Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ae774529 by Salvatore Bonaccorso at 2018-02-15T15:33:21+01:00
Record fixing versions for 4.14.17-1
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -330,7 +330,7 @@ CVE-2015-9252 (An issue was discovered in QPDF before
7.0.0. Endless recursion c
NOTE:
https://github.com/qpdf/qpdf/commit/701b518d5c56a1449825a3a37a716c58e05e1c3e
NOTE: https://github.com/qpdf/qpdf/issues/51
CVE-2018-6927 (The futex_requeue function in kernel/futex.c in the Linux
kernel before ...)
- - linux <unfixed>
+ - linux 4.14.17-1
NOTE: Fixed by:
https://git.kernel.org/linus/fbe0e839d1e22d88810f3ee3e2f1479be4c0aa4a
CVE-2018-6926 (In app/Controller/ServersController.php in MISP 2.4.87, a
server ...)
NOT-FOR-US: MISP
@@ -4571,7 +4571,7 @@ CVE-2018-5347 (Seagate Media Server in Seagate Personal
Cloud has unauthenticate
CVE-2018-5346
RESERVED
CVE-2018-1000004 (In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier
versions a ...)
- - linux <unfixed>
+ - linux 4.14.17-1
CVE-2018-1000001 (In glibc 2.26 and earlier there is confusion in the usage of
getcwd() ...)
- glibc 2.26-4 (bug #887001)
[stretch] - glibc <postponed> (Minor issue, can be fixed along in next
DSA or preferably point release)
@@ -4586,7 +4586,7 @@ CVE-2018-5345 (A stack-based buffer overflow within GNOME
gcab through 0.7.4 can
- gcab 0.7-7 (bug #887776)
NOTE:
https://git.gnome.org/browse/gcab/commit/?id=bd2abee5f0a9b5cbe3a1ab1f338c4fb8f6ca797b
CVE-2018-5344 (In the Linux kernel through 4.14.13, drivers/block/loop.c
mishandles ...)
- - linux <unfixed>
+ - linux 4.14.17-1
[jessie] - linux <not-affected> (Vulnerability introduced later)
[wheezy] - linux <not-affected> (Vulnerability introduced later)
NOTE: Fixed by:
https://git.kernel.org/linus/ae6650163c66a7eff1acd6eb8b0f752dcfa8eba5
@@ -4624,10 +4624,10 @@ CVE-2018-5334 (In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to
2.2.11, the IxVeriWave f
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14297
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=dc308c05ba0673460fe80873b22d296880ee996d
CVE-2018-5333 (In the Linux kernel through 4.14.13, the rds_cmsg_atomic
function in ...)
- - linux <unfixed>
+ - linux 4.14.17-1
NOTE: Fixed by:
https://git.kernel.org/linus/7d11f77f84b27cef452cee332f4e469503084737
CVE-2018-5332 (In the Linux kernel through 4.14.13, the
rds_message_alloc_sgs() ...)
- - linux <unfixed>
+ - linux 4.14.17-1
NOTE: Fixed by:
https://git.kernel.org/linus/c095508770aebf1b9218e77026e48345d719b17c
CVE-2017-1000441
REJECTED
@@ -4729,7 +4729,7 @@ CVE-2017-18024 (AvantFAX 3.3.3 has XSS via an arbitrary
parameter name to the de
CVE-2017-18023 (Office Tracker 11.2.5 has XSS via the logincount parameter to
the ...)
NOT-FOR-US: Office Tracker
CVE-2018-1000028 (Linux kernel version after commit bdcf0a423ea1 - 4.15-rc4+,
4.14.8+, ...)
- - linux <unfixed>
+ - linux 4.14.17-1
[stretch] - linux <not-affected> (Vulnerable code introduced later)
[jessie] - linux <not-affected> (Vulnerable code introduced later)
[wheezy] - linux <not-affected> (Vulnerable code introduced later)
@@ -30024,7 +30024,7 @@ CVE-2017-13218 (Access to CNTVCT_EL0 could be used for
side channel attacks. Thi
CVE-2017-13217 (In DisplayFtmItem in the bootloader, there is an out-of-bounds
write ...)
TODO: check
CVE-2017-13216 (In ashmem_ioctl of ashmem.c, there is an out-of-bounds write
due to ...)
- - linux <unfixed> (unimportant)
+ - linux 4.14.17-1 (unimportant)
[wheezy] - linux <not-affected> (Vulnerable code not present)
NOTE: Fixed by:
https://git.kernel.org/linus/443064cb0b1fb4569fe0a71209da7625129f
CVE-2017-13215 (A elevation of privilege vulnerability in the Upstream kernel
...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ae77452949518e75ce1247e561288db5204e5f28
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ae77452949518e75ce1247e561288db5204e5f28
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
