[Git][security-tracker-team/security-tracker][master] Track fixed version for linux issues fixed via unstable
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Aug 31 21:57:21 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cd118f1f by Salvatore Bonaccorso at 2023-08-31T22:55:28+02:00
Track fixed version for linux issues fixed via unstable
For CVE-2023-20588 the version is bumped to 6.4.13-1 to conver the
correct fix in a followup.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -633,14 +633,14 @@ CVE-2023-34724 (An issue was discovered in TECHView LA5570 Wireless Gateway 1.0.
CVE-2023-32457 (Dell PowerScale OneFS, versions 8.2.2.x-9.5.0.x, contains an improper ...)
NOT-FOR-US: Dell
CVE-2023-4569 (A memory leak flaw was found in nft_set_catchall_flush in net/netfilte ...)
- - linux <unfixed>
+ - linux 6.4.13-1
NOTE: https://git.kernel.org/linus/90e5b3462efa37b8bba82d7c4e63683856e188af (6.5-rc7)
CVE-2023-4567
- ansible <undetermined>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2235369
TODO: check, no upstream information provided in RHBZ#2235369
CVE-2023-4563 [Use-after-free in nft_verdict_dump due to a race between set GC and transaction]
- - linux <unfixed>
+ - linux 6.4.13-1
NOTE: https://lore.kernel.org/netdev/20230810070830.24064-1-pablo@netfilter.org/
NOTE: https://lore.kernel.org/netdev/20230815223011.7019-1-fw@strlen.de/
CVE-2023-41109 (SmartNode SN200 (aka SN200) 3.21.2-23021 allows unauthenticated OS Com ...)
@@ -5048,11 +5048,11 @@ CVE-2023-2640 (On Ubuntu kernels carrying both c914c0e27eb0 and "UBUNTU: SAUCE:
CVE-2023-2626 (There exists an authentication bypass vulnerability in OpenThread bord ...)
NOT-FOR-US: OpenThread
CVE-2023-3773 (A flaw was found in the Linux kernel\u2019s IP framework for transform ...)
- - linux <unfixed>
+ - linux 6.4.13-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://lore.kernel.org/all/20230723074110.3705047-1-linma@zju.edu.cn/T/#u
CVE-2023-3772 (A flaw was found in the Linux kernel\u2019s IP framework for transform ...)
- - linux <unfixed>
+ - linux 6.4.13-1
NOTE: https://lore.kernel.org/netdev/20230721145103.2714073-1-linma@zju.edu.cn/
NOTE: https://www.openwall.com/lists/oss-security/2023/08/10/1
CVE-2023-37895 (Java object deserialization issue in Jackrabbit webapp/standalone on a ...)
@@ -57707,7 +57707,7 @@ CVE-2023-20589 (An attacker with specialized hardware and physical access to an
NOT-FOR-US: AMD
CVE-2023-20588 (A division-by-zero error on some AMD processors can potentially return ...)
{DSA-5480-1}
- - linux 6.4.11-1
+ - linux 6.4.13-1
NOTE: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7007.html
NOTE: https://git.kernel.org/linus/77245f1c3c6495521f6a3af082696ee2f8ce3921
CVE-2023-20587
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd118f1f5a260ef7dd8fccb53e4c6d0bea6de4b8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd118f1f5a260ef7dd8fccb53e4c6d0bea6de4b8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230831/35533536/attachment.htm>
More information about the debian-security-tracker-commits
mailing list