Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
258d1877 by Salvatore Bonaccorso at 2019-12-28T16:41:43Z
Track CVE fixes for linux upload to unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -6311,7 +6311,7 @@ CVE-2019-19333 (In all versions of libyang before 1.0-r5,
a stack-based buffer o
NOTE:
https://github.com/CESNET/libyang/commit/f6d684ade99dd37b21babaa8a856f64faa1e2e0d
CVE-2019-19332 [KVM: x86: fix out-of-bounds write in KVM_GET_EMULATED_CPUID]
RESERVED
- - linux <unfixed>
+ - linux 5.4.6-1
NOTE:
https://git.kernel.org/linus/433f4ba1904100da65a311033f17a9bf586b287e
CVE-2019-19331 (knot-resolver before version 4.3.0 is vulnerable to denial of
service ...)
- knot-resolver <unfixed> (bug #946181)
@@ -6339,7 +6339,7 @@ CVE-2019-19320
CVE-2019-19319 (In the Linux kernel 5.0.21, a setxattr operation, after a
mount of a c ...)
- linux 5.3.15-1
CVE-2019-19318 (In the Linux kernel 5.3.11, mounting a crafted btrfs image
twice can c ...)
- - linux <unfixed>
+ - linux 5.4.6-1
CVE-2019-19317 (lookupName in resolve.c in SQLite 3.30.1 omits bits from the
colUsed b ...)
- sqlite3 <not-affected> (Generated column support was added with
SQLite version 3.31.0)
NOTE: Fixed by:
https://github.com/sqlite/sqlite/commit/522ebfa7cee96fb325a22ea3a2464a63485886a8
@@ -6984,7 +6984,7 @@ CVE-2019-19083 (Memory leaks in *clock_source_create()
functions under drivers/g
[jessie] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/055e547478a11a6360c7ce05e2afc3e366968a12
CVE-2019-19082 (Memory leaks in *create_resource_pool() functions under
drivers/gpu/dr ...)
- - linux <unfixed>
+ - linux 5.4.6-1
[stretch] - linux <not-affected> (Vulnerable code not present)
[jessie] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/104c307147ad379617472dd91a5bcb368d72bd6d
@@ -7008,7 +7008,7 @@ CVE-2019-19078 (A memory leak in the
ath10k_usb_hif_tx_sg() function in drivers/
[stretch] - linux <not-affected> (Vulnerable code not present)
[jessie] - linux <not-affected> (Vulnerable code not present)
CVE-2019-19077 (A memory leak in the bnxt_re_create_srq() function in
drivers/infiniba ...)
- - linux <unfixed>
+ - linux 5.4.6-1
[stretch] - linux <not-affected> (Vulnerable code not present)
[jessie] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/4a9d46a9fe14401f21df69cea97c62396d5fb053
@@ -7022,18 +7022,18 @@ CVE-2019-19075 (A memory leak in the ca8210_probe()
function in drivers/net/ieee
- linux 5.3.9-1 (unimportant)
NOTE:
https://git.kernel.org/linus/6402939ec86eaf226c8b8ae00ed983936b164908
CVE-2019-19074 (A memory leak in the ath9k_wmi_cmd() function in
drivers/net/wireless/ ...)
- - linux <unfixed>
+ - linux 5.4.6-1
NOTE:
https://git.kernel.org/linus/728c1e2a05e4b5fc52fab3421dce772a806612a2
CVE-2019-19073 (Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in
the Linux ...)
- - linux <unfixed>
+ - linux 5.4.6-1
NOTE:
https://git.kernel.org/linus/853acf7caf10b828102d92d05b5c101666a6142b
CVE-2019-19072 (A memory leak in the predicate_parse() function in
kernel/trace/trace_ ...)
- - linux <unfixed>
+ - linux 5.4.6-1
[stretch] - linux <not-affected> (Vulnerable code not present)
[jessie] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/96c5c6e6a5b6db592acae039fed54b5c8844cd35
CVE-2019-19071 (A memory leak in the rsi_send_beacon() function in
drivers/net/wireles ...)
- - linux <unfixed>
+ - linux 5.4.6-1
[stretch] - linux <not-affected> (Vulnerable code not present)
[jessie] - linux <not-affected> (Vulnerable code not present)
CVE-2019-19070 (** DISPUTED ** A memory leak in the spi_gpio_probe() function
in drive ...)
@@ -7062,7 +7062,7 @@ CVE-2019-19064 (** DISPUTED ** A memory leak in the
fsl_lpspi_probe() function i
CVE-2019-19063 (Two memory leaks in the rtl_usb_probe() function in
drivers/net/wirele ...)
- linux <unfixed> (unimportant)
CVE-2019-19062 (A memory leak in the crypto_report() function in
crypto/crypto_user_ba ...)
- - linux <unfixed>
+ - linux 5.4.6-1
CVE-2019-19061 (A memory leak in the adis_update_scan_mode_burst() function in
drivers ...)
- linux 5.3.9-1 (unimportant)
NOTE:
https://git.kernel.org/linus/9c0530e898f384c5d279bfcebd8bb17af1105873
@@ -7070,12 +7070,12 @@ CVE-2019-19060 (A memory leak in the
adis_update_scan_mode() function in drivers
- linux 5.3.9-1 (unimportant)
NOTE:
https://git.kernel.org/linus/ab612b1daf415b62c58e130cb3d0f30b255a14d0
CVE-2019-19059 (Multiple memory leaks in the iwl_pcie_ctxt_info_gen3_init()
function i ...)
- - linux <unfixed>
+ - linux 5.4.6-1
[stretch] - linux <not-affected> (Vulnerable code not present)
[jessie] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/0f4f199443faca715523b0659aa536251d8b978f
CVE-2019-19058 (A memory leak in the alloc_sgtable() function in
drivers/net/wireless/ ...)
- - linux <unfixed>
+ - linux 5.4.6-1
[stretch] - linux <not-affected> (Vulnerable code not present)
[jessie] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/b4b814fec1a5a849383f7b3886b654a13abbda7d
@@ -7084,7 +7084,7 @@ CVE-2019-19057 (Two memory leaks in the
mwifiex_pcie_init_evt_ring() function in
CVE-2019-19056 (A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function
in drive ...)
- linux <unfixed>
CVE-2019-19055 (** DISPUTED ** A memory leak in the
nl80211_get_ftm_responder_stats() ...)
- - linux <unfixed> (unimportant)
+ - linux 5.4.6-1 (unimportant)
[buster] - linux <not-affected> (Vulnerable code introduced later)
[stretch] - linux <not-affected> (Vulnerable code introduced later)
[jessie] - linux <not-affected> (Vulnerable code introduced later)
@@ -7683,7 +7683,7 @@ CVE-2019-18813 (A memory leak in the dwc3_pci_probe()
function in drivers/usb/dw
NOTE:
https://git.kernel.org/linus/9bbfceea12a8f145097a27d7c7267af25893c060
NOTE: No security impact since the issue is on the probe path.
CVE-2019-18812 (A memory leak in the sof_dfsentry_write() function in
sound/soc/sof/de ...)
- - linux <unfixed> (unimportant)
+ - linux 5.4.6-1 (unimportant)
[buster] - linux <not-affected> (Vulnerable code not present)
[stretch] - linux <not-affected> (Vulnerable code not present)
[jessie] - linux <not-affected> (Vulnerable code not present)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/258d1877d579fc8feb19832c922aeaa7ec18029e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/258d1877d579fc8feb19832c922aeaa7ec18029e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
