Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
128b5963 by Salvatore Bonaccorso at 2019-05-06T11:37:51Z
Sync fixed version for some CVEs for src:linux with kernel-sec
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -393,7 +393,7 @@ CVE-2019-11627 (gpg-key2ps in signing-party 1.1.x and 2.x
before 2.10-1 contains
[stretch] - signing-party <no-dsa> (Will be fixed via point release)
NOTE:
https://salsa.debian.org/signing-party-team/signing-party/commit/cd69b6c0426a6160ef3de03fce9c7f112166d5a8
CVE-2019-11599 (The coredump implementation in the Linux kernel before 5.0.10
does not ...)
- - linux <unfixed>
+ - linux 4.19.37-1
NOTE: https://marc.info/?l=linux-mm&m=155355419911404&w=2
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1790
CVE-2019-11598 (In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer
over-read in ...)
@@ -671,11 +671,11 @@ CVE-2019-11489 (Incorrect Access Control in the
Administrative Management Interf
CVE-2019-11488 (Incorrect Access Control in the Account Access / Password
Reset Link i ...)
NOT-FOR-US: SimplyBook.me Enterprise
CVE-2019-11487 (The Linux kernel before 5.1-rc5 allows page->_refcount
reference co ...)
- - linux <unfixed>
+ - linux 4.19.37-1
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1752
NOTE: https://lwn.net/Articles/786044/
CVE-2019-11486 (The Siemens R3964 line discipline driver in
drivers/tty/n_r3964.c in t ...)
- - linux <unfixed>
+ - linux 4.19.37-1
NOTE:
https://git.kernel.org/linus/c7084edc3f6d67750f50d4183134c4fb5712a5c8
NOTE: Upstream commits marks driver as BROKEN and can be considered
fixed starting
NOTE: from versions including this commit (or backport) or versions
which disable
@@ -3914,7 +3914,7 @@ CVE-2019-10126
CVE-2017-18364 (phpFK lite has XSS via the faq.php, members.php, or search.php
query s ...)
NOT-FOR-US: phpFK
CVE-2019-10125 (An issue was discovered in aio_poll() in fs/aio.c in the Linux
kernel ...)
- - linux <unfixed>
+ - linux 4.19.37-1
[stretch] - linux <not-affected> (Vulnerable code introduced later)
[jessie] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://patchwork.kernel.org/patch/10828359/
@@ -5258,7 +5258,7 @@ CVE-2019-9848
CVE-2019-9847
RESERVED
CVE-2019-9857 (In the Linux kernel through 5.0.2, the function
inotify_update_existin ...)
- - linux <unfixed>
+ - linux 4.19.37-1
[stretch] - linux <not-affected> (Vulnerable code not present)
[jessie] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/62c9d2674b31d4c8a674bee86b7edc6da2803aea
@@ -19474,7 +19474,7 @@ CVE-2019-3889
CVE-2019-3888
RESERVED
CVE-2019-3887 (A flaw was found in the way KVM hypervisor handled x2APIC
Machine Spec ...)
- - linux <unfixed>
+ - linux 4.19.37-1
[stretch] - linux <not-affected> (Vulnerability introduced later)
[jessie] - linux <not-affected> (Vulnerability introduced later)
NOTE: Fixed by:
https://git.kernel.org/linus/acff78477b9b4f26ecdf65733a4ed77fe837e9dc
@@ -19509,7 +19509,7 @@ CVE-2019-3883 (In 389-ds-base up to version 1.4.1.2,
requests are handled by wor
NOTE: https://pagure.io/389-ds-base/c/fcf2b5ddb (389-ds-base-1.4.0)
NOTE: https://pagure.io/389-ds-base/c/dd4b69b55 (389-ds-base-1.3.9)
CVE-2019-3882 (A flaw was found in the Linux kernel's vfio interface
implementation t ...)
- - linux <unfixed>
+ - linux 4.19.37-1
NOTE: https://www.openwall.com/lists/oss-security/2019/04/03/1
NOTE:
https://lore.kernel.org/lkml/[email protected]/T/#u
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1689426
@@ -20677,13 +20677,13 @@ CVE-2019-3461 (Debian tmpreaper version 1.6.13+nmu1
has a race condition when do
- tmpreaper 1.6.14 (bug #918956)
CVE-2019-3460 (A heap data infoleak in multiple locations including
L2CAP_PARSE_CONF_ ...)
{DLA-1771-1}
- - linux <unfixed>
+ - linux 4.19.37-1
[stretch] - linux 4.9.168-1
NOTE:
https://lore.kernel.org/linux-bluetooth/[email protected]/
NOTE:
https://git.kernel.org/linus/af3d5d1c87664a4f150fcf3534c6567cb19909b0
CVE-2019-3459 (A heap address information leak while using L2CAP_GET_CONF_OPT
was dis ...)
{DLA-1771-1}
- - linux <unfixed>
+ - linux 4.19.37-1
[stretch] - linux 4.9.168-1
NOTE:
https://lore.kernel.org/linux-bluetooth/[email protected]/
NOTE:
https://git.kernel.org/linus/7c9cbd0b5e38a1672fcd137894ace3b042dfbf69
@@ -47959,11 +47959,11 @@ CVE-2018-12932 (PlayEnhMetaFileRecord in
enhmetafile.c in Wine 3.7 allows attack
NOTE:
https://source.winehq.org/git/wine.git/commit/8d2676fd14f130f9e8f06744743423168bf8d18d
NOTE:
https://source.winehq.org/git/wine.git/commit/b6da3547d8990c3c3affc3a5865aefd2a0946949
CVE-2018-12931 (ntfs_attr_find in the ntfs.ko filesystem driver in the Linux
kernel 4. ...)
- - linux <unfixed>
+ - linux 4.19.37-1
CVE-2018-12930 (ntfs_end_buffer_async_read in the ntfs.ko filesystem driver in
the Lin ...)
- - linux <unfixed>
+ - linux 4.19.37-1
CVE-2018-12929 (ntfs_read_locked_inode in the ntfs.ko filesystem driver in the
Linux k ...)
- - linux <unfixed>
+ - linux 4.19.37-1
CVE-2018-12928 (In the Linux kernel 4.15.0, a NULL pointer dereference was
discovered ...)
- linux <unfixed> (low)
[buster] - linux <ignored> (Minor issue)
@@ -165535,7 +165535,7 @@ CVE-2015-8554 (Buffer overflow in hw/pt-msi.c in Xen
4.6.x and earlier, when usi
[squeeze] - xen <end-of-life> (Unsupported in Squeeze LTS)
NOTE: http://xenbits.xen.org/xsa/advisory-164.html
CVE-2015-8553 (Xen allows guest OS users to obtain sensitive information from
uniniti ...)
- - linux <unfixed>
+ - linux 4.19.37-1
[stretch] - linux <ignored> (Intrusive; breaks qemu as used in Jessie;
cf. kernel-sec for more details)
[jessie] - linux <ignored> (Intrusive; breaks qemu as used in Jessie;
cf. kernel-sec for more details)
[wheezy] - linux <ignored> (Intrusive; breaks qemu as used in Wheezy;
cf. kernel-sec for more details)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/128b5963cab06af4f5a7bd898d9b259b418a07ca
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/128b5963cab06af4f5a7bd898d9b259b418a07ca
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
