Author: carnil Date: 2016-12-02 07:09:28 +0000 (Fri, 02 Dec 2016) New Revision: 46700
Modified: data/CVE/list Log: Add fixed version for various src:linux CVEs Modified: data/CVE/list =================================================================== --- data/CVE/list 2016-12-02 05:34:14 UTC (rev 46699) +++ data/CVE/list 2016-12-02 07:09:28 UTC (rev 46700) @@ -1709,7 +1709,7 @@ NOTE: https://blogs.gentoo.org/ago/2016/11/19/jasper-signed-integer-overflow-in-jas_image-c NOTE: Fixed by: https://github.com/mdadams/jasper/commit/d42b2388f7f8e0332c846675133acea151fc557a CVE-2016-9555 (The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux ...) - - linux <unfixed> + - linux 4.8.11-1 NOTE: Fixed by: https://git.kernel.org/linus/bf911e985d6bbaa328c20c3e05f4eb03de11fdd6 (4.9-rc4) CVE-2016-9481 (In framework/modules/core/controllers/expCommentController.php of ...) TODO: check @@ -3320,12 +3320,12 @@ NOTE: Origin of the file seems to be from libav TODO: check: 0.5.1-3 claims the upload fixed CVE-2016-8888 and CVE-2016-9085 but the taken patch looks different, needs investigation CVE-2016-9084 (drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel through 4.8.11 ...) - - linux <unfixed> + - linux 4.8.11-1 [wheezy] - linux <not-affected> (Vulnerable code not present) NOTE: https://patchwork.kernel.org/patch/9373631/ NOTE: Fixed by: https://git.kernel.org/linus/05692d7005a364add85c6e25a6c4447ce08f913a (v4.9-rc4) CVE-2016-9083 (drivers/vfio/pci/vfio_pci.c in the Linux kernel through 4.8.11 allows ...) - - linux <unfixed> + - linux 4.8.11-1 [wheezy] - linux <not-affected> (Vulnerable code not present) NOTE: https://patchwork.kernel.org/patch/9373631/ NOTE: Fixed by: https://git.kernel.org/linus/05692d7005a364add85c6e25a6c4447ce08f913a (v4.9-rc4) @@ -4392,7 +4392,7 @@ CVE-2016-8651 RESERVED CVE-2016-8650 (The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel through ...) - - linux <unfixed> + - linux 4.8.11-1 [wheezy] - linux <not-affected> (Vulnerable code introduced later) NOTE: http://seclists.org/fulldisclosure/2016/Nov/76 NOTE: Proposed fix: https://lkml.org/lkml/2016/11/23/477 @@ -4420,7 +4420,7 @@ NOTE: https://lkml.org/lkml/2016/10/12/198 NOTE: Fixed by: https://git.kernel.org/linus/4afa5f9617927453ac04b24b584f6c718dfb4f45 (v4.4-rc2) CVE-2016-8645 (The TCP stack in the Linux kernel before 4.8.10 mishandles skb ...) - - linux <unfixed> + - linux 4.8.11-1 [wheezy] - linux <not-affected> (Vulnerable code introduced later) NOTE: Fixed by: https://git.kernel.org/linus/ac6e780070e30e4c35bd395acfe9191e6268bdd3 (v4.9-rc6) NOTE: Introduced in: https://git.kernel.org/linus/cf60af03ca4e71134206809ea892e49b92a88896 (v3.6-rc1) @@ -12756,7 +12756,7 @@ NOTE: libv8 is not covered by security support CVE-2016-6213 RESERVED - - linux <unfixed> + - linux 4.8.11-1 NOTE: https://lkml.org/lkml/2016/8/28/269 NOTE: Fixed by: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d29216842a85c7970c536108e093963f02714498 CVE-2016-6186 (Cross-site scripting (XSS) vulnerability in the ...) @@ -55671,7 +55671,7 @@ [wheezy] - oss4 <no-dsa> (Minor issue) [squeeze] - oss4 <no-dsa> (Minor issue) CVE-2015-1350 (The VFS subsystem in the Linux kernel 3.x provides an incomplete set ...) - - linux <unfixed> (bug #770492) + - linux 4.8.11-1 (bug #770492) - linux-2.6 <removed> NOTE: Fixed by: https://git.kernel.org/linus/030b533c4fd4d2ec3402363323de4bb2983c9cee CVE-2014-XXXX [TYPO3-CORE-SA-2014-002: Multiple Vulnerabilities in TYPO3 CMS] _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits