Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
61a409a6 by Salvatore Bonaccorso at 2018-04-18T07:17:04+02:00
Sync status for some CVEs with kernel-sec
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -227,9 +227,15 @@ CVE-2018-10088
RESERVED
CVE-2018-10124 (The kill_something_info function in kernel/signal.c in the
Linux kernel ...)
- linux 4.13.4-1
+ [stretch] - linux <ignored> (Minor issue)
+ [jessie] - linux <ignored> (Minor issue)
+ [wheezy] - linux <ignored> (Minor issue)
NOTE: Fixed by:
https://git.kernel.org/linus/4ea77014af0d6205b05503d1c7aac6eace11d473 (4.13-rc1)
CVE-2018-10087 (The kernel_wait4 function in kernel/exit.c in the Linux kernel
before ...)
- linux 4.13.4-1
+ [stretch] - linux <ignored> (Minor issue)
+ [jessie] - linux <ignored> (Minor issue)
+ [wheezy] - linux <ignored> (Minor issue)
NOTE: Fixed by:
https://git.kernel.org/linus/dd83c161fbcc5d8be637ab159c0de015cbff5ba4 (4.13-rc1)
CVE-2018-10086 (CMS Made Simple (CMSMS) through 2.2.7 contains an arbitrary
code ...)
NOT-FOR-US: CMS Made Simple
@@ -280,7 +286,7 @@ CVE-2018-10063 (The Convert Forms extension before 2.0.4
for Joomla! is vulnerab
CVE-2018-10062
RESERVED
CVE-2018-10074 (The hi3660_stub_clk_probe function in ...)
- - linux <unfixed>
+ - linux <not-affected> (Vulnerable code introduced later)
NOTE: Fixed by:
https://git.kernel.org/linus/9903e41ae1f5d50c93f268ca3304d4d7c64b9311 (4.16-rc7)
CVE-2018-10061 (Cacti before 1.1.37 has XSS because it makes certain
htmlspecialchars ...)
- cacti 1.1.37+ds1-1
@@ -2351,7 +2357,7 @@ CVE-2018-9154
CVE-2018-9153 (The plugin upload component in Z-BlogPHP 1.5.1 allows remote
attackers ...)
NOT-FOR-US: Z-BlogPHP
CVE-2017-18255 (The perf_cpu_time_max_percent_handler function in
kernel/events/core.c ...)
- - linux 4.11.6-1
+ - linux 4.11.6-1 (unimportant)
NOTE:
https://git.kernel.org/linus/1572e45a924f254d9570093abde46430c3172e3d
CVE-2015-9259 (In Docker Notary before 0.1, the checkRoot function in ...)
- notary 0.1~ds1-1
@@ -24347,6 +24353,8 @@ CVE-2018-1092 (The ext4_iget function in
fs/ext4/inode.c in the Linux kernel thr
CVE-2018-1091 (In the flush_tmregs_to_thread function in
arch/powerpc/kernel/ptrace.c ...)
- linux 4.13.10-1
[stretch] - linux 4.9.65-1
+ [jessie] - linux <not-affected> (Hardware not supported; POWER9 support
missing)
+ [wheezy] - linux <not-affected> (Hardware not supported)
NOTE: Fixed by:
https://git.kernel.org/linus/c1fa0768a8713b135848f78fd43ffc208d8ded70
CVE-2018-1090
RESERVED
@@ -33361,6 +33369,8 @@ CVE-2017-15117
REJECTED
CVE-2017-15116 (The rngapi_reset function in crypto/rng.c in the Linux kernel
before ...)
- linux 4.2.1-1
+ [jessie] - linux <not-affected> (Vulnerable code not present)
+ [wheezy] - linux <not-affected> (Vulnerable code not present)
CVE-2017-15115 (The sctp_do_peeloff function in net/sctp/socket.c in the Linux
kernel ...)
{DLA-1200-1}
- linux 4.13.13-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/61a409a68f9e22ca422af525f9b51da763433042
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/61a409a68f9e22ca422af525f9b51da763433042
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
