[Git][security-tracker-team/security-tracker][master] Ignore some eBPF related linux issues for stretch (sync with kernel-sec)

Salvatore Bonaccorso (@carnil) Sun, 15 May 2022 22:02:33 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
0fdd84d7 by Salvatore Bonaccorso at 2022-05-16T07:01:44+02:00
Ignore some eBPF related linux issues for stretch (sync with kernel-sec)

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -27579,6 +27579,7 @@ CVE-2021-4160 (There is a carry propagation bug in the 
MIPS32 and MIPS64 squarin
 CVE-2021-4159 [bpf: Verifer, adjust_scalar_min_max_vals to always call 
update_reg_bounds()]
        RESERVED
        - linux 5.7.6-1
+       [stretch] - linux <ignored> (Too risky to backport, and mitigated by 
default)
        NOTE: Fixed by: 
https://git.kernel.org/linus/294f2fc6da27620a506e6c050241655459ccd6bd (5.7-rc1)
 CVE-2021-45464 [hypervisor escape and host code execution]
        RESERVED
@@ -57925,6 +57926,7 @@ CVE-2021-35477 (In the Linux kernel through 5.13.7, an 
unprivileged BPF program
        {DLA-2785-1}
        - linux 5.10.46-4
        [buster] - linux 4.19.208-1
+       [stretch] - linux <ignored> (Too risky to backport, and mitigated by 
default)
        NOTE: https://www.openwall.com/lists/oss-security/2021/08/01/3
 CVE-2021-35476
        RESERVED
@@ -60064,6 +60066,7 @@ CVE-2021-34556 (In the Linux kernel through 5.13.7, an 
unprivileged BPF program
        {DLA-2785-1}
        - linux 5.10.46-4
        [buster] - linux 4.19.208-1
+       [stretch] - linux <ignored> (Too risky to backport, and mitigated by 
default)
        NOTE: https://www.openwall.com/lists/oss-security/2021/08/01/3
 CVE-2021-34555 (OpenDMARC 1.4.1 and 1.4.1.1 allows remote attackers to cause a 
denial  ...)
        - opendmarc 1.4.0~beta1+dfsg-6 (bug #990001)
@@ -62259,6 +62262,7 @@ CVE-2021-33624 (In kernel/bpf/verifier.c in the Linux 
kernel before 5.12.13, a b
        {DLA-2785-1}
        - linux 5.10.46-1
        [buster] - linux 4.19.208-1
+       [stretch] - linux <ignored> (Too risky to backport, and mitigated by 
default)
        NOTE: https://www.openwall.com/lists/oss-security/2021/06/21/1
 CVE-2021-33623 (The trim-newlines package before 3.0.1 and 4.x before 4.0.1 
for Node.j ...)
        - node-trim-newlines 3.0.0+~3.0.0-1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0fdd84d77592c53e3418bb06a703548a88bcde5c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0fdd84d77592c53e3418bb06a703548a88bcde5c
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Ignore some eBPF related linux issues for stretch (sync with kernel-sec)

Reply via email to