Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
491e0961 by Salvatore Bonaccorso at 2019-04-27T08:34:06Z
Merge changes for stretch and linux/4.9.168-1
- - - - -
2 changed files:
- data/CVE/list
- data/next-point-update.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -3371,6 +3371,7 @@ CVE-2019-10125 (An issue was discovered in aio_poll() in
fs/aio.c in the Linux k
NOTE:
https://git.kernel.org/linus/84c4e1f89fefe70554da0ab33be72c9be7994379
CVE-2019-10124 (An issue was discovered in the hwpoison implementation in
mm/memory-fa ...)
- linux <unfixed>
+ [stretch] - linux 4.9.168-1
[jessie] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/46612b751c4941c5c0472ddf04027e877ae5990f
CVE-2019-10123
@@ -6337,6 +6338,7 @@ CVE-2019-9214 (In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to
2.6.6, the RPCAP dissec
CVE-2019-9213 (In the Linux kernel before 4.20.14, expand_downwards in
mm/mmap.c lack ...)
{DLA-1731-1}
- linux 4.19.28-1
+ [stretch] - linux 4.9.168-1
NOTE: Fixed by:
https://git.kernel.org/linus/0a1d52994d440e21def1c2174932410b4f2a98a1 (5.0)
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1792
CVE-2019-9212 (SOFA-Hessian through 4.0.2 allows remote attackers to execute
arbitrar ...)
@@ -7092,6 +7094,7 @@ CVE-2018-1002161 [SQL injection in multiple remote calls]
NOTE: https://pagure.io/koji/issue/1183
CVE-2019-8980 (A memory leak in the kernel_read_file function in fs/exec.c in
the Lin ...)
- linux 4.19.28-1
+ [stretch] - linux 4.9.168-1
[jessie] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://lore.kernel.org/lkml/[email protected]/
NOTE:
https://lore.kernel.org/lkml/[email protected]/
@@ -20061,10 +20064,12 @@ CVE-2019-3461 (Debian tmpreaper version 1.6.13+nmu1
has a race condition when do
- tmpreaper 1.6.14 (bug #918956)
CVE-2019-3460 (A heap data infoleak in multiple locations including
L2CAP_PARSE_CONF_ ...)
- linux <unfixed>
+ [stretch] - linux 4.9.168-1
NOTE:
https://lore.kernel.org/linux-bluetooth/[email protected]/
NOTE:
https://git.kernel.org/linus/af3d5d1c87664a4f150fcf3534c6567cb19909b0
CVE-2019-3459 (A heap address information leak while using L2CAP_GET_CONF_OPT
was dis ...)
- linux <unfixed>
+ [stretch] - linux 4.9.168-1
NOTE:
https://lore.kernel.org/linux-bluetooth/[email protected]/
NOTE:
https://git.kernel.org/linus/7c9cbd0b5e38a1672fcd137894ace3b042dfbf69
CVE-2019-3458
=====================================
data/next-point-update.txt
=====================================
@@ -10,16 +10,6 @@ CVE-2018-1000872
[stretch] - python-pykmip 0.5.0-4+deb9u1
CVE-2019-7443
[stretch] - kauth 5.28.0-2+deb9u1
-CVE-2019-9213
- [stretch] - linux 4.9.168-1
-CVE-2019-8980
- [stretch] - linux 4.9.168-1
-CVE-2019-10124
- [stretch] - linux 4.9.168-1
-CVE-2019-3459
- [stretch] - linux 4.9.168-1
-CVE-2019-3460
- [stretch] - linux 4.9.168-1
CVE-2018-7998
[stretch] - vips 8.4.5-1+deb9u1
CVE-2019-6976
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/491e09619bb3e8bec9962261a048ca3a4ab7de4c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/491e09619bb3e8bec9962261a048ca3a4ab7de4c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
