[Git][security-tracker-team/security-tracker][master] Track fixed version for linux issues fixed via unstable

Thu Aug 31 21:57:21 BST 2023


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cd118f1f by Salvatore Bonaccorso at 2023-08-31T22:55:28+02:00
Track fixed version for linux issues fixed via unstable

For CVE-2023-20588 the version is bumped to 6.4.13-1 to conver the
correct fix in a followup.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -633,14 +633,14 @@ CVE-2023-34724 (An issue was discovered in TECHView LA5570 Wireless Gateway 1.0.
 CVE-2023-32457 (Dell PowerScale OneFS, versions 8.2.2.x-9.5.0.x, contains an improper  ...)
 	NOT-FOR-US: Dell
 CVE-2023-4569 (A memory leak flaw was found in nft_set_catchall_flush in net/netfilte ...)
-	- linux <unfixed>
+	- linux 6.4.13-1
 	NOTE: https://git.kernel.org/linus/90e5b3462efa37b8bba82d7c4e63683856e188af (6.5-rc7)
 CVE-2023-4567
 	- ansible <undetermined>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2235369
 	TODO: check, no upstream information provided in RHBZ#2235369
 CVE-2023-4563 [Use-after-free in nft_verdict_dump due to a race between set GC and transaction]
-	- linux <unfixed>
+	- linux 6.4.13-1
 	NOTE: https://lore.kernel.org/netdev/20230810070830.24064-1-pablo@netfilter.org/
 	NOTE: https://lore.kernel.org/netdev/20230815223011.7019-1-fw@strlen.de/
 CVE-2023-41109 (SmartNode SN200 (aka SN200) 3.21.2-23021 allows unauthenticated OS Com ...)
@@ -5048,11 +5048,11 @@ CVE-2023-2640 (On Ubuntu kernels carrying both c914c0e27eb0 and "UBUNTU: SAUCE:
 CVE-2023-2626 (There exists an authentication bypass vulnerability in OpenThread bord ...)
 	NOT-FOR-US: OpenThread
 CVE-2023-3773 (A flaw was found in the Linux kernel\u2019s IP framework for transform ...)
-	- linux <unfixed>
+	- linux 6.4.13-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://lore.kernel.org/all/20230723074110.3705047-1-linma@zju.edu.cn/T/#u
 CVE-2023-3772 (A flaw was found in the Linux kernel\u2019s IP framework for transform ...)
-	- linux <unfixed>
+	- linux 6.4.13-1
 	NOTE: https://lore.kernel.org/netdev/20230721145103.2714073-1-linma@zju.edu.cn/
 	NOTE: https://www.openwall.com/lists/oss-security/2023/08/10/1
 CVE-2023-37895 (Java object deserialization issue in Jackrabbit webapp/standalone on a ...)
@@ -57707,7 +57707,7 @@ CVE-2023-20589 (An attacker with specialized hardware and physical access to an
 	NOT-FOR-US: AMD
 CVE-2023-20588 (A division-by-zero error on some AMD processors can potentially return ...)
 	{DSA-5480-1}
-	- linux 6.4.11-1
+	- linux 6.4.13-1
 	NOTE: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7007.html
 	NOTE: https://git.kernel.org/linus/77245f1c3c6495521f6a3af082696ee2f8ce3921
 CVE-2023-20587



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd118f1f5a260ef7dd8fccb53e4c6d0bea6de4b8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd118f1f5a260ef7dd8fccb53e4c6d0bea6de4b8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230831/35533536/attachment.htm>
