From b01a6d60883db75ae55e73ee3f5e9e278fc7c79e Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Fri, 8 May 2020 14:22:08 +0200 Subject: Merge linux updates for buster 10.4 --- data/CVE/list | 17 +++++++++++++++++ data/next-point-update.txt | 34 ---------------------------------- 2 files changed, 17 insertions(+), 34 deletions(-) diff --git a/data/CVE/list b/data/CVE/list index 0855e9a59b..54dbe231c9 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -174,11 +174,13 @@ CVE-2020-12660 RESERVED CVE-2020-12659 (An issue was discovered in the Linux kernel before 5.6.7. xdp_umem_reg ...) - linux 5.6.7-1 + [buster] - linux 4.19.118-1 NOTE: https://git.kernel.org/linus/99e3a236dd43d06c65af0a2ef9cb44306aef6e02 (5.7-rc2) CVE-2020-12658 RESERVED CVE-2020-12657 (An issue was discovered in the Linux kernel before 5.6.5. There is a u ...) - linux 5.6.7-1 + [buster] - linux 4.19.118-1 NOTE: https://git.kernel.org/linus/2f95fa5c955d0a9987ffdc3a095e2f4e62c5f2a9 (5.7-rc1) CVE-2020-12656 (gss_mech_free in net/sunrpc/auth_gss/gss_mech_switch.c in the rpcsec_g ...) - linux @@ -189,9 +191,11 @@ CVE-2020-12655 (An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_a NOTE: https://git.kernel.org/linus/d0c7feaf87678371c2c09b3709400be416b2dc62 (5.7-rc1) CVE-2020-12654 (An issue was found in Linux kernel before 5.5.4. mwifiex_ret_wmm_get_s ...) - linux 5.5.13-1 + [buster] - linux 4.19.118-1 NOTE: https://git.kernel.org/linus/3a9b153c5591548612c3955c9600a98150c81875 (5.6-rc1) CVE-2020-12653 (An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_appen ...) - linux 5.5.13-1 + [buster] - linux 4.19.118-1 NOTE: https://git.kernel.org/linus/b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d (5.6-rc1) CVE-2020-12652 (The __mptctl_ioctl function in drivers/message/fusion/mptctl.c in the ...) - linux 5.4.19-1 @@ -593,6 +597,7 @@ CVE-2020-12466 RESERVED CVE-2020-12465 (An array overflow was discovered in mt76_add_fragment in drivers/net/w ...) - linux 5.5.13-1 + [buster] - linux 4.19.118-1 NOTE: https://git.kernel.org/linus/b102f0c522cf668c8382c56a4f771b37d011cda2 (5.6-rc6) CVE-2020-12464 (usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before ...) - linux @@ -3390,12 +3395,14 @@ CVE-2020-11670 RESERVED CVE-2020-11669 (An issue was discovered in the Linux kernel before 5.2 on the powerpc ...) - linux 5.2.6-1 + [buster] - linux 4.19.118-1 [stretch] - linux (Vulnerability introduced later with support for KVM guests on POWER9) [jessie] - linux (Vulnerability introduced later with support for KVM guests on POWER9) NOTE: https://git.kernel.org/linus/53a712bae5dd919521a58d7bad773b949358add0 NOTE: https://www.openwall.com/lists/oss-security/2020/04/15/1 CVE-2020-11668 (In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit. ...) - linux 5.5.17-1 + [buster] - linux 4.19.118-1 NOTE: https://git.kernel.org/linus/a246b4d547708f33ff4d4b9a7a5dbac741dc89d8 CVE-2020-11667 RESERVED @@ -3572,9 +3579,11 @@ CVE-2020-11610 (An issue was discovered in xdLocalStorage through 2.0.5. The pos NOT-FOR-US: xdLocalStorage CVE-2020-11609 (An issue was discovered in the stv06xx subsystem in the Linux kernel b ...) - linux 5.5.17-1 + [buster] - linux 4.19.118-1 NOTE: https://git.kernel.org/linus/485b06aadb933190f4bc44e006076bc27a23f205 CVE-2020-11608 (An issue was discovered in the Linux kernel before 5.6.1. drivers/medi ...) - linux 5.5.17-1 + [buster] - linux 4.19.118-1 NOTE: https://git.kernel.org/linus/998912346c0da53a6dbb71fab3a138586b596b30 CVE-2020-11607 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices @@ -4101,6 +4110,7 @@ CVE-2020-11495 REJECTED CVE-2020-11494 (An issue was discovered in slc_bump in drivers/net/can/slcan.c in the ...) - linux 5.5.17-1 + [buster] - linux 4.19.118-1 NOTE: https://lore.kernel.org/netdev/20200401100639.20199-1-rpalethorpe@suse.com/ CVE-2020-11493 RESERVED @@ -9258,6 +9268,7 @@ CVE-2020-9384 (** DISPUTED ** An Insecure Direct Object Reference (IDOR) vulnera NOT-FOR-US: Subex CVE-2020-9383 (An issue was discovered in the Linux kernel through 5.5.6. set_fdc in ...) - linux 5.5.13-1 + [buster] - linux 4.19.118-1 NOTE: https://git.kernel.org/linus/2e90ca68b0d2f5548804f22f0dd61145516171e3 CVE-2020-9382 (An issue was discovered in the Widgets extension through 1.4.0 for Med ...) NOT-FOR-US: Widgets extension for MediaWiki @@ -10203,6 +10214,7 @@ CVE-2020-8993 RESERVED CVE-2020-8992 (ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux k ...) - linux 5.5.13-1 + [buster] - linux 4.19.118-1 [stretch] - linux (Vulnerable code not present) [jessie] - linux (Vulnerable code not present) NOTE: https://patchwork.ozlabs.org/patch/1236118/ @@ -11011,12 +11023,15 @@ CVE-2019-20447 (Jobberbase 2.0 has SQL injection via the PATH_INFO to the jobs-i NOT-FOR-US: Jobberbase CMS CVE-2020-8649 (There is a use-after-free vulnerability in the Linux kernel through 5. ...) - linux 5.5.13-1 + [buster] - linux 4.19.118-1 NOTE: https://git.kernel.org/linus/513dc792d6060d5ef572e43852683097a8420f56 CVE-2020-8648 (There is a use-after-free vulnerability in the Linux kernel through 5. ...) - linux 5.5.13-1 + [buster] - linux 4.19.118-1 NOTE: https://git.kernel.org/linus/07e6124a1a46b4b5a9b3cacc0c306b50da87abf5 CVE-2020-8647 (There is a use-after-free vulnerability in the Linux kernel through 5. ...) - linux 5.5.13-1 + [buster] - linux 4.19.118-1 NOTE: https://git.kernel.org/linus/513dc792d6060d5ef572e43852683097a8420f56 CVE-2020-8640 RESERVED @@ -30212,6 +30227,7 @@ CVE-2019-19047 (A memory leak in the mlx5_fw_fatal_reporter_dump() function in d NOTE: https://git.kernel.org/linus/c7ed6d0183d5ea9bc31bcaeeba4070bd62546471 CVE-2019-19046 (** DISPUTED ** A memory leak in the __ipmi_bmc_register() function in ...) - linux 5.4.19-1 (unimportant) + [buster] - linux 4.19.118-1 NOTE: Only a memory leak on the probe path CVE-2019-19045 (A memory leak in the mlx5_fpga_conn_create_cq() function in drivers/ne ...) - linux 5.3.15-1 @@ -35771,6 +35787,7 @@ CVE-2020-0010 (In fpc_ta_get_build_info of fpc_ta_kpi.c, there is a possible out NOT-FOR-US: FPC components for Android CVE-2020-0009 (In calc_vm_may_flags of ashmem.c, there is a possible arbitrary write ...) - linux 5.5.13-1 + [buster] - linux 4.19.118-1 [jessie] - linux (Driver is not enabled or supported) NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1949 CVE-2020-0008 (In LowEnergyClient::MtuChangedCallback of low_energy_client.cc, there ...) diff --git a/data/next-point-update.txt b/data/next-point-update.txt index 343c455912..c0e8d89547 100644 --- a/data/next-point-update.txt +++ b/data/next-point-update.txt @@ -72,40 +72,6 @@ CVE-2019-8842 [buster] - cups 2.2.10-6+deb10u3 CVE-2020-1730 [buster] - libssh 0.8.7-1+deb10u1 -CVE-2020-0009 - [buster] - linux 4.19.118-1 -CVE-2020-11494 - [buster] - linux 4.19.118-1 -CVE-2020-11608 - [buster] - linux 4.19.118-1 -CVE-2020-11609 - [buster] - linux 4.19.118-1 -CVE-2020-11668 - [buster] - linux 4.19.118-1 -CVE-2020-11669 - [buster] - linux 4.19.118-1 -CVE-2020-12465 - [buster] - linux 4.19.118-1 -CVE-2020-12653 - [buster] - linux 4.19.118-1 -CVE-2020-12654 - [buster] - linux 4.19.118-1 -CVE-2020-12657 - [buster] - linux 4.19.118-1 -CVE-2020-12659 - [buster] - linux 4.19.118-1 -CVE-2020-8647 - [buster] - linux 4.19.118-1 -CVE-2020-8648 - [buster] - linux 4.19.118-1 -CVE-2020-8649 - [buster] - linux 4.19.118-1 -CVE-2020-8992 - [buster] - linux 4.19.118-1 -CVE-2020-9383 - [buster] - linux 4.19.118-1 -CVE-2019-19046 - [buster] - linux 4.19.118-1 CVE-2020-7610 [buster] - node-mongodb 3.1.13+~3.1.11-2+deb10u1 CVE-2019-2391 -- cgit v1.2.3