Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
78f35e94 by Salvatore Bonaccorso at 2019-12-07T12:38:58Z
Mark CVE fixes for linux/5.3.15-1 upload to unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -60,7 +60,7 @@ CVE-2019-19600
CVE-2019-19599
RESERVED
CVE-2019-19602 (fpregs_state_valid in arch/x86/include/asm/fpu/internal.h in
the Linux ...)
- - linux <unfixed>
+ - linux 5.3.15-1
[buster] - linux <not-affected> (Vulnerable code introduced later)
[stretch] - linux <not-affected> (Vulnerable code introduced later)
[jessie] - linux <not-affected> (Vulnerable code introduced later)
@@ -1264,7 +1264,7 @@ CVE-2019-19535 (In the Linux kernel before 5.2.9, there
is an info-leak bug that
[buster] - linux 4.19.67-1
NOTE:
https://git.kernel.org/linus/30a8beeb3042f49d0537b7050fd21b490166a3d9
CVE-2019-19534 (In the Linux kernel before 5.3.11, there is an info-leak bug
that can ...)
- - linux <unfixed>
+ - linux 5.3.15-1
NOTE:
https://git.kernel.org/linus/f7a1337f0d29b98733c8824e165fca3371d7d4fd
CVE-2019-19533 (In the Linux kernel before 5.3.4, there is an info-leak bug
that can b ...)
- linux 5.3.7-1
@@ -1280,7 +1280,7 @@ CVE-2019-19530 (In the Linux kernel before 5.2.10, there
is a use-after-free bug
- linux 5.2.17-1
NOTE:
https://git.kernel.org/linus/c52873e5a1ef72f845526d9f6a50704433f9c625
CVE-2019-19529 (In the Linux kernel before 5.3.11, there is a use-after-free
bug that ...)
- - linux <unfixed>
+ - linux 5.3.15-1
NOTE:
https://git.kernel.org/linus/4d6636498c41891d0482a914dd570343a838ad79
CVE-2019-19528 (In the Linux kernel before 5.3.7, there is a use-after-free
bug that c ...)
- linux 5.3.7-1
@@ -1297,7 +1297,7 @@ CVE-2019-19525 (In the Linux kernel before 5.3.6, there
is a use-after-free bug
- linux 5.3.7-1
NOTE:
https://git.kernel.org/linus/7fd25e6fc035f4b04b75bca6d7e8daa069603a76
CVE-2019-19524 (In the Linux kernel before 5.3.12, there is a use-after-free
bug that ...)
- - linux <unfixed>
+ - linux 5.3.15-1
NOTE:
https://git.kernel.org/linus/fa3a5a1880c91bb92594ad42dfe9eedad7996b86
CVE-2019-19523 (In the Linux kernel before 5.3.7, there is a use-after-free
bug that c ...)
- linux 5.3.7-1
@@ -2294,7 +2294,7 @@ CVE-2019-19321
CVE-2019-19320
RESERVED
CVE-2019-19319 (In the Linux kernel 5.0.21, a setxattr operation, after a
mount of a c ...)
- - linux <unfixed>
+ - linux 5.3.15-1
CVE-2019-19318 (In the Linux kernel 5.3.11, mounting a crafted btrfs image
twice can c ...)
- linux <unfixed>
CVE-2019-19317 (lookupName in resolve.c in SQLite 3.30.1 omits bits from the
colUsed b ...)
@@ -3041,17 +3041,17 @@ CVE-2019-19053 (A memory leak in the
rpmsg_eptdev_write_iter() function in drive
[stretch] - linux <not-affected> (Vulnerable code not present)
[jessie] - linux <not-affected> (Vulnerable code not present)
CVE-2019-19052 (A memory leak in the gs_can_open() function in
drivers/net/can/usb/gs_ ...)
- - linux <unfixed>
+ - linux 5.3.15-1
NOTE:
https://git.kernel.org/linus/fb5be6a7b4863ecc44963bb80ca614584b6c7817
CVE-2019-19051 (A memory leak in the i2400m_op_rfkill_sw_toggle() function in
drivers/ ...)
- - linux <unfixed>
+ - linux 5.3.15-1
NOTE:
https://git.kernel.org/linus/6f3ef5c25cc762687a7341c18cbea5af54461407
CVE-2019-19050 (A memory leak in the crypto_reportstat() function in
crypto/crypto_use ...)
- linux <unfixed>
[stretch] - linux <not-affected> (Vulnerable code not present)
[jessie] - linux <not-affected> (Vulnerable code not present)
CVE-2019-19049 (** DISPUTED ** A memory leak in the unittest_data_add()
function in dr ...)
- - linux <unfixed> (unimportant)
+ - linux 5.3.15-1 (unimportant)
NOTE:
https://git.kernel.org/linus/e13de8fe0d6a51341671bbe384826d527afe8d44
NOTE: unittest.c can only be reached during boot.
CVE-2019-19048 (A memory leak in the crypto_reportstat() function in
drivers/virt/vbox ...)
@@ -3060,7 +3060,7 @@ CVE-2019-19048 (A memory leak in the crypto_reportstat()
function in drivers/vir
[jessie] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/e0b0cb9388642c104838fac100a4af32745621e2
CVE-2019-19047 (A memory leak in the mlx5_fw_fatal_reporter_dump() function in
drivers ...)
- - linux <unfixed>
+ - linux 5.3.15-1
[buster] - linux <not-affected> (Vulnerability introduced later)
[stretch] - linux <not-affected> (Vulnerability introduced later)
[jessie] - linux <not-affected> (Vulnerability introduced later)
@@ -3069,12 +3069,12 @@ CVE-2019-19046 (** DISPUTED ** A memory leak in the
__ipmi_bmc_register() functi
- linux <unfixed> (unimportant)
NOTE: Only a memory leak on the probe path
CVE-2019-19045 (A memory leak in the mlx5_fpga_conn_create_cq() function in
drivers/ne ...)
- - linux <unfixed>
+ - linux 5.3.15-1
[stretch] - linux <not-affected> (Vulnerable code not present)
[jessie] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/c8c2a057fdc7de1cd16f4baa51425b932a42eb39
CVE-2019-19044 (Two memory leaks in the v3d_submit_cl_ioctl() function in
drivers/gpu/ ...)
- - linux <unfixed>
+ - linux 5.3.15-1
[buster] - linux <not-affected> (Vulnerability introduced later)
[stretch] - linux <not-affected> (Vulnerability introduced later)
[jessie] - linux <not-affected> (Vulnerability introduced later)
@@ -3620,7 +3620,7 @@ CVE-2019-18814 (An issue was discovered in the Linux
kernel through 5.3.9. There
[jessie] - linux <not-affected> (Vulnerability introduced later)
NOTE: https://lore.kernel.org/patchwork/patch/1142523/
CVE-2019-18813 (A memory leak in the dwc3_pci_probe() function in
drivers/usb/dwc3/dwc ...)
- - linux <unfixed> (unimportant)
+ - linux 5.3.15-1 (unimportant)
[stretch] - linux <not-affected> (Bug introduced later)
[jessie] - linux <not-affected> (Bug introduced later)
NOTE:
https://git.kernel.org/linus/9bbfceea12a8f145097a27d7c7267af25893c060
@@ -3632,7 +3632,7 @@ CVE-2019-18812 (A memory leak in the sof_dfsentry_write()
function in sound/soc/
[jessie] - linux <not-affected> (Vulnerable code not present)
NOTE: Function only exposed through debugfs
CVE-2019-18811 (A memory leak in the sof_set_get_large_ctrl_data() function in
sound/s ...)
- - linux <unfixed>
+ - linux 5.3.15-1
[buster] - linux <not-affected> (Vulnerability introduced later)
[stretch] - linux <not-affected> (Vulnerability introduced later)
[jessie] - linux <not-affected> (Vulnerability introduced later)
@@ -6139,7 +6139,7 @@ CVE-2019-18676 (An issue was discovered in Squid 3.x and
4.x through 4.8. Due to
NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_8.txt
NOTE: Squid 4:
http://www.squid-cache.org/Versions/v4/changesets/squid-4-fbbdf75efd7a5cc244b4886a9d42ea458c5a3a73.patch
CVE-2019-18683 (An issue was discovered in drivers/media/platform/vivid in the
Linux k ...)
- - linux <unfixed>
+ - linux 5.3.15-1
[jessie] - linux <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2019/11/02/1
CVE-2019-18675 (The Linux kernel through 5.3.13 has a start_offset+size
Integer Overfl ...)
@@ -6174,7 +6174,7 @@ CVE-2019-18662 (An issue was discovered in YouPHPTube
through 7.7. User input pa
CVE-2019-18661 (Fastweb FASTGate 1.0.1b devices allow partial authentication
bypass by ...)
NOT-FOR-US: Fastweb FASTGate
CVE-2019-18660 (The Linux kernel before 5.4.1 on powerpc allows Information
Exposure b ...)
- - linux <unfixed>
+ - linux 5.3.15-1
[jessie] - linux <ignored> (powerpc not supported in LTS)
NOTE: https://www.openwall.com/lists/oss-security/2019/11/27/1
CVE-2019-18659 (The Wireless Emergency Alerts (WEA) protocol allows remote
attackers t ...)
@@ -16204,7 +16204,7 @@ CVE-2019-15292 (An issue was discovered in the Linux
kernel before 5.0.9. There
- linux 4.19.37-1
[stretch] - linux 4.9.184-1
CVE-2019-15291 (An issue was discovered in the Linux kernel through 5.2.9.
There is a ...)
- - linux <unfixed>
+ - linux 5.3.15-1
NOTE: https://www.openwall.com/lists/oss-security/2019/08/20/2
CVE-2019-15290
REJECTED
@@ -16861,7 +16861,7 @@ CVE-2015-9320 (The option-tree plugin before 2.5.4 for
WordPress has XSS related
CVE-2014-10376 (The i-recommend-this plugin before 3.7.3 for WordPress has SQL
injecti ...)
NOT-FOR-US: i-recommend-this plugin for WordPress
CVE-2019-15099 (drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel
through 5.2. ...)
- - linux <unfixed>
+ - linux 5.3.15-1
[stretch] - linux <not-affected> (Vulnerable code not present)
[jessie] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://lore.kernel.org/linux-wireless/[email protected]/T/#u
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/78f35e9450b624d26f229480dc6991794f128c82
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/78f35e9450b624d26f229480dc6991794f128c82
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
