Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9fd0a2f9 by Salvatore Bonaccorso at 2019-06-05T13:52:51Z
Update severity/status for some linux CVEs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -266,11 +266,15 @@ CVE-2019-12603
CVE-2019-12602
RESERVED
CVE-2019-12615 (An issue was discovered in get_vdev_port_node_info in
arch/sparc/kerne ...)
- - linux <unfixed>
+ - linux <unfixed> (unimportant)
NOTE:
https://git.kernel.org/linus/80caf43549e7e41a695c6d1e11066286538b336f
+ NOTE: This is a potential null pointer dereference that looks like it
can
+ NOTE: only be invoked by root or the hypervisor. Probably no security
impact.
CVE-2019-12614 (An issue was discovered in dlpar_parse_cc_property in
arch/powerpc/pla ...)
- - linux <unfixed>
+ - linux <unfixed> (unimportant)
NOTE: https://lkml.org/lkml/2019/6/3/526
+ NOTE: This is a potential null pointer dereference that looks like it
can
+ NOTE: only be invoked by root or the hypervisor. Probably no security
impact.
CVE-2019-12601
RESERVED
CVE-2019-12600
@@ -580,7 +584,8 @@ CVE-2019-12589 (In Firejail before 0.9.60, seccomp filters
are writable inside t
CVE-2019-12456 (An issue was discovered in the MPT3COMMAND case in
_ctl_ioctl_main in ...)
- linux <unfixed>
CVE-2019-12455 (An issue was discovered in sunxi_divs_clk_setup in
drivers/clk/sunxi/c ...)
- - linux <unfixed>
+ - linux <unfixed> (unimportant)
+ NOTE: No/negligible security impact
CVE-2019-12454 (An issue was discovered in wcd9335_codec_enable_dec in
sound/soc/codec ...)
- linux <not-affected> (Vulnerable code not present, introduced in
5.1-rc1)
CVE-2019-12453
@@ -775,15 +780,20 @@ CVE-2019-12383 (Tor Browser before 8.0.1 has an
information exposure vulnerabili
NOTE: https://trac.torproject.org/projects/tor/ticket/24056
NOTE: This affects Firefox, but it's not a security issue in Firefox by
itself
CVE-2019-12382 (An issue was discovered in drm_load_edid_firmware in
drivers/gpu/drm/d ...)
- - linux <unfixed>
+ - linux <unfixed> (unimportant)
+ NOTE: Issue with no security impact, see kernel-sec, invalid issue
CVE-2019-12381 (An issue was discovered in ip_ra_control in
net/ipv4/ip_sockglue.c in ...)
- - linux <unfixed>
+ - linux <unfixed> (unimportant)
+ NOTE: Issue with no security impact, see kernel-sec, invalid issue
CVE-2019-12380 (An issue was discovered in the efi subsystem in the Linux
kernel throu ...)
- - linux <unfixed>
+ - linux <unfixed> (unimportant)
+ NOTE: So security impact, all code involved runs at boot before
userland starts
CVE-2019-12379 (An issue was discovered in con_insert_unipair in
drivers/tty/vt/consol ...)
- - linux <unfixed>
+ - linux <unfixed> (unimportant)
+ NOTE: No real security issue and fix introduces real security issue,
see kernel-sec
CVE-2019-12378 (An issue was discovered in ip6_ra_control in
net/ipv6/ipv6_sockglue.c ...)
- - linux <unfixed>
+ - linux <unfixed> (unimportant)
+ NOTE: Issue with no security impact, see kernel-sec, invalid issue
CVE-2019-12377 (A vulnerable upl/async_upload.asp web API endpoint in Ivanti
LANDESK M ...)
NOT-FOR-US: LANDESK
CVE-2019-12376 (Use of a hard-coded encryption key in Ivanti LANDESK
Management Suite ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9fd0a2f9b8e0f3199263d0e9d92ba67103321736
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9fd0a2f9b8e0f3199263d0e9d92ba67103321736
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
