3f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230817/f88da418/attachment.htm>
