diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2019-05-06 13:37:51 +0200 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2019-05-06 13:37:51 +0200 |
commit | 128b5963cab06af4f5a7bd898d9b259b418a07ca (patch) | |
tree | 741d1e5defb19528ec98085eaf0447b32e34d2c9 | |
parent | 0e694f820ccfde605da3f3dce51bd15e79d93cbc (diff) |
Sync fixed version for some CVEs for src:linux with kernel-sec
-rw-r--r-- | data/CVE/list | 26 |
1 files changed, 13 insertions, 13 deletions
diff --git a/data/CVE/list b/data/CVE/list index 5d39ccf24c..753766da1f 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -393,7 +393,7 @@ CVE-2019-11627 (gpg-key2ps in signing-party 1.1.x and 2.x before 2.10-1 contains [stretch] - signing-party <no-dsa> (Will be fixed via point release) NOTE: https://salsa.debian.org/signing-party-team/signing-party/commit/cd69b6c0426a6160ef3de03fce9c7f112166d5a8 CVE-2019-11599 (The coredump implementation in the Linux kernel before 5.0.10 does not ...) - - linux <unfixed> + - linux 4.19.37-1 NOTE: https://marc.info/?l=linux-mm&m=155355419911404&w=2 NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1790 CVE-2019-11598 (In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-read in ...) @@ -671,11 +671,11 @@ CVE-2019-11489 (Incorrect Access Control in the Administrative Management Interf CVE-2019-11488 (Incorrect Access Control in the Account Access / Password Reset Link i ...) NOT-FOR-US: SimplyBook.me Enterprise CVE-2019-11487 (The Linux kernel before 5.1-rc5 allows page->_refcount reference co ...) - - linux <unfixed> + - linux 4.19.37-1 NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1752 NOTE: https://lwn.net/Articles/786044/ CVE-2019-11486 (The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in t ...) - - linux <unfixed> + - linux 4.19.37-1 NOTE: https://git.kernel.org/linus/c7084edc3f6d67750f50d4183134c4fb5712a5c8 NOTE: Upstream commits marks driver as BROKEN and can be considered fixed starting NOTE: from versions including this commit (or backport) or versions which disable @@ -3914,7 +3914,7 @@ CVE-2019-10126 CVE-2017-18364 (phpFK lite has XSS via the faq.php, members.php, or search.php query s ...) NOT-FOR-US: phpFK CVE-2019-10125 (An issue was discovered in aio_poll() in fs/aio.c in the Linux kernel ...) - - linux <unfixed> + - linux 4.19.37-1 [stretch] - linux <not-affected> (Vulnerable code introduced later) [jessie] - linux <not-affected> (Vulnerable code introduced later) NOTE: https://patchwork.kernel.org/patch/10828359/ @@ -5258,7 +5258,7 @@ CVE-2019-9848 CVE-2019-9847 RESERVED CVE-2019-9857 (In the Linux kernel through 5.0.2, the function inotify_update_existin ...) - - linux <unfixed> + - linux 4.19.37-1 [stretch] - linux <not-affected> (Vulnerable code not present) [jessie] - linux <not-affected> (Vulnerable code not present) NOTE: https://git.kernel.org/linus/62c9d2674b31d4c8a674bee86b7edc6da2803aea @@ -19474,7 +19474,7 @@ CVE-2019-3889 CVE-2019-3888 RESERVED CVE-2019-3887 (A flaw was found in the way KVM hypervisor handled x2APIC Machine Spec ...) - - linux <unfixed> + - linux 4.19.37-1 [stretch] - linux <not-affected> (Vulnerability introduced later) [jessie] - linux <not-affected> (Vulnerability introduced later) NOTE: Fixed by: https://git.kernel.org/linus/acff78477b9b4f26ecdf65733a4ed77fe837e9dc @@ -19509,7 +19509,7 @@ CVE-2019-3883 (In 389-ds-base up to version 1.4.1.2, requests are handled by wor NOTE: https://pagure.io/389-ds-base/c/fcf2b5ddb (389-ds-base-1.4.0) NOTE: https://pagure.io/389-ds-base/c/dd4b69b55 (389-ds-base-1.3.9) CVE-2019-3882 (A flaw was found in the Linux kernel's vfio interface implementation t ...) - - linux <unfixed> + - linux 4.19.37-1 NOTE: https://www.openwall.com/lists/oss-security/2019/04/03/1 NOTE: https://lore.kernel.org/lkml/155414977872.12780.13728555131525362206.stgit@gimli.home/T/#u NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1689426 @@ -20677,13 +20677,13 @@ CVE-2019-3461 (Debian tmpreaper version 1.6.13+nmu1 has a race condition when do - tmpreaper 1.6.14 (bug #918956) CVE-2019-3460 (A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_ ...) {DLA-1771-1} - - linux <unfixed> + - linux 4.19.37-1 [stretch] - linux 4.9.168-1 NOTE: https://lore.kernel.org/linux-bluetooth/20190110062917.GB15047@kroah.com/ NOTE: https://git.kernel.org/linus/af3d5d1c87664a4f150fcf3534c6567cb19909b0 CVE-2019-3459 (A heap address information leak while using L2CAP_GET_CONF_OPT was dis ...) {DLA-1771-1} - - linux <unfixed> + - linux 4.19.37-1 [stretch] - linux 4.9.168-1 NOTE: https://lore.kernel.org/linux-bluetooth/20190110062833.GA15047@kroah.com/ NOTE: https://git.kernel.org/linus/7c9cbd0b5e38a1672fcd137894ace3b042dfbf69 @@ -47959,11 +47959,11 @@ CVE-2018-12932 (PlayEnhMetaFileRecord in enhmetafile.c in Wine 3.7 allows attack NOTE: https://source.winehq.org/git/wine.git/commit/8d2676fd14f130f9e8f06744743423168bf8d18d NOTE: https://source.winehq.org/git/wine.git/commit/b6da3547d8990c3c3affc3a5865aefd2a0946949 CVE-2018-12931 (ntfs_attr_find in the ntfs.ko filesystem driver in the Linux kernel 4. ...) - - linux <unfixed> + - linux 4.19.37-1 CVE-2018-12930 (ntfs_end_buffer_async_read in the ntfs.ko filesystem driver in the Lin ...) - - linux <unfixed> + - linux 4.19.37-1 CVE-2018-12929 (ntfs_read_locked_inode in the ntfs.ko filesystem driver in the Linux k ...) - - linux <unfixed> + - linux 4.19.37-1 CVE-2018-12928 (In the Linux kernel 4.15.0, a NULL pointer dereference was discovered ...) - linux <unfixed> (low) [buster] - linux <ignored> (Minor issue) @@ -165535,7 +165535,7 @@ CVE-2015-8554 (Buffer overflow in hw/pt-msi.c in Xen 4.6.x and earlier, when usi [squeeze] - xen <end-of-life> (Unsupported in Squeeze LTS) NOTE: http://xenbits.xen.org/xsa/advisory-164.html CVE-2015-8553 (Xen allows guest OS users to obtain sensitive information from uniniti ...) - - linux <unfixed> + - linux 4.19.37-1 [stretch] - linux <ignored> (Intrusive; breaks qemu as used in Jessie; cf. kernel-sec for more details) [jessie] - linux <ignored> (Intrusive; breaks qemu as used in Jessie; cf. kernel-sec for more details) [wheezy] - linux <ignored> (Intrusive; breaks qemu as used in Wheezy; cf. kernel-sec for more details) |