Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
704ca3d0 by Emilio Pozuelo Monfort at 2020-07-06T13:44:33+02:00
fix linux-4.9 entries
Most of these are already fixed in jessie, so having a jessie
entry with unfixed is wrong. Rather than marking it as fixed,
add the generic entry as removed and let the cross-reference do
its job.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -113653,7 +113653,7 @@ CVE-2018-13099 (An issue was discovered in
fs/f2fs/inline.c in the Linux kernel
{DSA-4308-1 DLA-1531-1}
- linux 4.18.10-1
[jessie] - linux <ignored> (Hard to backport and low priority outside
of Android)
- [jessie] - linux-4.9 <unfixed>
+ - linux-4.9 <removed>
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200179
NOTE:
https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=cc60e90f9bfab8d6a7fb826937e824333c3bf94a
NOTE: https://sourceforge.net/p/linux-f2fs/mailman/message/36356878/
@@ -113675,7 +113675,7 @@ CVE-2018-13096 (An issue was discovered in
fs/f2fs/super.c in the Linux kernel t
- linux 4.19.9-1
[stretch] - linux 4.9.144-1
[jessie] - linux <ignored> (Hard to backport and low priority outside
of Android)
- [jessie] - linux-4.9 <unfixed>
+ - linux-4.9 <removed>
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200167
NOTE:
https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=e335cc683fd13882b9152937b06ff3c16c28aa34
CVE-2018-13095 (An issue was discovered in fs/xfs/libxfs/xfs_inode_buf.c in
the Linux ...)
@@ -113687,7 +113687,7 @@ CVE-2018-13094 (An issue was discovered in
fs/xfs/libxfs/xfs_attr_leaf.c in the
{DLA-2114-1 DLA-1529-1}
- linux 4.17.14-1
[stretch] - linux 4.9.210-1
- [jessie] - linux-4.9 <unfixed>
+ - linux-4.9 <removed>
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199969
NOTE:
https://git.kernel.org/pub/scm/fs/xfs/xfs-linux.git/commit/?h=for-next&id=bb3d48dcf86a97dc25fe9fc2c11938e19cb4399a
CVE-2018-13093 (An issue was discovered in fs/xfs/xfs_icache.c in the Linux
kernel thr ...)
@@ -113780,7 +113780,7 @@ CVE-2018-13053 (The alarm_timer_nsleep function in
kernel/time/alarmtimer.c in t
{DLA-1731-1 DLA-1715-1}
- linux 4.18.20-1
[stretch] - linux 4.9.135-1
- [jessie] - linux-4.9 <unfixed>
+ - linux-4.9 <removed>
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200303
NOTE:
https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=5f936e19cc0ef97dbe3a56e9498922ad5ba1edef
CVE-2018-13052 (In CyberArk Endpoint Privilege Manager (formerly Viewfinity),
Privileg ...)
@@ -114087,7 +114087,7 @@ CVE-2018-12928 (In the Linux kernel 4.15.0, a NULL
pointer dereference was disco
- linux <unfixed> (low)
[buster] - linux <ignored> (Minor issue)
[stretch] - linux <ignored> (Minor issue)
- [jessie] - linux-4.9 <unfixed>
+ - linux-4.9 <removed>
NOTE: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763384
NOTE: https://marc.info/?l=linux-fsdevel&m=152407263325766&w=2
CVE-2018-12927 (Northern Electric & Power (NEP) inverter devices allow
remote atta ...)
@@ -120778,7 +120778,7 @@ CVE-2018-10682 (** DISPUTED ** An issue was
discovered in WildFly 10.1.2.Final.
- wildfly <itp> (bug #752018)
CVE-2016-10723 (** DISPUTED ** An issue was discovered in the Linux kernel
through 4.1 ...)
- linux <unfixed>
- [jessie] - linux-4.9 <unfixed>
+ - linux-4.9 <removed>
NOTE: https://patchwork.kernel.org/patch/10395909/
CVE-2016-10722 (partclone.fat in Partclone before 0.2.88 is prone to a
heap-based buff ...)
- partclone 0.2.88-1
@@ -121676,7 +121676,7 @@ CVE-2018-10322 (The xfs_dinode_verify function in
fs/xfs/libxfs/xfs_inode_buf.c
- linux 4.16.5-1
[jessie] - linux <ignored> (dinode verifier not implemented)
[wheezy] - linux <ignored> (dinode verifier not implemented)
- [jessie] - linux-4.9 <unfixed>
+ - linux-4.9 <removed>
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199377
CVE-2018-10321 (Frog CMS 0.9.5 has a stored Cross Site Scripting Vulnerability
via "Ad ...)
NOT-FOR-US: Frog CMS
@@ -124968,7 +124968,7 @@ CVE-2017-18249 (The add_free_nid function in
fs/f2fs/node.c in the Linux kernel
[stretch] - linux 4.9.144-1
[jessie] - linux <ignored> (Hard to backport and low priority outside
of Android)
[wheezy] - linux <not-affected> (Vulnerable code not present)
- [jessie] - linux-4.9 <unfixed>
+ - linux-4.9 <removed>
NOTE: Fixed by:
https://git.kernel.org/linus/30a61ddf8117c26ac5b295e1233eaa9629a94ca3
CVE-2017-18248 (The add_job function in scheduler/ipp.c in CUPS before 2.2.6,
when D-B ...)
{DLA-1412-1 DLA-1387-1}
@@ -125936,7 +125936,7 @@ CVE-2017-18232 (The Serial Attached SCSI (SAS)
implementation in the Linux kerne
[stretch] - linux <ignored> (Minor issue)
[jessie] - linux <ignored> (Minor issue)
[wheezy] - linux <not-affected> (Vulnerability introduced later)
- [jessie] - linux-4.9 <unfixed>
+ - linux-4.9 <removed>
NOTE: Fixed by:
https://git.kernel.org/linus/0558f33c06bb910e2879e355192227a8e8f0219d
CVE-2018-8717 (joyplus-cms 1.6.0 has CSRF, as demonstrated by adding an
administrator ...)
NOT-FOR-US: joyplus-cms
@@ -128173,7 +128173,7 @@ CVE-2018-7756 (RunExeFile.exe in the installer for
DEWESoft X3 SP1 (64-bit) devi
CVE-2018-7755 (An issue was discovered in the fd_locked_ioctl function in
drivers/blo ...)
{DSA-4308-1 DLA-1531-1 DLA-1529-1}
- linux 4.18.10-1
- [jessie] - linux-4.9 <unfixed>
+ - linux-4.9 <removed>
NOTE: https://lkml.org/lkml/2018/5/29/495
CVE-2018-7754 (The aoedisk_debugfs_show function in drivers/block/aoe/aoeblk.c
in the ...)
- linux 4.15.4-1
@@ -129982,7 +129982,7 @@ CVE-2018-7273 (In the Linux kernel through 4.15.4,
the floppy driver reveals the
[stretch] - linux <ignored> (Minor issue)
[jessie] - linux <ignored> (Minor issue)
[wheezy] - linux <ignored> (Minor issue)
- [jessie] - linux-4.9 <unfixed>
+ - linux-4.9 <removed>
NOTE: https://lkml.org/lkml/2018/2/20/669
CVE-2018-7272 (The REST APIs in ForgeRock AM before 5.5.0 include SSOToken IDs
as par ...)
NOT-FOR-US: ForgeRock AM
@@ -132755,7 +132755,7 @@ CVE-2018-1000026 (Linux Linux kernel version at least
v4.8 onwards, probably wel
- linux 4.16.5-1
[stretch] - linux 4.9.161-1
[jessie] - linux <ignored> (Minor issue, requires core networking
changes)
- [jessie] - linux-4.9 <unfixed>
+ - linux-4.9 <removed>
NOTE: https://patchwork.ozlabs.org/patch/859410/
NOTE: http://lists.openwall.net/netdev/2018/01/16/40
NOTE: http://lists.openwall.net/netdev/2018/01/18/96
@@ -205270,7 +205270,7 @@ CVE-2016-8660 (The XFS subsystem in the Linux kernel
through 4.8.2 allows local
- linux <unfixed> (low)
[jessie] - linux <not-affected> (Vulnerable code not present)
[wheezy] - linux <not-affected> (Vulnerable code not present)
- [jessie] - linux-4.9 <unfixed> (low)
+ - linux-4.9 <removed> (low)
CVE-2016-8659 (Bubblewrap before 0.1.3 sets the PR_SET_DUMPABLE flag, which
might all ...)
- bubblewrap 0.1.2-2 (bug #840605)
NOTE: https://github.com/projectatomic/bubblewrap/issues/107
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/704ca3d0ac3bf77271d1af3e1c3c7d81e3697114
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/704ca3d0ac3bf77271d1af3e1c3c7d81e3697114
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
