Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 37ce58dc by Salvatore Bonaccorso at 2018-02-22T16:52:21+01:00 Merge fixes included in DSA - - - - - 2 changed files: - data/CVE/list - data/next-point-update.txt Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -1124,6 +1124,7 @@ CVE-2015-9252 (An issue was discovered in QPDF before 7.0.0. Endless recursion c NOTE: https://github.com/qpdf/qpdf/issues/51 CVE-2018-6927 (The futex_requeue function in kernel/futex.c in the Linux kernel before ...) - linux 4.14.17-1 + [stretch] - linux 4.9.80-1 NOTE: Fixed by: https://git.kernel.org/linus/fbe0e839d1e22d88810f3ee3e2f1479be4c0aa4a CVE-2018-6926 (In app/Controller/ServersController.php in MISP 2.4.87, a server ...) NOT-FOR-US: MISP @@ -3264,6 +3265,7 @@ CVE-2017-1000475 (FreeSSHd 1.3.1 version is vulnerable to an Unquoted Path Servi NOT-FOR-US: FreeSSHd CVE-2017-18075 (crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing ...) - linux 4.14.13-1 + [stretch] - linux 4.9.80-1 [jessie] - linux <not-affected> (Vulnerable code not present) [wheezy] - linux <not-affected> (Vulnerable code not present) NOTE: Fixed by: https://git.kernel.org/linus/d76c68109f37cb85b243a1cf0f40313afd2bae68 @@ -5399,6 +5401,7 @@ CVE-2018-5346 RESERVED CVE-2018-1000004 (In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a ...) - linux 4.14.17-1 + [stretch] - linux 4.9.80-1 CVE-2018-1000001 (In glibc 2.26 and earlier there is confusion in the usage of getcwd() ...) - glibc 2.26-4 (bug #887001) [stretch] - glibc <postponed> (Minor issue, can be fixed along in next DSA or preferably point release) @@ -5414,6 +5417,7 @@ CVE-2018-5345 (A stack-based buffer overflow within GNOME gcab through 0.7.4 can NOTE: https://git.gnome.org/browse/gcab/commit/?id=bd2abee5f0a9b5cbe3a1ab1f338c4fb8f6ca797b CVE-2018-5344 (In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles ...) - linux 4.14.17-1 + [stretch] - linux 4.9.80-1 [jessie] - linux <not-affected> (Vulnerability introduced later) [wheezy] - linux <not-affected> (Vulnerability introduced later) NOTE: Fixed by: https://git.kernel.org/linus/ae6650163c66a7eff1acd6eb8b0f752dcfa8eba5 @@ -5452,9 +5456,11 @@ CVE-2018-5334 (In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the IxVeriWave f NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=dc308c05ba0673460fe80873b22d296880ee996d CVE-2018-5333 (In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in ...) - linux 4.14.17-1 + [stretch] - linux 4.9.80-1 NOTE: Fixed by: https://git.kernel.org/linus/7d11f77f84b27cef452cee332f4e469503084737 CVE-2018-5332 (In the Linux kernel through 4.14.13, the rds_message_alloc_sgs() ...) - linux 4.14.17-1 + [stretch] - linux 4.9.80-1 NOTE: Fixed by: https://git.kernel.org/linus/c095508770aebf1b9218e77026e48345d719b17c CVE-2017-1000441 REJECTED @@ -19738,15 +19744,19 @@ CVE-2017-16915 RESERVED CVE-2017-16914 (The "stub_send_ret_submit()" function (drivers/usb/usbip/stub_tx.c) in ...) - linux 4.14.12-1 + [stretch] - linux 4.9.80-1 NOTE: Fixed by: https://git.kernel.org/linus/be6123df1ea8f01ee2f896a16c2b7be3e4557a5a CVE-2017-16913 (The "stub_recv_cmd_submit()" function (drivers/usb/usbip/stub_rx.c) in ...) - linux 4.14.12-1 + [stretch] - linux 4.9.80-1 NOTE: Fixed by: https://git.kernel.org/linus/c6688ef9f29762e65bce325ef4acd6c675806366 CVE-2017-16912 (The "get_pipe()" function (drivers/usb/usbip/stub_rx.c) in the Linux ...) - linux 4.14.12-1 + [stretch] - linux 4.9.80-1 NOTE: Fixed by: https://git.kernel.org/linus/635f545a7e8be7596b9b2b6a43cab6bbd5a88e43 CVE-2017-16911 (The vhci_hcd driver in the Linux Kernel before version 4.14.8 and ...) - linux 4.14.12-1 + [stretch] - linux 4.9.80-1 NOTE: Fixed by: https://git.kernel.org/linus/2f2d0088eb93db5c649d2a5e34a3800a8a935fc5 CVE-2017-16910 RESERVED @@ -25283,6 +25293,7 @@ CVE-2017-15130 RESERVED CVE-2017-15129 (A use-after-free vulnerability was found in network namespaces code ...) - linux 4.14.12-1 + [stretch] - linux 4.9.80-1 [jessie] - linux <not-affected> (Vulnerable code not present) [wheezy] - linux <not-affected> (Vulnerable code not present) NOTE: Fixed by: https://git.kernel.org/linus/21b5944350052d2583e82dd59b19a9ba94a007f0 @@ -30806,6 +30817,7 @@ CVE-2017-13217 (In DisplayFtmItem in the bootloader, there is an out-of-bounds w NOT-FOR-US: Android kernel component (no source release, no apparently not affecting mainline) CVE-2017-13216 (In ashmem_ioctl of ashmem.c, there is an out-of-bounds write due to ...) - linux 4.14.17-1 (unimportant) + [stretch] - linux 4.9.80-1 [wheezy] - linux <not-affected> (Vulnerable code not present) NOTE: Fixed by: https://git.kernel.org/linus/443064cb0b1fb4569fe0a71209da7625129f CVE-2017-13215 (A elevation of privilege vulnerability in the Upstream kernel ...) @@ -67838,7 +67850,7 @@ CVE-2017-0862 (An elevation of privilege vulnerability in the Upstream kernel ke NOT-FOR-US: Android driver (proprietary, not part of upstream kernel) CVE-2017-0861 (Use-after-free vulnerability in the snd_pcm_info function in the ALSA ...) - linux 4.13.4-1 - [stretch] - linux <ignored> (Minor issue, cf. kernel-sec information) + [stretch] - linux 4.9.80-1 [jessie] - linux <ignored> (Minor issue, cf. kernel-sec information) [wheezy] - linux <ignored> (Minor issue, cf. kernel-sec information) NOTE: https://git.kernel.org/linus/362bca57f5d78220f8b5907b875961af9436e229 ===================================== data/next-point-update.txt ===================================== --- a/data/next-point-update.txt +++ b/data/next-point-update.txt @@ -105,32 +105,6 @@ CVE-2017-12380 [stretch] - clamav 0.99.2+dfsg-6+deb9u1 CVE-2018-6560 [stretch] - flatpak 0.8.9-0+deb9u1 -CVE-2017-13216 - [stretch] - linux 4.9.80-1 -CVE-2017-15129 - [stretch] - linux 4.9.80-1 -CVE-2017-16911 - [stretch] - linux 4.9.80-1 -CVE-2017-16912 - [stretch] - linux 4.9.80-1 -CVE-2017-16913 - [stretch] - linux 4.9.80-1 -CVE-2017-16914 - [stretch] - linux 4.9.80-1 -CVE-2017-18075 - [stretch] - linux 4.9.80-1 -CVE-2018-5332 - [stretch] - linux 4.9.80-1 -CVE-2018-5333 - [stretch] - linux 4.9.80-1 -CVE-2018-5344 - [stretch] - linux 4.9.80-1 -CVE-2018-6927 - [stretch] - linux 4.9.80-1 -CVE-2017-0861 - [stretch] - linux 4.9.80-1 -CVE-2018-1000004 - [stretch] - linux 4.9.80-1 CVE-2017-1000494 [stretch] - miniupnpd 1.8.20140523-4.1+deb9u1 CVE-2018-6758 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/37ce58dc4f97feff3ccca5adaa598948ba7cecae --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/37ce58dc4f97feff3ccca5adaa598948ba7cecae You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits