[Git][security-tracker-team/security-tracker][master] Track fixed version for some linux CVEs with unstable upload
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Jun 12 07:48:01 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a3b0ab39 by Salvatore Bonaccorso at 2023-06-12T08:47:29+02:00
Track fixed version for some linux CVEs with unstable upload
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -13,7 +13,7 @@ CVE-2023-3184 (A vulnerability was found in SourceCodester Sales Tracker Managem
CVE-2023-3183 (A vulnerability was found in SourceCodester Performance Indicator Syst ...)
NOT-FOR-US: SourceCodester Performance Indicator System
CVE-2023-3141 (A use-after-free flaw was found in r592_remove in drivers/memstick/hos ...)
- - linux <unfixed>
+ - linux 6.3.7-1
NOTE: https://git.kernel.org/linus/63264422785021704c39b38f65a78ab9e4a186d7 (6.4-rc1)
CVE-2023-34856 (A Cross Site Scripting (XSS) vulnerability in D-Link DI-7500G-CI-19.05 ...)
NOT-FOR-US: D-Link
@@ -1087,7 +1087,7 @@ CVE-2023-34258 (An issue was discovered in BMC Patrol before 22.1.00. The agent'
CVE-2023-34257 (An issue was discovered in BMC Patrol through 23.1.00. The agent's con ...)
NOT-FOR-US: BMC Patrol
CVE-2023-34256 (An issue was discovered in the Linux kernel before 6.3.3. There is an ...)
- - linux <unfixed>
+ - linux 6.3.7-1
NOTE: https://git.kernel.org/linus/4f04351888a83e595571de672e0a4a8b74f4fb31 (6.4-rc2)
CVE-2023-34255
REJECTED
@@ -1164,7 +1164,7 @@ CVE-2023-2758 (A denial of service vulnerability exists in Contec CONPROSYS HMI
CVE-2023-2749 (Download Center fails to properly validate the file path submitted by ...)
NOT-FOR-US: ASUSTOR
CVE-2022-48502 (An issue was discovered in the Linux kernel before 6.2. The ntfs3 subs ...)
- - linux <unfixed> (unimportant)
+ - linux 6.3.7-1 (unimportant)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/0e8235d28f3a0e9eda9f02ff67ee566d5f42b66b (6.2-rc1)
@@ -2761,13 +2761,13 @@ CVE-2023-2458 (Use after free in ChromeOS Camera in Google Chrome on ChromeOS pr
CVE-2023-2457 (Out of bounds write in ChromeOS Audio Server in Google Chrome on Chrom ...)
NOT-FOR-US: Google Chrome on ChromeOS
CVE-2023-32254
- - linux <unfixed>
+ - linux 6.3.7-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/30210947a343b6b3ca13adc9bfc88e1543e16dd5 (6.4-rc1)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-CAN-20592/
CVE-2023-32250
- - linux <unfixed>
+ - linux 6.3.7-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/f5c779b7ddbda30866cf2a27c63e34158f858c73 (6.4-rc1)
@@ -3371,7 +3371,7 @@ CVE-2015-10105 (A vulnerability, which was classified as critical, was found in
CVE-2015-10104 (A vulnerability, which was classified as problematic, has been found i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-2430 [io_uring/msg_ring: fix missing lock on overflow for IOPOLL]
- - linux <unfixed>
+ - linux 6.3.7-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/e12d7a46f65ae4b7d58a5e0c1cbfa825cf8d830d (6.2-rc5)
CVE-2023-2429 (Improper Access Control in GitHub repository thorsten/phpmyfaq prior t ...)
@@ -4026,7 +4026,7 @@ CVE-2023-24476 (An attacker with local access to the machine could record the tr
CVE-2023-2270
RESERVED
CVE-2023-2269 (A denial of service problem was found, due to a possible recursive loc ...)
- - linux <unfixed>
+ - linux 6.3.7-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2189388
CVE-2023-2268
RESERVED
@@ -4164,7 +4164,7 @@ CVE-2023-31085 (An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux k
NOTE: https://lore.kernel.org/all/687864524.118195.1681799447034.JavaMail.zimbra@nod.at/
NOTE: Negligible security impact
CVE-2023-31084 (An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in th ...)
- - linux <unfixed>
+ - linux 6.3.7-1
NOTE: https://lore.kernel.org/all/CA+UBctCu7fXn4q41O_3=id1+OdyQ85tZY1x+TkT-6OVBL6KAUw@mail.gmail.com/
CVE-2023-31083 (An issue was discovered in drivers/bluetooth/hci_ldisc.c in the Linux ...)
- linux <unfixed>
@@ -4788,7 +4788,7 @@ CVE-2023-2177 (A null pointer dereference issue was found in the sctp network pr
NOTE: https://lore.kernel.org/netdev/CADvbK_dWMO0XdAf950Q14pUv99ahS1MRnOtppvosU2w33sO=kw@mail.gmail.com/T/
NOTE: https://git.kernel.org/linus/181d8d2066c000ba0a0e6940a7ad80f1a0e68e9d (5.19)
CVE-2023-2176 (A vulnerability was found in compare_netdev_and_ip in drivers/infiniba ...)
- - linux <unfixed>
+ - linux 6.3.7-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://lkml.org/lkml/2022/12/9/178
@@ -5130,7 +5130,7 @@ CVE-2023-2126
CVE-2023-2125
RESERVED
CVE-2023-2124 (An out-of-bounds memory access flaw was found in the Linux kernel\u201 ...)
- - linux <unfixed>
+ - linux 6.3.7-1
NOTE: https://www.openwall.com/lists/oss-security/2023/04/19/2
NOTE: https://lore.kernel.org/linux-xfs/20230412214034.GL3223426@dread.disaster.area/T/#m1ebbcd1ad061d2d33bef6f0534a2b014744d152d
NOTE: https://git.kernel.org/linus/22ed903eee23a5b174e240f1cdfa9acf393a5210 (6.4-rc1)
@@ -12467,7 +12467,7 @@ CVE-2023-1410 (Grafana is an open-source platform for monitoring and observabili
CVE-2023-1409
RESERVED
CVE-2022-48425 (In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfr ...)
- - linux <unfixed> (unimportant)
+ - linux 6.3.7-1 (unimportant)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/98bea253aa28ad8be2ce565a9ca21beb4a9419e5 (6.4-rc1)
@@ -22834,7 +22834,7 @@ CVE-2023-0599 (Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a sto
CVE-2023-0598 (GE Digital Proficy iFIX 2022, GE Digital Proficy iFIX v6.1, and GE Dig ...)
NOT-FOR-US: GE
CVE-2023-0597 (A flaw possibility of memory leak in the Linux kernel cpu_entry_area m ...)
- - linux <unfixed>
+ - linux 6.3.7-1
NOTE: https://git.kernel.org/linus/97e3d26b5e5f371b3ee223d94dd123e6c442ba80 (6.2-rc1)
CVE-2023-0596
RESERVED
@@ -28182,7 +28182,7 @@ CVE-2023-23006 (In the Linux kernel before 5.15.13, drivers/net/ethernet/mellano
[buster] - linux <not-affected> (Vulnerble code not present)
NOTE: https://git.kernel.org/linus/6b8b42585886c59a008015083282aae434349094 (5.16-rc8)
CVE-2023-23005 (In the Linux kernel before 6.2, mm/memory-tiers.c misinterprets the al ...)
- - linux <unfixed>
+ - linux 6.3.7-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerble code not present)
NOTE: https://git.kernel.org/linus/4a625ceee8a0ab0273534cb6b432ce6b331db5ee (6.2-rc1)
@@ -39362,7 +39362,7 @@ CVE-2022-45890 (In Planet eStream before 6.72.10.07, a Reflected Cross-Site Scri
CVE-2022-45889 (Planet eStream before 6.72.10.07 allows a remote attacker (who is a pu ...)
NOT-FOR-US: Planet eStream
CVE-2022-45888 (An issue was discovered in the Linux kernel through 6.0.9. drivers/cha ...)
- - linux <unfixed> (unimportant)
+ - linux 6.3.7-1 (unimportant)
[bullseye] - linux <not-affected> (Vulnerable code introduced later)
[buster] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://lore.kernel.org/all/20221022175404.GA375335@ubuntu/
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a3b0ab39bc971a8152c5d339e6543a3a928141d5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a3b0ab39bc971a8152c5d339e6543a3a928141d5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230612/2a178086/attachment.htm>
More information about the debian-security-tracker-commits
mailing list