From ba1cccccc6ede50e6175c6777370b9e974600829 Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Sat, 26 Mar 2022 09:59:23 +0100 Subject: Pre-merge already linux changes for upcoming point releases --- data/CVE/list | 20 ++++++++++++++++++++ data/next-oldstable-point-update.txt | 18 ------------------ data/next-point-update.txt | 22 ---------------------- 3 files changed, 20 insertions(+), 40 deletions(-) diff --git a/data/CVE/list b/data/CVE/list index 5c3a57eb77..32257c249a 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1624,6 +1624,7 @@ CVE-2022-1012 RESERVED CVE-2022-1011 (A flaw use after free in the Linux kernel FUSE filesystem was found in ...) - linux + [bullseye] - linux 5.10.106-1 NOTE: https://git.kernel.org/linus/0c4bcfdecb1ac0967619ee7ff44871d93c08c909 (5.17-rc8) CVE-2022-1010 RESERVED @@ -1678,6 +1679,7 @@ CVE-2022-0996 (A vulnerability was found in the 389 Directory Server that allows TODO: check details CVE-2022-0995 (An out-of-bounds (OOB) memory write flaw was found in the Linux kernel ...) - linux + [bullseye] - linux 5.10.106-1 [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2063786 @@ -7913,6 +7915,8 @@ CVE-2022-24959 (An issue was discovered in the Linux kernel before 5.16.5. There NOTE: https://git.kernel.org/linus/29eb31542787e1019208a2e1047bb7c76c069536 (5.17-rc2) CVE-2022-24958 (drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 m ...) - linux 5.16.14-1 + [bullseye] - linux 5.10.106-1 + [buster] - linux 4.19.235-1 NOTE: Fixed by: https://git.kernel.org/linus/89f3594d0de58e8a57d92d497dea9fee3d4b9cda (5.17-rc1) NOTE: Fixed by: https://git.kernel.org/linus/501e38a5531efbd77d5c73c0ba838a889bfc1d74 (5.17-rc1) CVE-2022-24957 @@ -11105,6 +11109,8 @@ CVE-2022-23961 RESERVED CVE-2022-23960 (Certain Arm Cortex and Neoverse processors through 2022-03-08 do not p ...) - linux 5.16.14-1 + [bullseye] - linux 5.10.106-1 + [buster] - linux 4.19.235-1 NOTE: https://www.vusec.net/projects/bhi-spectre-bhb/ NOTE: https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/spectre-bhb NOTE: https://xenbits.xen.org/xsa/advisory-398.html @@ -14474,24 +14480,37 @@ CVE-2022-23043 (Zenario CMS 9.2 allows an authenticated admin user to bypass the NOT-FOR-US: Zenario CMS CVE-2022-23042 (Linux PV device frontends vulnerable to attacks by backends T[his CNA ...) - linux 5.16.14-1 + [bullseye] - linux 5.10.106-1 + [buster] - linux 4.19.235-1 NOTE: https://xenbits.xen.org/xsa/advisory-396.html CVE-2022-23041 (Linux PV device frontends vulnerable to attacks by backends T[his CNA ...) - linux 5.16.14-1 + [bullseye] - linux 5.10.106-1 + [buster] - linux 4.19.235-1 NOTE: https://xenbits.xen.org/xsa/advisory-396.html CVE-2022-23040 (Linux PV device frontends vulnerable to attacks by backends T[his CNA ...) - linux 5.16.14-1 + [bullseye] - linux 5.10.106-1 + [buster] - linux 4.19.235-1 NOTE: https://xenbits.xen.org/xsa/advisory-396.html CVE-2022-23039 (Linux PV device frontends vulnerable to attacks by backends T[his CNA ...) - linux 5.16.14-1 + [bullseye] - linux 5.10.106-1 + [buster] - linux 4.19.235-1 NOTE: https://xenbits.xen.org/xsa/advisory-396.html CVE-2022-23038 (Linux PV device frontends vulnerable to attacks by backends T[his CNA ...) - linux 5.16.14-1 + [bullseye] - linux 5.10.106-1 NOTE: https://xenbits.xen.org/xsa/advisory-396.html CVE-2022-23037 (Linux PV device frontends vulnerable to attacks by backends T[his CNA ...) - linux 5.16.14-1 + [bullseye] - linux 5.10.106-1 + [buster] - linux 4.19.235-1 NOTE: https://xenbits.xen.org/xsa/advisory-396.html CVE-2022-23036 (Linux PV device frontends vulnerable to attacks by backends T[his CNA ...) - linux 5.16.14-1 + [bullseye] - linux 5.10.106-1 + [buster] - linux 4.19.235-1 NOTE: https://xenbits.xen.org/xsa/advisory-396.html CVE-2022-23035 (Insufficient cleanup of passed-through device IRQs The management of I ...) - xen 4.16.0+51-g0941d6cb-1 @@ -19440,6 +19459,7 @@ CVE-2021-4150 (A use-after-free flaw was found in the add_partition in block/par NOTE: https://git.kernel.org/linus/9fbfabfda25d8774c5a08634fdd2da000a924890 (5.15-rc7) CVE-2021-4149 (A vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tre ...) - linux 5.14.16-1 + [buster] - linux 4.19.235-1 NOTE: https://git.kernel.org/linus/19ea40dddf1833db868533958ca066f368862211 (5.15-rc6) CVE-2021-4148 (A vulnerability was found in the Linux kernel's block_invalidatepage i ...) - linux 5.14.16-1 diff --git a/data/next-oldstable-point-update.txt b/data/next-oldstable-point-update.txt index 9d5b63cbe0..ef8f26d693 100644 --- a/data/next-oldstable-point-update.txt +++ b/data/next-oldstable-point-update.txt @@ -216,24 +216,6 @@ CVE-2021-40985 [buster] - htmldoc 1.9.3-1+deb10u3 CVE-2022-23308 [buster] - libxml2 2.9.4+dfsg1-7+deb10u3 -CVE-2021-4149 - [buster] - linux 4.19.235-1 -CVE-2022-23036 - [buster] - linux 4.19.235-1 -CVE-2022-23037 - [buster] - linux 4.19.235-1 -CVE-2022-23039 - [buster] - linux 4.19.235-1 -CVE-2022-23040 - [buster] - linux 4.19.235-1 -CVE-2022-23041 - [buster] - linux 4.19.235-1 -CVE-2022-23042 - [buster] - linux 4.19.235-1 -CVE-2022-23960 - [buster] - linux 4.19.235-1 -CVE-2022-24958 - [buster] - linux 4.19.235-1 CVE-2020-10001 [buster] - cups 2.2.10-6+deb10u5 CVE-2021-46709 diff --git a/data/next-point-update.txt b/data/next-point-update.txt index 62a70f1e48..c69984f44a 100644 --- a/data/next-point-update.txt +++ b/data/next-point-update.txt @@ -134,28 +134,6 @@ CVE-2022-25640 [bullseye] - wolfssl 4.6.0+p1-0+deb11u1 CVE-2022-23308 [bullseye] - libxml2 2.9.10+dfsg-6.7+deb11u1 -CVE-2022-0995 - [bullseye] - linux 5.10.106-1 -CVE-2022-1011 - [bullseye] - linux 5.10.106-1 -CVE-2022-23036 - [bullseye] - linux 5.10.106-1 -CVE-2022-23037 - [bullseye] - linux 5.10.106-1 -CVE-2022-23038 - [bullseye] - linux 5.10.106-1 -CVE-2022-23039 - [bullseye] - linux 5.10.106-1 -CVE-2022-23040 - [bullseye] - linux 5.10.106-1 -CVE-2022-23041 - [bullseye] - linux 5.10.106-1 -CVE-2022-23042 - [bullseye] - linux 5.10.106-1 -CVE-2022-23960 - [bullseye] - linux 5.10.106-1 -CVE-2022-24958 - [bullseye] - linux 5.10.106-1 CVE-2021-0561 [bullseye] - flac 1.3.3-2+deb11u1 CVE-2021-45005 -- cgit v1.2.3