summaryrefslogtreecommitdiffstats
path: root/data
diff options
context:
space:
mode:
authorSalvatore Bonaccorso <carnil@debian.org>2022-01-18 22:40:51 +0100
committerSalvatore Bonaccorso <carnil@debian.org>2022-01-18 22:40:51 +0100
commit4592ac0a2b39b2cd1436d0dbe0683e4890621e25 (patch)
tree56519087d4794b4eb6b8d7b0e93184568026bd2b /data
parent18a272249e9c6d39ea048a7e15f10873bd2e3d6e (diff)
Track fixed version for linux upload via unstable
Diffstat (limited to 'data')
-rw-r--r--data/CVE/list.202122
-rw-r--r--data/CVE/list.20224
2 files changed, 13 insertions, 13 deletions
diff --git a/data/CVE/list.2021 b/data/CVE/list.2021
index a4cb3129d7..bdd52aa596 100644
--- a/data/CVE/list.2021
+++ b/data/CVE/list.2021
@@ -949,7 +949,7 @@ CVE-2021-45985
RESERVED
CVE-2021-4197 [cgroup: Use open-time creds and namespace for migration perm checks]
RESERVED
- - linux <unfixed>
+ - linux 5.15.15-1
NOTE: https://lore.kernel.org/lkml/20211209214707.805617-1-tj@kernel.org/T/
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2035652
CVE-2021-46144 (Roundcube before 1.4.13 and 1.5.x before 1.5.2 allows XSS via an HTML ...)
@@ -2210,7 +2210,7 @@ CVE-2021-45482 (In WebKitGTK before 2.32.4, there is a use-after-free in WebCore
CVE-2021-45481 (In WebKitGTK before 2.32.4, there is incorrect memory allocation in We ...)
TODO: check, claimed to be different than CVE-2021-30889
CVE-2021-45480 (An issue was discovered in the Linux kernel before 5.15.11. There is a ...)
- - linux <unfixed>
+ - linux 5.15.15-1
[stretch] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://git.kernel.org/linus/5f9562ebe710c307adc5f666bf1a2162ee7977c0
CVE-2021-4167
@@ -2261,7 +2261,7 @@ CVE-2021-45470 (lib/DatabaseLayer.py in cve-search before 4.1.0 allows regular e
CVE-2021-4161 (The affected products contain vulnerable firmware, which could allow a ...)
NOT-FOR-US: Moxa
CVE-2021-45469 (In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15 ...)
- - linux <unfixed>
+ - linux 5.15.15-1
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=215235
CVE-2021-45468 (Imperva Web Application Firewall (WAF) before 2021-12-23 allows remote ...)
NOT-FOR-US: Imperva Web Application Firewall
@@ -2317,7 +2317,7 @@ CVE-2021-4156 [heap out-of-bounds read in src/flac.c in flac_buffer_copy]
NOTE: https://github.com/libsndfile/libsndfile/commit/ced91d7b971be6173b604154c39279ce90ad87cc (1.1.0beta1)
CVE-2021-4155
RESERVED
- - linux <unfixed>
+ - linux 5.15.15-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2034813
NOTE: https://git.kernel.org/linus/983d8e60f50806f90534cc5373d0ce867e5aaf79 (5.16)
NOTE: https://www.openwall.com/lists/oss-security/2022/01/10/1
@@ -3164,7 +3164,7 @@ CVE-2021-4136 (vim is vulnerable to Heap-based Buffer Overflow ...)
NOTE: Fixed by: https://github.com/vim/vim/commit/605ec91e5a7330d61be313637e495fa02a6dc264 (v8.2.3847)
CVE-2021-4135
RESERVED
- - linux <unfixed> (unimportant)
+ - linux 5.15.15-1 (unimportant)
[stretch] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/481221775d53d6215a6e5e9ce1cce6d2b4ab9a46 (5.16-rc6)
NOTE: CONFIG_NETDEVSIM is not set in Debian
@@ -3352,7 +3352,7 @@ CVE-2021-45100 (The ksmbd server through 3.4.2, as used in the Linux kernel thro
NOTE: https://marc.info/?l=linux-kernel&m=163961726017023&w=2
NOTE: SMB_SERVER enabled only as module since 5.16~rc1-1~exp1.
CVE-2021-45095 (pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 ...)
- - linux <unfixed>
+ - linux 5.15.15-1
NOTE: https://lore.kernel.org/all/20211209082839.33985-1-hbh25y@gmail.com/
CVE-2021-45070
RESERVED
@@ -43495,19 +43495,19 @@ CVE-2021-28717
CVE-2021-28716
RESERVED
CVE-2021-28715 (Guest can force Linux netback driver to hog large amounts of kernel me ...)
- - linux <unfixed>
+ - linux 5.15.15-1
NOTE: https://xenbits.xen.org/xsa/advisory-392.html
CVE-2021-28714 (Guest can force Linux netback driver to hog large amounts of kernel me ...)
- - linux <unfixed>
+ - linux 5.15.15-1
NOTE: https://xenbits.xen.org/xsa/advisory-392.html
CVE-2021-28713 (Rogue backends can cause DoS of guests via high frequency events T[his ...)
- - linux <unfixed>
+ - linux 5.15.15-1
NOTE: https://xenbits.xen.org/xsa/advisory-391.html
CVE-2021-28712 (Rogue backends can cause DoS of guests via high frequency events T[his ...)
- - linux <unfixed>
+ - linux 5.15.15-1
NOTE: https://xenbits.xen.org/xsa/advisory-391.html
CVE-2021-28711 (Rogue backends can cause DoS of guests via high frequency events T[his ...)
- - linux <unfixed>
+ - linux 5.15.15-1
NOTE: https://xenbits.xen.org/xsa/advisory-391.html
CVE-2021-28710 (certain VT-d IOMMUs may not work in shared page table mode For efficie ...)
- xen <not-affected> (Only affects 4.15 series)
diff --git a/data/CVE/list.2022 b/data/CVE/list.2022
index f196dbbf1f..c8f152679f 100644
--- a/data/CVE/list.2022
+++ b/data/CVE/list.2022
@@ -470,7 +470,7 @@ CVE-2022-0229
CVE-2022-0228
RESERVED
CVE-2022-23222 (kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local ...)
- - linux <unfixed>
+ - linux 5.15.15-1
[buster] - linux <not-affected> (Vulnerable code not present)
[stretch] - linux <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2022/01/13/1
@@ -826,7 +826,7 @@ CVE-2022-0186
RESERVED
CVE-2022-0185 [vfs: fs_context: fix up param length parsing in legacy_parse_param]
RESERVED
- - linux <unfixed>
+ - linux 5.15.15-1
[buster] - linux <not-affected> (Vulnerable code introduced later)
[stretch] - linux <not-affected> (Vulnerable code introduced later)
NOTE: Fixed by: https://git.kernel.org/linus/722d94847de29310e8aa03fcbdb41fc92c521756

© 2014-2024 Faster IT GmbH | imprint | privacy policy