Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d886b0ad by Salvatore Bonaccorso at 2019-08-05T12:26:46Z
Add fixed version for linux CVEs via unstable upload
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1482,10 +1482,10 @@ CVE-2015-9288 (The Unity Web Player plugin before
4.6.6f2 and 5.x before 5.0.3f2
CVE-2019-1000033
REJECTED
CVE-2019-14284 (In the Linux kernel before 5.2.3, drivers/block/floppy.c
allows a deni ...)
- - linux <unfixed>
+ - linux 5.2.6-1
NOTE: Fixed by:
https://git.kernel.org/linus/f3554aeb991214cbfafd17d55e2bfddb50282e32
CVE-2019-14283 (In the Linux kernel before 5.2.3, set_geometry in
drivers/block/floppy ...)
- - linux <unfixed>
+ - linux 5.2.6-1
NOTE: Fixed by:
https://git.kernel.org/linus/da99466ac243f15fbba65bd261bfc75ffa1532b6
CVE-2019-1020019 (invenio-previewer before 1.0.0a12 allows XSS. ...)
NOT-FOR-US: invenio-previewer
@@ -2908,7 +2908,7 @@ CVE-2019-13650
CVE-2019-13649
RESERVED
CVE-2019-13648 (In the Linux kernel through 5.2.1 on the powerpc platform,
when hardwa ...)
- - linux <unfixed>
+ - linux 5.2.6-1
NOTE: https://patchwork.ozlabs.org/patch/1133904/
CVE-2018-20856 (An issue was discovered in the Linux kernel before 4.18.7. In
block/bl ...)
- linux 4.18.8-1
@@ -2967,7 +2967,7 @@ CVE-2019-13633
CVE-2019-13632
RESERVED
CVE-2019-13631 (In parse_hid_report_descriptor in drivers/input/tablet/gtco.c
in the L ...)
- - linux <unfixed>
+ - linux 5.2.6-1
NOTE: https://patchwork.kernel.org/patch/11040813/
CVE-2019-13630
RESERVED
@@ -4401,7 +4401,7 @@ CVE-2019-13451
- xymon 4.3.29-1
NOTE: https://lists.xymon.com/archive/2019-July/046570.html
CVE-2019-XXXX [No grant table and foreign mapping limits]
- - linux <unfixed>
+ - linux 5.2.6-1
NOTE: https://xenbits.xen.org/xsa/advisory-300.html
CVE-2019-13450 (In the Zoom Client through 4.4.4 and RingCentral
7.0.136380.0312 on ma ...)
NOT-FOR-US: Zoom Client and RingCentral on MacOS
@@ -4939,7 +4939,7 @@ CVE-2019-13226 (deepin-clone before 1.1.3 uses a
predictable path /tmp/.deepin-c
CVE-2018-20850 (Stormshield Network Security 2.0.0 through 2.13.0 and 3.0.0
through 3. ...)
NOT-FOR-US: Stormshield Network Security
CVE-2019-13233 (In arch/x86/lib/insn-eval.c in the Linux kernel before 5.1.9,
there is ...)
- - linux <unfixed>
+ - linux 5.2.6-1
[stretch] - linux <not-affected> (Vulnerable code introduced later)
[jessie] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1879
@@ -5598,7 +5598,7 @@ CVE-2019-12986 (Citrix SD-WAN 10.2.x before 10.2.3 and
NetScaler SD-WAN 10.0.x b
CVE-2019-12985 (Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x
before ...)
NOT-FOR-US: Citrix and NetScaler SD-WAN
CVE-2019-12984 (A NULL pointer dereference vulnerability in the function
nfc_genl_deac ...)
- - linux <unfixed>
+ - linux 5.2.6-1
NOTE: Fixed by:
https://git.kernel.org/linus/385097a3675749cbc9e97c085c0e5dfe4269ca51
CVE-2019-12983
REJECTED
@@ -6048,7 +6048,7 @@ CVE-2019-12821 (A vulnerability was found in the app 2.0
of the Shenzhen Jisiwei
CVE-2019-12820 (A vulnerability was found in the app 2.0 of the Shenzhen
Jisiwei i3 ro ...)
NOT-FOR-US: app of the Shenzhen Jisiwei i3 robot vacuum cleaner
CVE-2019-12817 (arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel
before 5.1. ...)
- - linux <unfixed>
+ - linux 5.2.6-1
[stretch] - linux <not-affected> (Vulnerable code not present)
[jessie] - linux <not-affected> (Vulnerable code not present)
CVE-2019-12816 (Modules.cpp in ZNC before 1.7.4-rc1 allows remote
authenticated non-ad ...)
@@ -8572,7 +8572,7 @@ CVE-2019-11810 (An issue was discovered in the Linux
kernel before 5.0.7. A NULL
CVE-2019-11809 (An issue was discovered in Joomla! before 3.9.6. The debug
views of co ...)
NOT-FOR-US: Joomla!
CVE-2018-20836 (An issue was discovered in the Linux kernel before 4.20. There
is a ra ...)
- - linux <unfixed>
+ - linux 5.2.6-1
NOTE: Fixed by:
https://git.kernel.org/linus/b90cd6f2b905905fb42671009dc0e27c310a16ae
CVE-2019-11808 (Ratpack versions before 1.6.1 generate a session ID using a
cryptograp ...)
NOT-FOR-US: Ratpack
@@ -11808,7 +11808,7 @@ CVE-2019-10639 (The Linux kernel 4.x (starting from
4.1) and 5.x before 5.0.8 al
- linux 4.19.37-1
NOTE: https://arxiv.org/pdf/1906.10478.pdf
CVE-2019-10638 (In the Linux kernel before 5.1.7, a device can be tracked by
an attack ...)
- - linux <unfixed>
+ - linux 5.2.6-1
NOTE: https://arxiv.org/pdf/1906.10478.pdf
CVE-2019-10637 (Marvell SSD Controller (88SS1074, 88SS1079, 88SS1080,
88SS1093, 88SS10 ...)
NOT-FOR-US: Marvell
@@ -12740,7 +12740,7 @@ CVE-2019-10208
RESERVED
CVE-2019-10207 [bluetooth: hci_uart: 0x0 address execution as nonprivileged
user]
RESERVED
- - linux <unfixed>
+ - linux 5.2.6-1
NOTE: https://www.openwall.com/lists/oss-security/2019/07/25/1
NOTE:
https://lore.kernel.org/linux-bluetooth/[email protected]/T/#u
NOTE:
https://git.kernel.org/linus/b36a1552d7319bbfd5cf7f08726c23c5c66d4f73
@@ -29082,7 +29082,7 @@ CVE-2019-3901 (A race condition in perf_event_open()
allows local attackers to l
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=807
NOTE: Fixed by:
https://git.kernel.org/linus/79c9ce57eb2d5f1497546a3946b4ae21b6fdc438
CVE-2019-3900 (An infinite loop issue was found in the vhost_net kernel module
in Lin ...)
- - linux <unfixed>
+ - linux 5.2.6-1
CVE-2019-3899 (It was found that default configuration of Heketi does not
require any ...)
- heketi <itp> (bug #903384)
CVE-2019-3898
@@ -29193,7 +29193,7 @@ CVE-2019-3876 (A flaw was found in the
/oauth/token/request custom endpoint of t
CVE-2019-3875 (A vulnerability was found in keycloak before 6.0.2. The X.509
authenti ...)
NOT-FOR-US: Keycloak
CVE-2019-3874 (The SCTP socket buffer used by a userspace application is not
accounte ...)
- - linux <unfixed>
+ - linux 5.2.6-1
[stretch] - linux <ignored> (Minor issue)
[jessie] - linux <ignored> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1686373
@@ -35380,7 +35380,7 @@ CVE-2019-2001 (The permissions on /proc/iomem were
world-readable. This could le
CVE-2019-2000 (In several functions of binder.c, there is possible memory
corruption ...)
NOT-FOR-US: Android kernel (no source release, so apparently not in
mainline)
CVE-2019-1999 (In binder_alloc_free_page of binder_alloc.c, there is a
possible doubl ...)
- - linux <unfixed>
+ - linux 5.2.6-1
[stretch] - linux <not-affected> (Vulnerable code introduced later)
[jessie] - linux <not-affected> (Vulnerable code introduced later)
NOTE:
https://git.kernel.org/linus/5cec2d2e5839f9c0fec319c523a911e0a7fd299f
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d886b0ad32a9c8982d317f4b9b73ec19b8f44f3c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d886b0ad32a9c8982d317f4b9b73ec19b8f44f3c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
