diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2021-12-18 09:41:01 +0100 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2021-12-18 09:41:01 +0100 |
commit | e8bb92f535453a83e58b68c0ff6536e500b9d831 (patch) | |
tree | 24b2c4cbf826862ce56d2b74f844951866a745f5 | |
parent | a2f03ddb45e26dc56fbac4aaf1977d172aa6ac06 (diff) |
Merge in changes for linux in 11.2 bullseye point release
-rw-r--r-- | data/CVE/list | 17 | ||||
-rw-r--r-- | data/next-point-update.txt | 34 |
2 files changed, 17 insertions, 34 deletions
diff --git a/data/CVE/list b/data/CVE/list index d28d1e17e4..dca17d4410 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1216,6 +1216,7 @@ CVE-2021-4084 (pimcore is vulnerable to Improper Neutralization of Input During CVE-2021-4083 RESERVED - linux <unfixed> + [bullseye] - linux 5.10.84-1 NOTE: https://git.kernel.org/linus/054aa8d439b9185d4f5eb9a90282d1ce74772969 (5.16-rc4) CVE-2021-4082 (pimcore is vulnerable to Cross-Site Request Forgery (CSRF) ...) NOT-FOR-US: Pimcore @@ -2968,6 +2969,7 @@ CVE-2021-4003 CVE-2021-4002 [hugetlbfs: flush TLBs correctly after huge_pmd_unshare] RESERVED - linux 5.15.5-1 + [bullseye] - linux 5.10.84-1 NOTE: https://www.openwall.com/lists/oss-security/2021/11/25/1 NOTE: https://git.kernel.org/linus/a4a118f2eead1d6c49e00765de89878288d4b890 CVE-2021-44143 (A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unc ...) @@ -3105,6 +3107,7 @@ CVE-2021-44080 CVE-2021-4001 [race condition when the EBPF map is frozen] RESERVED - linux 5.15.5-1 + [bullseye] - linux 5.10.84-1 [buster] - linux <not-affected> (Vulnerable code introduced later) [stretch] - linux <not-affected> (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/353050be4c19e102178ccc05988101887c25ae53 @@ -3402,6 +3405,7 @@ CVE-2021-43976 (In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/ NOTE: https://patchwork.kernel.org/project/linux-wireless/patch/YX4CqjfRcTa6bVL+@Zekuns-MBP-16.fios-router.home/ CVE-2021-43975 (In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in driver ...) - linux <unfixed> + [bullseye] - linux 5.10.84-1 NOTE: https://lore.kernel.org/netdev/163698540868.13805.17800408021782408762.git-patchwork-notify@kernel.org/T/ CVE-2021-43974 RESERVED @@ -5918,6 +5922,7 @@ CVE-2021-43390 (An Out-of-Bounds Write vulnerability exists when reading a DGN f CVE-2021-43389 (An issue was discovered in the Linux kernel before 5.14.15. There is a ...) {DLA-2843-1} - linux 5.14.16-1 + [bullseye] - linux 5.10.84-1 NOTE: https://www.openwall.com/lists/oss-security/2021/10/19/1 NOTE: https://git.kernel.org/linus/1f3e2e97c003f80c4b087092b225c8787ff91e4d CVE-2021-43388 (Unisys Cargo Mobile Application before 1.2.29 uses cleartext to store ...) @@ -6228,6 +6233,7 @@ CVE-2021-3922 RESERVED CVE-2021-43267 (An issue was discovered in net/tipc/crypto.c in the Linux kernel befor ...) - linux 5.14.16-1 + [bullseye] - linux 5.10.84-1 [buster] - linux <not-affected> (Vulnerable code introduced later) [stretch] - linux <not-affected> (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/fa40d9734a57bcbfa79a280189799f76c88f7bb0 (5.15) @@ -7714,6 +7720,7 @@ CVE-2021-43046 (The Interior Server and Gateway Server components of TIBCO Softw NOT-FOR-US: TIBCO CVE-2021-43056 (An issue was discovered in the Linux kernel for powerpc before 5.14.15 ...) - linux 5.14.16-1 + [bullseye] - linux 5.10.84-1 [buster] - linux <not-affected> (Vulnerable code introduced later) [stretch] - linux <not-affected> (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/cdeb5d7d890e14f3b70e8087e745c4a6a7d9f337 (5.15-rc6) @@ -8455,6 +8462,7 @@ CVE-2021-42740 (The shell-quote package before 1.7.3 for Node.js allows command CVE-2021-42739 (The firewire subsystem in the Linux kernel through 5.14.13 has a buffe ...) {DLA-2843-1} - linux 5.14.16-1 + [bullseye] - linux 5.10.84-1 NOTE: https://seclists.org/oss-sec/2021/q2/46 NOTE: https://lore.kernel.org/linux-media/YHaulytonFcW+lyZ@mwanda/ CVE-2021-42738 (Adobe Prelude version 10.1 (and earlier) is affected by a memory corru ...) @@ -10633,6 +10641,7 @@ CVE-2021-42328 RESERVED CVE-2021-42327 (dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu ...) - linux 5.14.16-1 + [bullseye] - linux 5.10.84-1 [buster] - linux <not-affected> (Vulnerability introduced later) [stretch] - linux <not-affected> (Vulnerability introduced later) NOTE: https://lists.freedesktop.org/archives/amd-gfx/2021-October/070170.html @@ -11737,6 +11746,7 @@ CVE-2021-41865 (HashiCorp Nomad and Nomad Enterprise 1.1.1 through 1.1.5 allowed CVE-2021-41864 (prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kern ...) {DLA-2843-1} - linux 5.14.12-1 + [bullseye] - linux 5.10.84-1 NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=30e29a9a2bc6a4888335a6ede968b75cd329657a CVE-2021-41863 RESERVED @@ -14961,6 +14971,7 @@ CVE-2021-3773 CVE-2021-3772 [Invalid chunks may be used to remotely remove existing associations] RESERVED - linux 5.14.16-1 + [bullseye] - linux 5.10.84-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2000694 CVE-2021-3771 RESERVED @@ -15163,6 +15174,7 @@ CVE-2021-40440 (Microsoft Dynamics Business Central Cross-site Scripting Vulnera CVE-2021-3764 [DoS in ccp_run_aes_gcm_cmd() function] RESERVED - linux 5.14.12-1 + [bullseye] - linux 5.10.84-1 [stretch] - linux <not-affected> (Vulnerability introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1997467 NOTE: https://git.kernel.org/linus/505d9dcb0f7ddf9d075e729523a33d38642ae680 (5.15-rc4) @@ -15376,6 +15388,7 @@ CVE-2021-3760 RESERVED {DLA-2843-1} - linux 5.14.16-1 (unimportant) + [bullseye] - linux 5.10.84-1 NOTE: https://www.openwall.com/lists/oss-security/2021/10/26/2 NOTE: https://git.kernel.org/linus/1b1499a817c90fd1ce9453a2c98d2a01cca0e775 (5.15-rc6) NOTE: CONFIG_NFC_NCI is not set in Debian @@ -15862,6 +15875,7 @@ CVE-2021-3745 (flatcore-cms is vulnerable to Unrestricted Upload of File with Da CVE-2021-3744 [crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()] RESERVED - linux 5.14.12-1 + [bullseye] - linux 5.10.84-1 [stretch] - linux <not-affected> (Vulnerability introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2000627 NOTE: https://git.kernel.org/linus/505d9dcb0f7ddf9d075e729523a33d38642ae680 (5.15-rc4) @@ -25051,6 +25065,7 @@ CVE-2021-36351 (SQL Injection Vulnerability in Care2x Open Source Hospital Infor CVE-2021-3640 [Linux kernel: UAF in sco_send_frame function] RESERVED - linux 5.15.3-1 + [bullseye] - linux 5.10.84-1 NOTE: https://www.openwall.com/lists/oss-security/2021/07/22/1 CVE-2021-3639 [Prevent redirect to URLs that begin with '///'] RESERVED @@ -65961,6 +65976,7 @@ CVE-2021-20321 RESERVED {DLA-2843-1} - linux 5.14.12-1 + [bullseye] - linux 5.10.84-1 NOTE: https://git.kernel.org/linus/a295aef603e109a47af355477326bd41151765b6 (5.15-rc5) CVE-2021-20320 RESERVED @@ -77436,6 +77452,7 @@ CVE-2020-27821 (A flaw was found in the memory management API of QEMU during the NOTE: Introduced by: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=48564041a73adbbff52834f9edbe3806fceefab7 (v3.0) CVE-2020-27820 (A vulnerability was found in Linux kernel, where a use-after-frees in ...) - linux 5.15.5-1 (unimportant) + [bullseye] - linux 5.10.84-1 NOTE: No security impact, requires physical access to the computer CVE-2020-27819 (An issue was discovered in libxls before and including 1.6.1 when read ...) - r-cran-readxl <not-affected> (Embeds libxls, but not affected) diff --git a/data/next-point-update.txt b/data/next-point-update.txt index 7d145b7ba6..955fe23410 100644 --- a/data/next-point-update.txt +++ b/data/next-point-update.txt @@ -62,40 +62,6 @@ CVE-2021-23445 [bullseye] - datatables.js 1.10.21+dfsg-2+deb11u1 CVE-2021-40391 [bullseye] - gerbv 2.7.0-2+deb11u1 -CVE-2020-27820 - [bullseye] - linux 5.10.84-1 -CVE-2021-20321 - [bullseye] - linux 5.10.84-1 -CVE-2021-3640 - [bullseye] - linux 5.10.84-1 -CVE-2021-3744 - [bullseye] - linux 5.10.84-1 -CVE-2021-3760 - [bullseye] - linux 5.10.84-1 -CVE-2021-3764 - [bullseye] - linux 5.10.84-1 -CVE-2021-3772 - [bullseye] - linux 5.10.84-1 -CVE-2021-4001 - [bullseye] - linux 5.10.84-1 -CVE-2021-4002 - [bullseye] - linux 5.10.84-1 -CVE-2021-4083 - [bullseye] - linux 5.10.84-1 -CVE-2021-41864 - [bullseye] - linux 5.10.84-1 -CVE-2021-42327 - [bullseye] - linux 5.10.84-1 -CVE-2021-42739 - [bullseye] - linux 5.10.84-1 -CVE-2021-43056 - [bullseye] - linux 5.10.84-1 -CVE-2021-43267 - [bullseye] - linux 5.10.84-1 -CVE-2021-43389 - [bullseye] - linux 5.10.84-1 -CVE-2021-43975 - [bullseye] - linux 5.10.84-1 CVE-2021-44543 [bullseye] - privoxy 3.0.32-2+deb11u1 CVE-2021-44542 |