Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ec5d3034 by Salvatore Bonaccorso at 2019-12-01T20:12:36Z
Sync state of some linux CVEs with kernel-sec
- - - - -
aee0dc23 by Salvatore Bonaccorso at 2019-12-01T20:13:20Z
Merge remote-tracking branch 'origin/master'
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -232,6 +232,7 @@ CVE-2019-19463 (The Anhui Huami Mi Fit application before
4.0.11 for Android has
NOT-FOR-US: Anhui Huami Mi Fit application for Android
CVE-2019-19462 (relay_open in kernel/relay.c in the Linux kernel through 5.4.1
allows ...)
- linux <unfixed>
+ [jessie] - linux <not-affected> (Vulnerability introduced later)
CVE-2019-19461
RESERVED
CVE-2019-19460
@@ -934,6 +935,8 @@ CVE-2019-19253
NOT-FOR-US: Apereo CAS
CVE-2019-19252 (vcs_write in drivers/tty/vt/vc_screen.c in the Linux kernel
through 5. ...)
- linux <unfixed>
+ [stretch] - linux <not-affected> (Vulnerability introduced later)
+ [jessie] - linux <not-affected> (Vulnerability introduced later)
NOTE:
https://lore.kernel.org/lkml/c30fc539-68a8-65d7-226c-6f8e6fd8b...@suse.com/
CVE-2019-19251
RESERVED
@@ -1311,7 +1314,9 @@ CVE-2011-5331 (Distributed Ruby (aka DRuby) 1.8
mishandles instance_eval. ...)
CVE-2011-5330 (Distributed Ruby (aka DRuby) 1.8 mishandles the sending of
syscalls. ...)
NOT-FOR-US: Distributed Ruby
CVE-2019-19083 (Memory leaks in *clock_source_create() functions under
drivers/gpu/drm ...)
- - linux 5.3.9-1
+ - linux 5.3.9-1 (unimportant)
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ [jessie] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/055e547478a11a6360c7ce05e2afc3e366968a12
CVE-2019-19082 (Memory leaks in *create_resource_pool() functions under
drivers/gpu/dr ...)
- linux <unfixed>
@@ -1320,15 +1325,23 @@ CVE-2019-19082 (Memory leaks in *create_resource_pool()
functions under drivers/
NOTE:
https://git.kernel.org/linus/104c307147ad379617472dd91a5bcb368d72bd6d
CVE-2019-19081 (A memory leak in the nfp_flower_spawn_vnic_reprs() function in
drivers ...)
- linux 5.3.7-1
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ [jessie] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/8ce39eb5a67aee25d9f05b40b673c95b23502e3e
CVE-2019-19080 (Four memory leaks in the nfp_flower_spawn_phy_reprs() function
in driv ...)
- linux 5.3.7-1
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ [jessie] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/8572cea1461a006bce1d06c0c4b0575869125fa4
CVE-2019-19079 (A memory leak in the qrtr_tun_write_iter() function in
net/qrtr/tun.c ...)
- linux 5.3.7-1
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ [jessie] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/a21b7f0cff1906a93a0130b74713b15a0b36481d
CVE-2019-19078 (A memory leak in the ath10k_usb_hif_tx_sg() function in
drivers/net/wi ...)
- linux <unfixed>
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ [jessie] - linux <not-affected> (Vulnerable code not present)
CVE-2019-19077 (A memory leak in the bnxt_re_create_srq() function in
drivers/infiniba ...)
- linux <unfixed>
[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -1336,9 +1349,12 @@ CVE-2019-19077 (A memory leak in the
bnxt_re_create_srq() function in drivers/in
NOTE:
https://git.kernel.org/linus/4a9d46a9fe14401f21df69cea97c62396d5fb053
CVE-2019-19076 (A memory leak in the nfp_abm_u32_knode_replace() function in
drivers/n ...)
- linux 5.3.7-1
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ [jessie] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/78beef629fd95be4ed853b2d37b832f766bd96ca
CVE-2019-19075 (A memory leak in the ca8210_probe() function in
drivers/net/ieee802154 ...)
- - linux 5.3.9-1
+ - linux 5.3.9-1 (unimportant)
NOTE:
https://git.kernel.org/linus/6402939ec86eaf226c8b8ae00ed983936b164908
CVE-2019-19074 (A memory leak in the ath9k_wmi_cmd() function in
drivers/net/wireless/ ...)
- linux <unfixed>
@@ -1353,32 +1369,40 @@ CVE-2019-19072 (A memory leak in the predicate_parse()
function in kernel/trace/
NOTE:
https://git.kernel.org/linus/96c5c6e6a5b6db592acae039fed54b5c8844cd35
CVE-2019-19071 (A memory leak in the rsi_send_beacon() function in
drivers/net/wireles ...)
- linux <unfixed>
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ [jessie] - linux <not-affected> (Vulnerable code not present)
CVE-2019-19070 (** DISPUTED ** A memory leak in the spi_gpio_probe() function
in drive ...)
- - linux <unfixed>
+ - linux <unfixed> (unimportant)
CVE-2019-19069 (A memory leak in the fastrpc_dma_buf_attach() function in
drivers/misc ...)
- linux 5.3.9-1
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ [jessie] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/fc739a058d99c9297ef6bfd923b809d85855b9a9
CVE-2019-19068 (A memory leak in the rtl8xxxu_submit_int_urb() function in
drivers/net ...)
- linux <unfixed>
+ [jessie] - linux <not-affected> (Vulnerable code not present)
CVE-2019-19067 (** DISPUTED ** Four memory leaks in the acp_hw_init() function
in driv ...)
- - linux 5.3.9-1
+ - linux 5.3.9-1 (unimportant)
NOTE:
https://git.kernel.org/linus/57be09c6e8747bf48704136d9e3f92bfb93f5725
CVE-2019-19066 (A memory leak in the bfad_im_get_stats() function in
drivers/scsi/bfa/ ...)
- linux <unfixed>
CVE-2019-19065 (A memory leak in the sdma_init() function in
drivers/infiniband/hw/hfi ...)
- linux 5.3.9-1
+ [stretch] - linux <not-affected> (Vulnerability introduced later)
+ [jessie] - linux <not-affected> (Vulnerability introduced later)
NOTE:
https://git.kernel.org/linus/34b3be18a04ecdc610aae4c48e5d1b799d8689f6
CVE-2019-19064 (** DISPUTED ** A memory leak in the fsl_lpspi_probe() function
in driv ...)
- - linux <unfixed>
+ - linux <unfixed> (unimportant)
CVE-2019-19063 (Two memory leaks in the rtl_usb_probe() function in
drivers/net/wirele ...)
- - linux <unfixed>
+ - linux <unfixed> (unimportant)
CVE-2019-19062 (A memory leak in the crypto_report() function in
crypto/crypto_user_ba ...)
- linux <unfixed>
CVE-2019-19061 (A memory leak in the adis_update_scan_mode_burst() function in
drivers ...)
- - linux 5.3.9-1
+ - linux 5.3.9-1 (unimportant)
NOTE:
https://git.kernel.org/linus/9c0530e898f384c5d279bfcebd8bb17af1105873
CVE-2019-19060 (A memory leak in the adis_update_scan_mode() function in
drivers/iio/i ...)
- - linux 5.3.9-1
+ - linux 5.3.9-1 (unimportant)
NOTE:
https://git.kernel.org/linus/ab612b1daf415b62c58e130cb3d0f30b255a14d0
CVE-2019-19059 (Multiple memory leaks in the iwl_pcie_ctxt_info_gen3_init()
function i ...)
- linux <unfixed>
@@ -1401,9 +1425,13 @@ CVE-2019-19055 (** DISPUTED ** A memory leak in the
nl80211_get_ftm_responder_st
[jessie] - linux <not-affected> (Vulnerable code introduced later)
NOTE:
https://git.kernel.org/linus/1399c59fa92984836db90538cf92397fe7caaa57
CVE-2019-19054 (A memory leak in the cx23888_ir_probe() function in
drivers/media/pci/ ...)
- - linux <unfixed>
+ - linux <unfixed> (unimportant)
+ NOTE: Memory leak on probe only.
CVE-2019-19053 (A memory leak in the rpmsg_eptdev_write_iter() function in
drivers/rpm ...)
- linux <unfixed>
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ [jessie] - linux <not-affected> (Vulnerable code not present)
CVE-2019-19052 (A memory leak in the gs_can_open() function in
drivers/net/can/usb/gs_ ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/fb5be6a7b4863ecc44963bb80ca614584b6c7817
@@ -1412,26 +1440,42 @@ CVE-2019-19051 (A memory leak in the
i2400m_op_rfkill_sw_toggle() function in dr
NOTE:
https://git.kernel.org/linus/6f3ef5c25cc762687a7341c18cbea5af54461407
CVE-2019-19050 (A memory leak in the crypto_reportstat() function in
crypto/crypto_use ...)
- linux <unfixed>
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ [jessie] - linux <not-affected> (Vulnerable code not present)
CVE-2019-19049 (** DISPUTED ** A memory leak in the unittest_data_add()
function in dr ...)
- linux <unfixed> (unimportant)
NOTE:
https://git.kernel.org/linus/e13de8fe0d6a51341671bbe384826d527afe8d44
NOTE: unittest.c can only be reached during boot.
CVE-2019-19048 (A memory leak in the crypto_reportstat() function in
drivers/virt/vbox ...)
- linux 5.3.9-1
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ [jessie] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/e0b0cb9388642c104838fac100a4af32745621e2
CVE-2019-19047 (A memory leak in the mlx5_fw_fatal_reporter_dump() function in
drivers ...)
- linux <unfixed>
+ [buster] - linux <not-affected> (Vulnerability introduced later)
+ [stretch] - linux <not-affected> (Vulnerability introduced later)
+ [jessie] - linux <not-affected> (Vulnerability introduced later)
NOTE:
https://git.kernel.org/linus/c7ed6d0183d5ea9bc31bcaeeba4070bd62546471
CVE-2019-19046 (** DISPUTED ** A memory leak in the __ipmi_bmc_register()
function in ...)
- - linux <unfixed>
+ - linux <unfixed> (unimportant)
+ NOTE: Only a memory leak on the probe path
CVE-2019-19045 (A memory leak in the mlx5_fpga_conn_create_cq() function in
drivers/ne ...)
- linux <unfixed>
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ [jessie] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/c8c2a057fdc7de1cd16f4baa51425b932a42eb39
CVE-2019-19044 (Two memory leaks in the v3d_submit_cl_ioctl() function in
drivers/gpu/ ...)
- linux <unfixed>
+ [buster] - linux <not-affected> (Vulnerability introduced later)
+ [stretch] - linux <not-affected> (Vulnerability introduced later)
+ [jessie] - linux <not-affected> (Vulnerability introduced later)
NOTE:
https://git.kernel.org/linus/29cd13cfd7624726d9e6becbae9aa419ef35af7f
CVE-2019-19043 (A memory leak in the i40e_setup_macvlans() function in
drivers/net/eth ...)
- linux <unfixed>
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ [jessie] - linux <not-affected> (Vulnerable code not present)
CVE-2019-19042
RESERVED
CVE-2019-19041 (An issue was discovered in Xorux Lpar2RRD 6.11 and Stor2RRD
2.61, as d ...)
@@ -1444,6 +1488,7 @@ CVE-2019-19038
RESERVED
CVE-2019-19037 (ext4_empty_dir in fs/ext4/namei.c in the Linux kernel through
5.3.12 a ...)
- linux <unfixed>
+ [jessie] - linux <not-affected> (Vulnerability introduced later)
CVE-2019-19036 (btrfs_root_node in fs/btrfs/ctree.c in the Linux kernel
through 5.3.12 ...)
- linux <unfixed>
CVE-2019-19035 (jhead 3.03 is affected by: heap-based buffer over-read. The
impact is: ...)
@@ -4505,6 +4550,7 @@ CVE-2019-18661 (Fastweb FASTGate 1.0.1b devices allow
partial authentication byp
NOT-FOR-US: Fastweb FASTGate
CVE-2019-18660 (The Linux kernel through 5.3.13 on powerpc allows Information
Exposure ...)
- linux <unfixed>
+ [jessie] - linux <ignored> (powerpc not supported in LTS)
NOTE: https://www.openwall.com/lists/oss-security/2019/11/27/1
CVE-2019-18659 (The Wireless Emergency Alerts (WEA) protocol allows remote
attackers t ...)
NOT-FOR-US: Wireless Emergency Alerts (WEA) protocol
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/8eedf5749ec4f722ca775af507a09e3a0156c694...aee0dc2375f92818e9c3bb9d9c82ea3c7175161c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/8eedf5749ec4f722ca775af507a09e3a0156c694...aee0dc2375f92818e9c3bb9d9c82ea3c7175161c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
