[Git][security-tracker-team/security-tracker][master] Sync some Linux CVEs with kernel-sec
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Mar 11 06:34:47 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
391771c4 by Salvatore Bonaccorso at 2024-03-11T07:33:44+01:00
Sync some Linux CVEs with kernel-sec
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -750,9 +750,11 @@ CVE-2024-26623 (In the Linux kernel, the following vulnerability has been resolv
NOTE: https://git.kernel.org/linus/7e82a8745b951b1e794cc780d46f3fbee5e93447 (6.8-rc3)
CVE-2023-52607 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 6.7.7-1
+ [buster] - linux <ignored> (powerpc not supported in LTS)
NOTE: https://git.kernel.org/linus/f46c8a75263f97bda13c739ba1c90aced0d3b071 (6.8-rc1)
CVE-2023-52606 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 6.7.7-1
+ [buster] - linux <ignored> (powerpc not supported in LTS)
NOTE: https://git.kernel.org/linus/8f9abaa6d7de0a70fc68acaedce290c1f96e2e59 (6.8-rc1)
CVE-2023-52605 (In the Linux kernel, the following vulnerability has been resolved: A ...)
- linux 6.7.7-1
@@ -777,9 +779,11 @@ CVE-2023-52599 (In the Linux kernel, the following vulnerability has been resolv
NOTE: https://git.kernel.org/linus/49f9637aafa6e63ba686c13cb8549bf5e6920402 (6.8-rc1)
CVE-2023-52598 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.7.7-1
+ [buster] - linux <ignored> (s390 not supported in LTS)
NOTE: https://git.kernel.org/linus/8b13601d19c541158a6e18b278c00ba69ae37829 (6.8-rc1)
CVE-2023-52597 (In the Linux kernel, the following vulnerability has been resolved: K ...)
- linux 6.7.7-1
+ [buster] - linux <ignored> (s390 not supported in LTS)
NOTE: https://git.kernel.org/linus/b988b1bb0053c0dcd26187d29ef07566a565cf55 (6.8-rc1)
CVE-2023-52596 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.7.7-1
@@ -1748,6 +1752,8 @@ CVE-2023-52507 (In the Linux kernel, the following vulnerability has been resolv
CVE-2023-52506 (In the Linux kernel, the following vulnerability has been resolved: L ...)
- linux 6.5.6-1
[bookworm] - linux 6.1.64-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/b795fb9f5861ee256070d59e33130980a01fadd7 (6.6-rc3)
CVE-2023-52505 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 6.5.8-1
@@ -4450,6 +4456,7 @@ CVE-2023-52451 (In the Linux kernel, the following vulnerability has been resolv
- linux 6.6.15-1
[bookworm] - linux 6.1.76-1
[bullseye] - linux 5.10.209-1
+ [buster] - linux <ignored> (powerpc not supported in LTS)
NOTE: https://git.kernel.org/linus/bd68ffce69f6cf8ddd3a3c32549d1d2275e49fc5 (6.8-rc1)
CVE-2023-52452 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.6.15-1
@@ -9727,7 +9734,7 @@ CVE-2023-52340 [ipv6: remove max_size check inline with ipv4]
[bullseye] - linux 5.10.209-1
NOTE: https://git.kernel.org/linus/af6d10345ca76670c1b7c37799f0d5576ccef277 (6.3-rc1)
CVE-2024-0841 (A null pointer dereference flaw was found in the hugetlbfs_fill_super ...)
- - linux <unfixed>
+ - linux 6.6.7-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2256490
NOTE: https://lore.kernel.org/all/20240130210418.3771-1-osalvador@suse.de/T/#u
@@ -10621,10 +10628,10 @@ CVE-2024-0804 (Insufficient policy enforcement in iOS Security UI in Google Chro
CVE-2024-23854
REJECTED
CVE-2024-23851 (copy_params in drivers/md/dm-ioctl.c in the Linux kernel through 6.7.1 ...)
- - linux <unfixed>
+ - linux 6.6.7-1
NOTE: https://www.spinics.net/lists/dm-devel/msg56574.html
CVE-2024-23850 (In btrfs_get_root_ref in fs/btrfs/disk-io.c in the Linux kernel throug ...)
- - linux <unfixed>
+ - linux 6.6.7-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://lore.kernel.org/all/6a80cb4b32af89787dadee728310e5e2ca85343f.1705741883.git.wqu%40suse.com/
CVE-2024-23849 (In rds_recv_track_latency in net/rds/af_rds.c in the Linux kernel thro ...)
@@ -19263,13 +19270,17 @@ CVE-2023-XXXX [RCE vulnerability in WP_HTML_Token class]
NOTE: https://wordpress.org/documentation/wordpress-version/version-6-4-2/#installation-update-information
NOTE: https://www.wordfence.com/blog/2023/12/psa-critical-pop-chain-allowing-remote-code-execution-patched-in-wordpress-6-4-2/
CVE-2023-6536 (A flaw was found in the Linux kernel's NVMe driver. This issue may all ...)
- - linux <unfixed>
+ - linux 6.6.15-1
+ [bookworm] - linux 6.1.76-1
+ [bullseye] - linux 5.10.209-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2254052
CVE-2023-6535 (A flaw was found in the Linux kernel's NVMe driver. This issue may all ...)
- linux <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2254053
CVE-2023-6356 (A flaw was found in the Linux kernel's NVMe driver. This issue may all ...)
- - linux <unfixed>
+ - linux 6.6.15-1
+ [bookworm] - linux 6.1.76-1
+ [bullseye] - linux 5.10.209-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2254054
CVE-2023-39804 [Incorrectly handled extension attributes in PAX archives can lead to a crash]
{DLA-3755-1}
@@ -42492,7 +42503,7 @@ CVE-2023-3642 (A vulnerability was found in GZ Scripts Vacation Rental Website 1
CVE-2023-3641 (A vulnerability has been found in khodakhah NodCMS 3.4.1 and classifie ...)
NOT-FOR-US: khodakhah NodCMS
CVE-2023-3640 (A possible unauthorized memory access flaw was found in the Linux kern ...)
- - linux <unfixed>
+ - linux <unfixed> (unimportant)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2217523
CVE-2023-3635 (GzipSource does not handle an exception that might be raised when pars ...)
- okio <not-affected> (Doesn't ship Kotlin variant yet)
@@ -61502,7 +61513,8 @@ CVE-2023-1193 (A use-after-free flaw was found in setup_async_work in the KSMBD
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2154177
NOTE: https://git.kernel.org/linus/3a9b557f44ea8f216aab515a7db20e23f0eb51b9 (6.3-rc6)
CVE-2023-1192 (A use-after-free flaw was found in smb2_is_status_io_timeout() in CIFS ...)
- - linux <unfixed>
+ - linux 6.5.6-1
+ [bookworm] - linux 6.1.64-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2154178
CVE-2023-1191 (A vulnerability classified as problematic has been found in fastcms. T ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/391771c4c2df51764eb95239ef9a56c966b5a733
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/391771c4c2df51764eb95239ef9a56c966b5a733
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240311/9ef56c62/attachment.htm>
More information about the debian-security-tracker-commits
mailing list