diff options
| author | Ben Hutchings <ben@decadent.org.uk> | 2020-09-19 18:17:13 +0100 |
|---|---|---|
| committer | Ben Hutchings <ben@decadent.org.uk> | 2020-09-19 18:17:13 +0100 |
| commit | 21461667e199721065397f20a214fe41699231fe (patch) | |
| tree | c00bb004c802227015a020cb220be0d1c3295b9f | |
| parent | 069af49d754a0be9d2d7853196c300e090b35b36 (diff) | |
Fill in status for several issues
| -rw-r--r-- | active/CVE-2019-19036 | 7 | ||||
| -rw-r--r-- | active/CVE-2019-19770 | 6 | ||||
| -rw-r--r-- | active/CVE-2019-20908 | 6 | ||||
| -rw-r--r-- | active/CVE-2020-15780 | 8 | ||||
| -rw-r--r-- | active/CVE-2020-25211 | 12 | ||||
| -rw-r--r-- | active/CVE-2020-25284 | 6 |
6 files changed, 27 insertions, 18 deletions
diff --git a/active/CVE-2019-19036 b/active/CVE-2019-19036 index d5761cf0..e922a92c 100644 --- a/active/CVE-2019-19036 +++ b/active/CVE-2019-19036 @@ -9,12 +9,15 @@ Notes: carnil> futhermore backported to 5.3.4, 5.2.19 and 4.19.129, where the carnil> 5.3.4 fixing information would as well match what is available carnil> from the Red Hat bugzilla. + bwh> I think this affects 4.9 but the fix depends on commits going back + bwh> to at least 581c1760415c "btrfs: Validate child tree block's level + bwh> and first key". Bugs: upstream: released (5.4-rc1) [62fdaa52a3d00a875da771719b6dc537ca79fce1] 4.19-upstream-stable: released (4.19.129) [227af79e6cb0ee3faeb8c70be4bc0aec0b09ea25] -4.9-upstream-stable: +4.9-upstream-stable: needed 3.16-upstream-stable: ignored "EOL" sid: released (5.3.7-1) 4.19-buster-security: released (4.19.131-1) -4.9-stretch-security: +4.9-stretch-security: needed 3.16-jessie-security: ignored "EOL" diff --git a/active/CVE-2019-19770 b/active/CVE-2019-19770 index 1d6ebc3c..4a370346 100644 --- a/active/CVE-2019-19770 +++ b/active/CVE-2019-19770 @@ -6,13 +6,15 @@ References: https://lore.kernel.org/linux-block/20200402000002.7442-1-mcgrof@kernel.org/ Notes: bwh> Note that only root can access debugfs by default. + bwh> Introduced in 4.11-rc1 by commit 6ac93117ab00 "blktrace: use existing + bwh> disk debugfs directory". carnil> Commit landed in 5.7.16, 5.8.2 as well. Bugs: upstream: released (5.9-rc1) [bad8e64fb19d3a0de5e564d9a7271c31bd684369] 4.19-upstream-stable: needed -4.9-upstream-stable: +4.9-upstream-stable: N/A "Vulnerability introduced later" 3.16-upstream-stable: ignored "EOL" sid: released (5.7.17-1) 4.19-buster-security: needed -4.9-stretch-security: +4.9-stretch-security: N/A "Vulnerability introduced later" 3.16-jessie-security: ignored "EOL" diff --git a/active/CVE-2019-20908 b/active/CVE-2019-20908 index 76232731..50328011 100644 --- a/active/CVE-2019-20908 +++ b/active/CVE-2019-20908 @@ -6,8 +6,8 @@ References: Notes: Bugs: upstream: released (5.4-rc1) [1957a85b0032a81e6482ca4aab883643b8dae06e] -4.19-upstream-stable: -4.9-upstream-stable: +4.19-upstream-stable: N/A "lockdown not implemented" +4.9-upstream-stable: N/A "lockdown not implemented" sid: released (5.2.6-1) [features/all/lockdown/0032-efi-Restrict-efivar_ssdt_load-when-the-kernel-is-loc.patch] 4.19-buster-security: released (4.19.132-1) [features/all/lockdown/0032-efi-Restrict-efivar_ssdt_load-when-the-kernel-is-loc.patch] -4.9-stretch-security: +4.9-stretch-security: ignored "securelevel included but not supported" diff --git a/active/CVE-2020-15780 b/active/CVE-2020-15780 index 231b5a11..1921f66d 100644 --- a/active/CVE-2020-15780 +++ b/active/CVE-2020-15780 @@ -8,8 +8,8 @@ Notes: carnil> for the images built. Bugs: upstream: released (5.8-rc3) [75b0cea7bf307f362057cc778efe89af4c615354] -4.19-upstream-stable: -4.9-upstream-stable: +4.19-upstream-stable: N/A "lockdown not implemented" +4.9-upstream-stable: N/A "lockdown not implemented" sid: released (5.7.10-1) -4.19-buster-security: -4.9-stretch-security: +4.19-buster-security: needed +4.9-stretch-security: ignored "securelevel included but not supported" diff --git a/active/CVE-2020-25211 b/active/CVE-2020-25211 index b54c6b0c..240c659f 100644 --- a/active/CVE-2020-25211 +++ b/active/CVE-2020-25211 @@ -3,10 +3,12 @@ References: https://twitter.com/grsecurity/status/1303646421158109185 https://patchwork.ozlabs.org/project/netfilter-devel/patch/20200908150947.12623-2-pablo@netfilter.org/ Notes: + bwh> Introduced in 2.6.17 by commit c1d10adb4a52 "[NETFILTER]: Add + bwh> ctnetlink port for nf_conntrack". Bugs: upstream: pending [1cc5ef91d2ff94d2bf2de3b3585423e8a1051cb6] -4.19-upstream-stable: -4.9-upstream-stable: -sid: -4.19-buster-security: -4.9-stretch-security: +4.19-upstream-stable: needed +4.9-upstream-stable: needed +sid: needed +4.19-buster-security: needed +4.9-stretch-security: needed diff --git a/active/CVE-2020-25284 b/active/CVE-2020-25284 index c5c45bc5..2a939f58 100644 --- a/active/CVE-2020-25284 +++ b/active/CVE-2020-25284 @@ -3,10 +3,12 @@ References: https://twitter.com/grsecurity/status/1304537507560919041 Notes: carnil> Fixed as well in 5.8.10. + bwh> Introduced in 2.6.37 by commit 602adf400201 "rbd: introduce rados + bwh> block device (rbd), based on libceph". Bugs: upstream: released (5.9-rc5) [f44d04e696feaf13d192d942c4f14ad2e117065a] 4.19-upstream-stable: released (4.19.146) [0070f9906d7190d4c69e338403db4abfec81fe7f] -4.9-upstream-stable: +4.9-upstream-stable: needed sid: released (5.8.10-1) 4.19-buster-security: needed -4.9-stretch-security: +4.9-stretch-security: needed |