diff options
author | Emilio Pozuelo Monfort <pochu@debian.org> | 2020-07-06 13:44:33 +0200 |
---|---|---|
committer | Emilio Pozuelo Monfort <pochu@debian.org> | 2020-07-06 13:44:33 +0200 |
commit | 704ca3d0ac3bf77271d1af3e1c3c7d81e3697114 (patch) | |
tree | b00737ba9b1f74641b39e8a9e50506dc96248d63 /data/CVE | |
parent | 24b57440e764eba20d504b1e802a0fad1542c204 (diff) |
fix linux-4.9 entries
Most of these are already fixed in jessie, so having a jessie
entry with unfixed is wrong. Rather than marking it as fixed,
add the generic entry as removed and let the cross-reference do
its job.
Diffstat (limited to 'data/CVE')
-rw-r--r-- | data/CVE/list | 26 |
1 files changed, 13 insertions, 13 deletions
diff --git a/data/CVE/list b/data/CVE/list index b707259dbc..ad68a2680c 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -113653,7 +113653,7 @@ CVE-2018-13099 (An issue was discovered in fs/f2fs/inline.c in the Linux kernel {DSA-4308-1 DLA-1531-1} - linux 4.18.10-1 [jessie] - linux <ignored> (Hard to backport and low priority outside of Android) - [jessie] - linux-4.9 <unfixed> + - linux-4.9 <removed> NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200179 NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=cc60e90f9bfab8d6a7fb826937e824333c3bf94a NOTE: https://sourceforge.net/p/linux-f2fs/mailman/message/36356878/ @@ -113675,7 +113675,7 @@ CVE-2018-13096 (An issue was discovered in fs/f2fs/super.c in the Linux kernel t - linux 4.19.9-1 [stretch] - linux 4.9.144-1 [jessie] - linux <ignored> (Hard to backport and low priority outside of Android) - [jessie] - linux-4.9 <unfixed> + - linux-4.9 <removed> NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200167 NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=e335cc683fd13882b9152937b06ff3c16c28aa34 CVE-2018-13095 (An issue was discovered in fs/xfs/libxfs/xfs_inode_buf.c in the Linux ...) @@ -113687,7 +113687,7 @@ CVE-2018-13094 (An issue was discovered in fs/xfs/libxfs/xfs_attr_leaf.c in the {DLA-2114-1 DLA-1529-1} - linux 4.17.14-1 [stretch] - linux 4.9.210-1 - [jessie] - linux-4.9 <unfixed> + - linux-4.9 <removed> NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199969 NOTE: https://git.kernel.org/pub/scm/fs/xfs/xfs-linux.git/commit/?h=for-next&id=bb3d48dcf86a97dc25fe9fc2c11938e19cb4399a CVE-2018-13093 (An issue was discovered in fs/xfs/xfs_icache.c in the Linux kernel thr ...) @@ -113780,7 +113780,7 @@ CVE-2018-13053 (The alarm_timer_nsleep function in kernel/time/alarmtimer.c in t {DLA-1731-1 DLA-1715-1} - linux 4.18.20-1 [stretch] - linux 4.9.135-1 - [jessie] - linux-4.9 <unfixed> + - linux-4.9 <removed> NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200303 NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=5f936e19cc0ef97dbe3a56e9498922ad5ba1edef CVE-2018-13052 (In CyberArk Endpoint Privilege Manager (formerly Viewfinity), Privileg ...) @@ -114087,7 +114087,7 @@ CVE-2018-12928 (In the Linux kernel 4.15.0, a NULL pointer dereference was disco - linux <unfixed> (low) [buster] - linux <ignored> (Minor issue) [stretch] - linux <ignored> (Minor issue) - [jessie] - linux-4.9 <unfixed> + - linux-4.9 <removed> NOTE: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763384 NOTE: https://marc.info/?l=linux-fsdevel&m=152407263325766&w=2 CVE-2018-12927 (Northern Electric & Power (NEP) inverter devices allow remote atta ...) @@ -120778,7 +120778,7 @@ CVE-2018-10682 (** DISPUTED ** An issue was discovered in WildFly 10.1.2.Final. - wildfly <itp> (bug #752018) CVE-2016-10723 (** DISPUTED ** An issue was discovered in the Linux kernel through 4.1 ...) - linux <unfixed> - [jessie] - linux-4.9 <unfixed> + - linux-4.9 <removed> NOTE: https://patchwork.kernel.org/patch/10395909/ CVE-2016-10722 (partclone.fat in Partclone before 0.2.88 is prone to a heap-based buff ...) - partclone 0.2.88-1 @@ -121676,7 +121676,7 @@ CVE-2018-10322 (The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c - linux 4.16.5-1 [jessie] - linux <ignored> (dinode verifier not implemented) [wheezy] - linux <ignored> (dinode verifier not implemented) - [jessie] - linux-4.9 <unfixed> + - linux-4.9 <removed> NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199377 CVE-2018-10321 (Frog CMS 0.9.5 has a stored Cross Site Scripting Vulnerability via "Ad ...) NOT-FOR-US: Frog CMS @@ -124968,7 +124968,7 @@ CVE-2017-18249 (The add_free_nid function in fs/f2fs/node.c in the Linux kernel [stretch] - linux 4.9.144-1 [jessie] - linux <ignored> (Hard to backport and low priority outside of Android) [wheezy] - linux <not-affected> (Vulnerable code not present) - [jessie] - linux-4.9 <unfixed> + - linux-4.9 <removed> NOTE: Fixed by: https://git.kernel.org/linus/30a61ddf8117c26ac5b295e1233eaa9629a94ca3 CVE-2017-18248 (The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when D-B ...) {DLA-1412-1 DLA-1387-1} @@ -125936,7 +125936,7 @@ CVE-2017-18232 (The Serial Attached SCSI (SAS) implementation in the Linux kerne [stretch] - linux <ignored> (Minor issue) [jessie] - linux <ignored> (Minor issue) [wheezy] - linux <not-affected> (Vulnerability introduced later) - [jessie] - linux-4.9 <unfixed> + - linux-4.9 <removed> NOTE: Fixed by: https://git.kernel.org/linus/0558f33c06bb910e2879e355192227a8e8f0219d CVE-2018-8717 (joyplus-cms 1.6.0 has CSRF, as demonstrated by adding an administrator ...) NOT-FOR-US: joyplus-cms @@ -128173,7 +128173,7 @@ CVE-2018-7756 (RunExeFile.exe in the installer for DEWESoft X3 SP1 (64-bit) devi CVE-2018-7755 (An issue was discovered in the fd_locked_ioctl function in drivers/blo ...) {DSA-4308-1 DLA-1531-1 DLA-1529-1} - linux 4.18.10-1 - [jessie] - linux-4.9 <unfixed> + - linux-4.9 <removed> NOTE: https://lkml.org/lkml/2018/5/29/495 CVE-2018-7754 (The aoedisk_debugfs_show function in drivers/block/aoe/aoeblk.c in the ...) - linux 4.15.4-1 @@ -129982,7 +129982,7 @@ CVE-2018-7273 (In the Linux kernel through 4.15.4, the floppy driver reveals the [stretch] - linux <ignored> (Minor issue) [jessie] - linux <ignored> (Minor issue) [wheezy] - linux <ignored> (Minor issue) - [jessie] - linux-4.9 <unfixed> + - linux-4.9 <removed> NOTE: https://lkml.org/lkml/2018/2/20/669 CVE-2018-7272 (The REST APIs in ForgeRock AM before 5.5.0 include SSOToken IDs as par ...) NOT-FOR-US: ForgeRock AM @@ -132755,7 +132755,7 @@ CVE-2018-1000026 (Linux Linux kernel version at least v4.8 onwards, probably wel - linux 4.16.5-1 [stretch] - linux 4.9.161-1 [jessie] - linux <ignored> (Minor issue, requires core networking changes) - [jessie] - linux-4.9 <unfixed> + - linux-4.9 <removed> NOTE: https://patchwork.ozlabs.org/patch/859410/ NOTE: http://lists.openwall.net/netdev/2018/01/16/40 NOTE: http://lists.openwall.net/netdev/2018/01/18/96 @@ -205270,7 +205270,7 @@ CVE-2016-8660 (The XFS subsystem in the Linux kernel through 4.8.2 allows local - linux <unfixed> (low) [jessie] - linux <not-affected> (Vulnerable code not present) [wheezy] - linux <not-affected> (Vulnerable code not present) - [jessie] - linux-4.9 <unfixed> (low) + - linux-4.9 <removed> (low) CVE-2016-8659 (Bubblewrap before 0.1.3 sets the PR_SET_DUMPABLE flag, which might all ...) - bubblewrap 0.1.2-2 (bug #840605) NOTE: https://github.com/projectatomic/bubblewrap/issues/107 |