[Git][security-tracker-team/security-tracker][master] Pre-merge already linux changes for upcoming point releases

Salvatore Bonaccorso (@carnil) Sat, 26 Mar 2022 02:00:07 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
ba1ccccc by Salvatore Bonaccorso at 2022-03-26T09:59:23+01:00
Pre-merge already linux changes for upcoming point releases

- - - - -


3 changed files:

- data/CVE/list
- data/next-oldstable-point-update.txt
- data/next-point-update.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1624,6 +1624,7 @@ CVE-2022-1012
        RESERVED
 CVE-2022-1011 (A flaw use after free in the Linux kernel FUSE filesystem was 
found in ...)
        - linux <unfixed>
+       [bullseye] - linux 5.10.106-1
        NOTE: 
https://git.kernel.org/linus/0c4bcfdecb1ac0967619ee7ff44871d93c08c909 (5.17-rc8)
 CVE-2022-1010
        RESERVED
@@ -1678,6 +1679,7 @@ CVE-2022-0996 (A vulnerability was found in the 389 
Directory Server that allows
        TODO: check details
 CVE-2022-0995 (An out-of-bounds (OOB) memory write flaw was found in the Linux 
kernel ...)
        - linux <unfixed>
+       [bullseye] - linux 5.10.106-1
        [buster] - linux <not-affected> (Vulnerable code not present)
        [stretch] - linux <not-affected> (Vulnerable code not present)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2063786
@@ -7913,6 +7915,8 @@ CVE-2022-24959 (An issue was discovered in the Linux 
kernel before 5.16.5. There
        NOTE: 
https://git.kernel.org/linus/29eb31542787e1019208a2e1047bb7c76c069536 (5.17-rc2)
 CVE-2022-24958 (drivers/usb/gadget/legacy/inode.c in the Linux kernel through 
5.16.8 m ...)
        - linux 5.16.14-1
+       [bullseye] - linux 5.10.106-1
+       [buster] - linux 4.19.235-1
        NOTE: Fixed by: 
https://git.kernel.org/linus/89f3594d0de58e8a57d92d497dea9fee3d4b9cda (5.17-rc1)
        NOTE: Fixed by: 
https://git.kernel.org/linus/501e38a5531efbd77d5c73c0ba838a889bfc1d74 (5.17-rc1)
 CVE-2022-24957
@@ -11105,6 +11109,8 @@ CVE-2022-23961
        RESERVED
 CVE-2022-23960 (Certain Arm Cortex and Neoverse processors through 2022-03-08 
do not p ...)
        - linux 5.16.14-1
+       [bullseye] - linux 5.10.106-1
+       [buster] - linux 4.19.235-1
        NOTE: https://www.vusec.net/projects/bhi-spectre-bhb/
        NOTE: 
https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/spectre-bhb
        NOTE: https://xenbits.xen.org/xsa/advisory-398.html
@@ -14474,24 +14480,37 @@ CVE-2022-23043 (Zenario CMS 9.2 allows an 
authenticated admin user to bypass the
        NOT-FOR-US: Zenario CMS
 CVE-2022-23042 (Linux PV device frontends vulnerable to attacks by backends 
T[his CNA  ...)
        - linux 5.16.14-1
+       [bullseye] - linux 5.10.106-1
+       [buster] - linux 4.19.235-1
        NOTE: https://xenbits.xen.org/xsa/advisory-396.html
 CVE-2022-23041 (Linux PV device frontends vulnerable to attacks by backends 
T[his CNA  ...)
        - linux 5.16.14-1
+       [bullseye] - linux 5.10.106-1
+       [buster] - linux 4.19.235-1
        NOTE: https://xenbits.xen.org/xsa/advisory-396.html
 CVE-2022-23040 (Linux PV device frontends vulnerable to attacks by backends 
T[his CNA  ...)
        - linux 5.16.14-1
+       [bullseye] - linux 5.10.106-1
+       [buster] - linux 4.19.235-1
        NOTE: https://xenbits.xen.org/xsa/advisory-396.html
 CVE-2022-23039 (Linux PV device frontends vulnerable to attacks by backends 
T[his CNA  ...)
        - linux 5.16.14-1
+       [bullseye] - linux 5.10.106-1
+       [buster] - linux 4.19.235-1
        NOTE: https://xenbits.xen.org/xsa/advisory-396.html
 CVE-2022-23038 (Linux PV device frontends vulnerable to attacks by backends 
T[his CNA  ...)
        - linux 5.16.14-1
+       [bullseye] - linux 5.10.106-1
        NOTE: https://xenbits.xen.org/xsa/advisory-396.html
 CVE-2022-23037 (Linux PV device frontends vulnerable to attacks by backends 
T[his CNA  ...)
        - linux 5.16.14-1
+       [bullseye] - linux 5.10.106-1
+       [buster] - linux 4.19.235-1
        NOTE: https://xenbits.xen.org/xsa/advisory-396.html
 CVE-2022-23036 (Linux PV device frontends vulnerable to attacks by backends 
T[his CNA  ...)
        - linux 5.16.14-1
+       [bullseye] - linux 5.10.106-1
+       [buster] - linux 4.19.235-1
        NOTE: https://xenbits.xen.org/xsa/advisory-396.html
 CVE-2022-23035 (Insufficient cleanup of passed-through device IRQs The 
management of I ...)
        - xen 4.16.0+51-g0941d6cb-1
@@ -19440,6 +19459,7 @@ CVE-2021-4150 (A use-after-free flaw was found in the 
add_partition in block/par
        NOTE: 
https://git.kernel.org/linus/9fbfabfda25d8774c5a08634fdd2da000a924890 (5.15-rc7)
 CVE-2021-4149 (A vulnerability was found in btrfs_alloc_tree_b in 
fs/btrfs/extent-tre ...)
        - linux 5.14.16-1
+       [buster] - linux 4.19.235-1
        NOTE: 
https://git.kernel.org/linus/19ea40dddf1833db868533958ca066f368862211 (5.15-rc6)
 CVE-2021-4148 (A vulnerability was found in the Linux kernel's 
block_invalidatepage i ...)
        - linux 5.14.16-1


=====================================
data/next-oldstable-point-update.txt
=====================================
@@ -216,24 +216,6 @@ CVE-2021-40985
        [buster] - htmldoc 1.9.3-1+deb10u3
 CVE-2022-23308
        [buster] - libxml2 2.9.4+dfsg1-7+deb10u3
-CVE-2021-4149
-       [buster] - linux 4.19.235-1
-CVE-2022-23036
-       [buster] - linux 4.19.235-1
-CVE-2022-23037
-       [buster] - linux 4.19.235-1
-CVE-2022-23039
-       [buster] - linux 4.19.235-1
-CVE-2022-23040
-       [buster] - linux 4.19.235-1
-CVE-2022-23041
-       [buster] - linux 4.19.235-1
-CVE-2022-23042
-       [buster] - linux 4.19.235-1
-CVE-2022-23960
-       [buster] - linux 4.19.235-1
-CVE-2022-24958
-       [buster] - linux 4.19.235-1
 CVE-2020-10001
        [buster] - cups 2.2.10-6+deb10u5
 CVE-2021-46709


=====================================
data/next-point-update.txt
=====================================
@@ -134,28 +134,6 @@ CVE-2022-25640
        [bullseye] - wolfssl 4.6.0+p1-0+deb11u1
 CVE-2022-23308
        [bullseye] - libxml2 2.9.10+dfsg-6.7+deb11u1
-CVE-2022-0995
-       [bullseye] - linux 5.10.106-1
-CVE-2022-1011
-       [bullseye] - linux 5.10.106-1
-CVE-2022-23036
-       [bullseye] - linux 5.10.106-1
-CVE-2022-23037
-       [bullseye] - linux 5.10.106-1
-CVE-2022-23038
-       [bullseye] - linux 5.10.106-1
-CVE-2022-23039
-       [bullseye] - linux 5.10.106-1
-CVE-2022-23040
-       [bullseye] - linux 5.10.106-1
-CVE-2022-23041
-       [bullseye] - linux 5.10.106-1
-CVE-2022-23042
-       [bullseye] - linux 5.10.106-1
-CVE-2022-23960
-       [bullseye] - linux 5.10.106-1
-CVE-2022-24958
-       [bullseye] - linux 5.10.106-1
 CVE-2021-0561
        [bullseye] - flac 1.3.3-2+deb11u1
 CVE-2021-45005



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba1cccccc6ede50e6175c6777370b9e974600829

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba1cccccc6ede50e6175c6777370b9e974600829
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Pre-merge already linux changes for upcoming point releases

Reply via email to