From 036fce34447cfd2a01e96a579141d42cb0035900 Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Tue, 18 Jan 2022 22:40:51 +0100 Subject: Track fixed version for linux upload via unstable --- data/CVE/list | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) (limited to 'data/CVE/list') diff --git a/data/CVE/list b/data/CVE/list index bd4e10f414..0578a68b65 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -662,7 +662,7 @@ CVE-2022-0228 CVE-2021-46304 RESERVED CVE-2022-23222 (kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local ...) - - linux + - linux 5.15.15-1 [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2022/01/13/1 @@ -1090,7 +1090,7 @@ CVE-2022-0186 RESERVED CVE-2022-0185 [vfs: fs_context: fix up param length parsing in legacy_parse_param] RESERVED - - linux + - linux 5.15.15-1 [buster] - linux (Vulnerable code introduced later) [stretch] - linux (Vulnerable code introduced later) NOTE: Fixed by: https://git.kernel.org/linus/722d94847de29310e8aa03fcbdb41fc92c521756 @@ -3859,7 +3859,7 @@ CVE-2021-45985 RESERVED CVE-2021-4197 [cgroup: Use open-time creds and namespace for migration perm checks] RESERVED - - linux + - linux 5.15.15-1 NOTE: https://lore.kernel.org/lkml/20211209214707.805617-1-tj@kernel.org/T/ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2035652 CVE-2021-46144 (Roundcube before 1.4.13 and 1.5.x before 1.5.2 allows XSS via an HTML ...) @@ -5362,7 +5362,7 @@ CVE-2021-45482 (In WebKitGTK before 2.32.4, there is a use-after-free in WebCore CVE-2021-45481 (In WebKitGTK before 2.32.4, there is incorrect memory allocation in We ...) TODO: check, claimed to be different than CVE-2021-30889 CVE-2021-45480 (An issue was discovered in the Linux kernel before 5.15.11. There is a ...) - - linux + - linux 5.15.15-1 [stretch] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/5f9562ebe710c307adc5f666bf1a2162ee7977c0 CVE-2021-4167 @@ -5413,7 +5413,7 @@ CVE-2021-45470 (lib/DatabaseLayer.py in cve-search before 4.1.0 allows regular e CVE-2021-4161 (The affected products contain vulnerable firmware, which could allow a ...) NOT-FOR-US: Moxa CVE-2021-45469 (In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15 ...) - - linux + - linux 5.15.15-1 NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=215235 CVE-2021-45468 (Imperva Web Application Firewall (WAF) before 2021-12-23 allows remote ...) NOT-FOR-US: Imperva Web Application Firewall @@ -5469,7 +5469,7 @@ CVE-2021-4156 [heap out-of-bounds read in src/flac.c in flac_buffer_copy] NOTE: https://github.com/libsndfile/libsndfile/commit/ced91d7b971be6173b604154c39279ce90ad87cc (1.1.0beta1) CVE-2021-4155 RESERVED - - linux + - linux 5.15.15-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2034813 NOTE: https://git.kernel.org/linus/983d8e60f50806f90534cc5373d0ce867e5aaf79 (5.16) NOTE: https://www.openwall.com/lists/oss-security/2022/01/10/1 @@ -6947,7 +6947,7 @@ CVE-2021-4136 (vim is vulnerable to Heap-based Buffer Overflow ...) NOTE: Fixed by: https://github.com/vim/vim/commit/605ec91e5a7330d61be313637e495fa02a6dc264 (v8.2.3847) CVE-2021-4135 RESERVED - - linux (unimportant) + - linux 5.15.15-1 (unimportant) [stretch] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/481221775d53d6215a6e5e9ce1cce6d2b4ab9a46 (5.16-rc6) NOTE: CONFIG_NETDEVSIM is not set in Debian @@ -7175,7 +7175,7 @@ CVE-2021-45100 (The ksmbd server through 3.4.2, as used in the Linux kernel thro NOTE: https://marc.info/?l=linux-kernel&m=163961726017023&w=2 NOTE: SMB_SERVER enabled only as module since 5.16~rc1-1~exp1. CVE-2021-45095 (pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 ...) - - linux + - linux 5.15.15-1 NOTE: https://lore.kernel.org/all/20211209082839.33985-1-hbh25y@gmail.com/ CVE-2021-45070 RESERVED @@ -51900,19 +51900,19 @@ CVE-2021-28717 CVE-2021-28716 RESERVED CVE-2021-28715 (Guest can force Linux netback driver to hog large amounts of kernel me ...) - - linux + - linux 5.15.15-1 NOTE: https://xenbits.xen.org/xsa/advisory-392.html CVE-2021-28714 (Guest can force Linux netback driver to hog large amounts of kernel me ...) - - linux + - linux 5.15.15-1 NOTE: https://xenbits.xen.org/xsa/advisory-392.html CVE-2021-28713 (Rogue backends can cause DoS of guests via high frequency events T[his ...) - - linux + - linux 5.15.15-1 NOTE: https://xenbits.xen.org/xsa/advisory-391.html CVE-2021-28712 (Rogue backends can cause DoS of guests via high frequency events T[his ...) - - linux + - linux 5.15.15-1 NOTE: https://xenbits.xen.org/xsa/advisory-391.html CVE-2021-28711 (Rogue backends can cause DoS of guests via high frequency events T[his ...) - - linux + - linux 5.15.15-1 NOTE: https://xenbits.xen.org/xsa/advisory-391.html CVE-2021-28710 (certain VT-d IOMMUs may not work in shared page table mode For efficie ...) - xen (Only affects 4.15 series) -- cgit v1.2.3