Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a3b0ab39 by Salvatore Bonaccorso at 2023-06-12T08:47:29+02:00
Track fixed version for some linux CVEs with unstable upload
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -13,7 +13,7 @@ CVE-2023-3184 (A vulnerability was found in SourceCodester
Sales Tracker Managem
CVE-2023-3183 (A vulnerability was found in SourceCodester Performance
Indicator Syst ...)
NOT-FOR-US: SourceCodester Performance Indicator System
CVE-2023-3141 (A use-after-free flaw was found in r592_remove in
drivers/memstick/hos ...)
- - linux <unfixed>
+ - linux 6.3.7-1
NOTE:
https://git.kernel.org/linus/63264422785021704c39b38f65a78ab9e4a186d7 (6.4-rc1)
CVE-2023-34856 (A Cross Site Scripting (XSS) vulnerability in D-Link
DI-7500G-CI-19.05 ...)
NOT-FOR-US: D-Link
@@ -1087,7 +1087,7 @@ CVE-2023-34258 (An issue was discovered in BMC Patrol
before 22.1.00. The agent'
CVE-2023-34257 (An issue was discovered in BMC Patrol through 23.1.00. The
agent's con ...)
NOT-FOR-US: BMC Patrol
CVE-2023-34256 (An issue was discovered in the Linux kernel before 6.3.3.
There is an ...)
- - linux <unfixed>
+ - linux 6.3.7-1
NOTE:
https://git.kernel.org/linus/4f04351888a83e595571de672e0a4a8b74f4fb31 (6.4-rc2)
CVE-2023-34255
REJECTED
@@ -1164,7 +1164,7 @@ CVE-2023-2758 (A denial of service vulnerability exists
in Contec CONPROSYS HMI
CVE-2023-2749 (Download Center fails to properly validate the file path
submitted by ...)
NOT-FOR-US: ASUSTOR
CVE-2022-48502 (An issue was discovered in the Linux kernel before 6.2. The
ntfs3 subs ...)
- - linux <unfixed> (unimportant)
+ - linux 6.3.7-1 (unimportant)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/0e8235d28f3a0e9eda9f02ff67ee566d5f42b66b (6.2-rc1)
@@ -2761,13 +2761,13 @@ CVE-2023-2458 (Use after free in ChromeOS Camera in
Google Chrome on ChromeOS pr
CVE-2023-2457 (Out of bounds write in ChromeOS Audio Server in Google Chrome
on Chrom ...)
NOT-FOR-US: Google Chrome on ChromeOS
CVE-2023-32254
- - linux <unfixed>
+ - linux 6.3.7-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/30210947a343b6b3ca13adc9bfc88e1543e16dd5 (6.4-rc1)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-CAN-20592/
CVE-2023-32250
- - linux <unfixed>
+ - linux 6.3.7-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/f5c779b7ddbda30866cf2a27c63e34158f858c73 (6.4-rc1)
@@ -3371,7 +3371,7 @@ CVE-2015-10105 (A vulnerability, which was classified as
critical, was found in
CVE-2015-10104 (A vulnerability, which was classified as problematic, has been
found i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-2430 [io_uring/msg_ring: fix missing lock on overflow for IOPOLL]
- - linux <unfixed>
+ - linux 6.3.7-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/e12d7a46f65ae4b7d58a5e0c1cbfa825cf8d830d (6.2-rc5)
CVE-2023-2429 (Improper Access Control in GitHub repository thorsten/phpmyfaq
prior t ...)
@@ -4026,7 +4026,7 @@ CVE-2023-24476 (An attacker with local access to the
machine could record the tr
CVE-2023-2270
RESERVED
CVE-2023-2269 (A denial of service problem was found, due to a possible
recursive loc ...)
- - linux <unfixed>
+ - linux 6.3.7-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2189388
CVE-2023-2268
RESERVED
@@ -4164,7 +4164,7 @@ CVE-2023-31085 (An issue was discovered in
drivers/mtd/ubi/cdev.c in the Linux k
NOTE:
https://lore.kernel.org/all/[email protected]/
NOTE: Negligible security impact
CVE-2023-31084 (An issue was discovered in
drivers/media/dvb-core/dvb_frontend.c in th ...)
- - linux <unfixed>
+ - linux 6.3.7-1
NOTE:
https://lore.kernel.org/all/CA+UBctCu7fXn4q41O_3=id1+odyq85tzy1x+tkt-6ovbl6k...@mail.gmail.com/
CVE-2023-31083 (An issue was discovered in drivers/bluetooth/hci_ldisc.c in
the Linux ...)
- linux <unfixed>
@@ -4788,7 +4788,7 @@ CVE-2023-2177 (A null pointer dereference issue was found
in the sctp network pr
NOTE:
https://lore.kernel.org/netdev/CADvbK_dWMO0XdAf950Q14pUv99ahS1MRnOtppvosU2w33sO=k...@mail.gmail.com/T/
NOTE:
https://git.kernel.org/linus/181d8d2066c000ba0a0e6940a7ad80f1a0e68e9d (5.19)
CVE-2023-2176 (A vulnerability was found in compare_netdev_and_ip in
drivers/infiniba ...)
- - linux <unfixed>
+ - linux 6.3.7-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://lkml.org/lkml/2022/12/9/178
@@ -5130,7 +5130,7 @@ CVE-2023-2126
CVE-2023-2125
RESERVED
CVE-2023-2124 (An out-of-bounds memory access flaw was found in the Linux
kernel\u201 ...)
- - linux <unfixed>
+ - linux 6.3.7-1
NOTE: https://www.openwall.com/lists/oss-security/2023/04/19/2
NOTE:
https://lore.kernel.org/linux-xfs/[email protected]/T/#m1ebbcd1ad061d2d33bef6f0534a2b014744d152d
NOTE:
https://git.kernel.org/linus/22ed903eee23a5b174e240f1cdfa9acf393a5210 (6.4-rc1)
@@ -12467,7 +12467,7 @@ CVE-2023-1410 (Grafana is an open-source platform for
monitoring and observabili
CVE-2023-1409
RESERVED
CVE-2022-48425 (In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an
invalid kfr ...)
- - linux <unfixed> (unimportant)
+ - linux 6.3.7-1 (unimportant)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/98bea253aa28ad8be2ce565a9ca21beb4a9419e5 (6.4-rc1)
@@ -22834,7 +22834,7 @@ CVE-2023-0599 (Rapid7 Metasploit Pro versions 4.21.2
and lower suffer from a sto
CVE-2023-0598 (GE Digital Proficy iFIX 2022, GE Digital Proficy iFIX v6.1, and
GE Dig ...)
NOT-FOR-US: GE
CVE-2023-0597 (A flaw possibility of memory leak in the Linux kernel
cpu_entry_area m ...)
- - linux <unfixed>
+ - linux 6.3.7-1
NOTE:
https://git.kernel.org/linus/97e3d26b5e5f371b3ee223d94dd123e6c442ba80 (6.2-rc1)
CVE-2023-0596
RESERVED
@@ -28182,7 +28182,7 @@ CVE-2023-23006 (In the Linux kernel before 5.15.13,
drivers/net/ethernet/mellano
[buster] - linux <not-affected> (Vulnerble code not present)
NOTE:
https://git.kernel.org/linus/6b8b42585886c59a008015083282aae434349094 (5.16-rc8)
CVE-2023-23005 (In the Linux kernel before 6.2, mm/memory-tiers.c
misinterprets the al ...)
- - linux <unfixed>
+ - linux 6.3.7-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerble code not present)
NOTE:
https://git.kernel.org/linus/4a625ceee8a0ab0273534cb6b432ce6b331db5ee (6.2-rc1)
@@ -39362,7 +39362,7 @@ CVE-2022-45890 (In Planet eStream before 6.72.10.07, a
Reflected Cross-Site Scri
CVE-2022-45889 (Planet eStream before 6.72.10.07 allows a remote attacker (who
is a pu ...)
NOT-FOR-US: Planet eStream
CVE-2022-45888 (An issue was discovered in the Linux kernel through 6.0.9.
drivers/cha ...)
- - linux <unfixed> (unimportant)
+ - linux 6.3.7-1 (unimportant)
[bullseye] - linux <not-affected> (Vulnerable code introduced later)
[buster] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://lore.kernel.org/all/20221022175404.GA375335@ubuntu/
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a3b0ab39bc971a8152c5d339e6543a3a928141d5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a3b0ab39bc971a8152c5d339e6543a3a928141d5
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
