Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: db35c425 by Salvatore Bonaccorso at 2021-06-19T08:26:44+02:00 Merge in already the linux updates for buster 10.10 (as d-i based on it) - - - - - 2 changed files: - data/CVE/list - data/next-point-update.txt Changes: ===================================== data/CVE/list ===================================== @@ -2477,6 +2477,7 @@ CVE-2018-25015 (An issue was discovered in the Linux kernel before 4.14.16. Ther CVE-2021-3587 [nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect] RESERVED - linux <unfixed> + [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/4ac06a1e013cf5fdd963317ffd3b968560f33bba CVE-2021-3582 [hw/rdma: Fix possible mremap overflow in the pvrdma device] RESERVED @@ -2768,6 +2769,7 @@ CVE-2021-33796 CVE-2021-3573 RESERVED - linux <unfixed> + [buster] - linux 4.19.194-1 NOTE: https://www.openwall.com/lists/oss-security/2021/06/08/2 CVE-2021-33795 RESERVED @@ -3415,6 +3417,7 @@ CVE-2021-33525 (EyesOfNetwork eonweb through 5.3-11 allows Remote Command Execut NOT-FOR-US: EyesOfNetwork (EON) eonweb CVE-2021-3564 (A flaw double-free memory corruption in the Linux kernel HCI device in ...) - linux <unfixed> + [buster] - linux 4.19.194-1 NOTE: https://www.openwall.com/lists/oss-security/2021/05/25/1 CVE-2021-33524 RESERVED @@ -4547,6 +4550,7 @@ CVE-2021-33035 RESERVED CVE-2021-33034 (In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use ...) - linux 5.10.38-1 + [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/5c4c8c9544099bb9043a10a5318130a943e32fc3 CVE-2021-33032 RESERVED @@ -5981,6 +5985,7 @@ CVE-2021-32400 RESERVED CVE-2021-32399 (net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a r ...) - linux 5.10.38-1 + [buster] - linux 4.19.194-1 NOTE: https://www.openwall.com/lists/oss-security/2021/05/11/2 CVE-2021-32398 RESERVED @@ -7135,6 +7140,7 @@ CVE-2021-31917 NOT-FOR-US: Infinispan CVE-2021-31916 (An out-of-bounds (OOB) memory write flaw was found in list_devices in ...) - linux 5.10.28-1 + [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/4edbe1d7bcffcd6269f3b5eb63f710393ff2ec7a NOTE: https://www.openwall.com/lists/oss-security/2021/03/28/1 CVE-2021-31915 (In JetBrains TeamCity before 2020.2.4, OS command injection leading to ...) @@ -7424,6 +7430,7 @@ CVE-2021-3514 (When using a sync_repl client in 389-ds-base, an authenticated at NOTE: https://github.com/389ds/389-ds-base/issues/4711 CVE-2021-31829 (kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs unde ...) - linux 5.10.38-1 + [buster] - linux 4.19.194-1 [stretch] - linux <not-affected> (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/4 CVE-2021-31828 (An SSRF issue in Open Distro for Elasticsearch (ODFE) before 1.13.1.0 ...) @@ -8231,6 +8238,7 @@ CVE-2021-3507 (A heap buffer overflow was found in the floppy disk emulator of Q NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1951118 CVE-2021-3506 (An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c ...) - linux 5.10.38-1 + [buster] - linux 4.19.194-1 [stretch] - linux <ignored> (f2fs is not supportable) NOTE: https://www.openwall.com/lists/oss-security/2021/03/28/2 NOTE: https://lore.kernel.org/lkml/20210322114730.71103-1-yuch...@huawei.com/ @@ -11356,6 +11364,7 @@ CVE-2021-3484 RESERVED CVE-2021-3483 (A flaw was found in the Nosy driver in the Linux kernel. This issue al ...) - linux 5.10.28-1 + [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/829933ef05a951c8ff140e814656d73e74915faf CVE-2021-30178 (An issue was discovered in the Linux kernel through 5.11.11. synic_get ...) - linux <not-affected> (Vulnerable code introduced later) @@ -12722,6 +12731,7 @@ CVE-2021-29651 (Pomerium before 0.13.4 has an Open Redirect (issue 1 of 2). ...) NOT-FOR-US: Pomerium CVE-2021-29650 (An issue was discovered in the Linux kernel before 5.11.11. The netfil ...) - linux 5.10.28-1 + [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/175e476b8cdf2a4de7432583b49c871345e4f8a1 CVE-2021-29649 (An issue was discovered in the Linux kernel before 5.11.11. The user m ...) - linux 5.10.28-1 @@ -12733,6 +12743,7 @@ CVE-2021-29648 (An issue was discovered in the Linux kernel before 5.11.11. The NOTE: https://git.kernel.org/linus/350a5c4dd2452ea999cc5e1d4a8dbf12de2f97ef CVE-2021-29647 (An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvm ...) - linux 5.10.28-1 + [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/50535249f624d0072cd885bcdce4e4b6fb770160 CVE-2021-29646 (An issue was discovered in the Linux kernel before 5.11.11. tipc_nl_re ...) - linux 5.10.28-1 @@ -13741,6 +13752,7 @@ CVE-2021-29265 (An issue was discovered in the Linux kernel before 5.11.7. usbip NOTE: https://git.kernel.org/linus/9380afd6df70e24eacbdbde33afc6a3950965d22 CVE-2021-29264 (An issue was discovered in the Linux kernel through 5.11.10. drivers/n ...) - linux 5.10.28-1 + [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/d8861bab48b6c1fc3cdbcab8ff9d1eaea43afe7f CVE-2021-29263 (In JetBrains IntelliJ IDEA 2020.3.3, local code execution was possible ...) - intellij-idea <itp> (bug #747616) @@ -13976,12 +13988,14 @@ CVE-2021-29156 (ForgeRock OpenAM before 13.5.1 allows LDAP injection via the Web NOT-FOR-US: ForgeRock OpenAM CVE-2021-29155 (An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf ...) - linux 5.10.38-1 + [buster] - linux 4.19.194-1 [stretch] - linux <not-affected> (Vulnerability introduced later) NOTE: https://www.openwall.com/lists/oss-security/2021/04/18/4 NOTE: Fixes need to be made complete for older series to not open CVE-2021-33200, NOTE: cf. https://lore.kernel.org/stable/215e98bf-21c7-0074-129d-49a515264...@iogearbox.net/ CVE-2021-29154 (BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect c ...) - linux 5.10.28-1 + [buster] - linux 4.19.194-1 NOTE: https://www.openwall.com/lists/oss-security/2021/04/08/1 CVE-2021-3467 (A NULL pointer dereference flaw was found in the way Jasper versions b ...) - jasper <removed> @@ -14405,13 +14419,16 @@ CVE-2021-28965 (The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2. NOTE: https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965/ CVE-2021-28972 (In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5. ...) - linux 5.10.26-1 + [buster] - linux 4.19.194-1 [stretch] - linux <ignored> (Driver is specific to IBM Power systems) NOTE: https://git.kernel.org/linus/cc7a0bb058b85ea03db87169c60c7cfdd5d34678 CVE-2021-28971 (In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux ...) - linux 5.10.26-1 + [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/d88d05a9e0b6d9356e97129d4ff9942d765f46ea CVE-2021-28964 (A race condition was discovered in get_old_root in fs/btrfs/ctree.c in ...) - linux 5.10.26-1 + [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/dbcc7d57bffc0c8cac9dac11bec548597d59a6a5 CVE-2021-28962 RESERVED @@ -15068,6 +15085,7 @@ CVE-2021-28689 (x86: Speculative vulnerabilities with bare (non-shim) 32-bit PV NOTE: Unfixable design/architecture limitation, no fix planned CVE-2021-28688 (The fix for XSA-365 includes initialization of pointers such that subs ...) - linux 5.10.28-1 + [buster] - linux 4.19.194-1 NOTE: https://xenbits.xen.org/xsa/advisory-371.html NOTE: https://git.kernel.org/linus/a846738f8c3788d846ed1f587270d2f2e3d32432 CVE-2021-28686 (AsIO2_64.sys and AsIO2_32.sys in ASUS GPUTweak II before 2.3.0.3 allow ...) @@ -28228,10 +28246,12 @@ CVE-2021-23135 (Exposure of System Data to an Unauthorized Control Sphere vulner NOT-FOR-US: Argo CD CVE-2021-23134 (Use After Free vulnerability in nfc sockets in the Linux Kernel before ...) - linux 5.10.38-1 + [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/c61760e6940dd4039a7f5e84a6afc9cdbf4d82b6 NOTE: https://www.openwall.com/lists/oss-security/2021/05/11/4 CVE-2021-23133 (A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) befo ...) - linux 5.10.38-1 + [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/34e5b01186858b36c4d7c87e1a025071e8e2401f NOTE: https://www.openwall.com/lists/oss-security/2021/04/18/2 CVE-2021-23132 (An issue was discovered in Joomla! 3.0.0 through 3.9.24. com_media all ...) @@ -40760,6 +40780,7 @@ CVE-2020-29375 (An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V NOT-FOR-US: V-SOL devices CVE-2020-29374 (An issue was discovered in the Linux kernel before 5.7.3, related to m ...) - linux 5.7.6-1 + [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/17839856fd588f4ab6b789f482ed3ffd7c403e1f NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2045 CVE-2020-29373 (An issue was discovered in fs/io_uring.c in the Linux kernel before 5. ...) @@ -47994,6 +48015,7 @@ CVE-2021-0130 CVE-2021-0129 (Improper access control in BlueZ may allow an authenticated user to po ...) - bluez 5.55-3.1 (bug #989614) - linux 5.10.40-1 + [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=00da0fb4972cf59e1c075f313da81ea549cb8738 NOTE: https://git.kernel.org/linus/6d19628f539fccf899298ff02ee4c73e4bf6df3f NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00517.html @@ -50825,6 +50847,7 @@ CVE-2020-26559 (Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 an CVE-2020-26558 (Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification ...) - bluez 5.55-3.1 (bug #989614) - linux 5.10.40-1 + [buster] - linux 4.19.194-1 NOTE: https://kb.cert.org/vuls/id/799380 NOTE: https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/passkey-entry/ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1918602 @@ -51793,6 +51816,7 @@ CVE-2020-26148 (md_push_block_bytes in md4c.c in md4c 0.4.5 allows attackers to NOTE: https://github.com/mity/md4c/commit/22ca89a3008966c4316d6b0a158b1a49f9038df0 CVE-2020-26147 (An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, ...) - linux <unfixed> + [buster] - linux 4.19.194-1 NOTE: https://papers.mathyvanhoef.com/usenix2021.pdf NOTE: https://www.fragattacks.com/ NOTE: https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johan...@sipsolutions.net/ @@ -51831,6 +51855,7 @@ CVE-2020-26140 (An issue was discovered in the ALFA Windows 10 driver 6.1316.120 NOTE: https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johan...@sipsolutions.net/ CVE-2020-26139 (An issue was discovered in the kernel in NetBSD 7.1. An Access Point ( ...) - linux <unfixed> + [buster] - linux 4.19.194-1 NOTE: https://papers.mathyvanhoef.com/usenix2021.pdf NOTE: https://www.fragattacks.com/ NOTE: https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johan...@sipsolutions.net/ @@ -53000,17 +53025,17 @@ CVE-2020-25673 (A vulnerability was found in Linux kernel where non-blocking soc CVE-2020-25672 (A memory leak vulnerability was found in Linux kernel in llcp_sock_con ...) - linux 5.10.38-1 [bullseye] - linux <postponed> (Minor issue, revisit once fixed upstream) - [buster] - linux <postponed> (Minor issue, revisit once fixed upstream) + [buster] - linux 4.19.194-1 NOTE: https://www.openwall.com/lists/oss-security/2020/11/01/1 CVE-2020-25671 (A vulnerability was found in Linux Kernel, where a refcount leak in ll ...) - linux 5.10.38-1 [bullseye] - linux <postponed> (Minor issue, revisit once fixed upstream) - [buster] - linux <postponed> (Minor issue, revisit once fixed upstream) + [buster] - linux 4.19.194-1 NOTE: https://www.openwall.com/lists/oss-security/2020/11/01/1 CVE-2020-25670 (A vulnerability was found in Linux Kernel where refcount leak in llcp_ ...) - linux 5.10.38-1 [bullseye] - linux <postponed> (Minor issue, revisit once fixed upstream) - [buster] - linux <postponed> (Minor issue, revisit once fixed upstream) + [buster] - linux 4.19.194-1 NOTE: https://www.openwall.com/lists/oss-security/2020/11/01/1 CVE-2020-25669 (A vulnerability was found in the Linux Kernel where the function sunkb ...) {DLA-2494-1 DLA-2483-1} @@ -55581,6 +55606,7 @@ CVE-2020-24589 (The Management Console in WSO2 API Manager through 3.1.0 and API NOT-FOR-US: WSO2 CVE-2020-24588 (The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, ...) - linux <unfixed> + [buster] - linux 4.19.194-1 NOTE: https://papers.mathyvanhoef.com/usenix2021.pdf NOTE: https://www.fragattacks.com/ NOTE: https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johan...@sipsolutions.net/ @@ -55588,6 +55614,7 @@ CVE-2020-24588 (The 802.11 standard that underpins Wi-Fi Protected Access (WPA, NOTE: https://lore.kernel.org/linux-wireless/20210511200110.11968c725b5c.Idd166365ebea2771c0c0a38c78b5060750f90e17@changeid/ CVE-2020-24587 (The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, ...) - linux <unfixed> + [buster] - linux 4.19.194-1 NOTE: https://papers.mathyvanhoef.com/usenix2021.pdf NOTE: https://www.fragattacks.com/ NOTE: https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johan...@sipsolutions.net/ @@ -55595,6 +55622,7 @@ CVE-2020-24587 (The 802.11 standard that underpins Wi-Fi Protected Access (WPA, NOTE: https://lore.kernel.org/linux-wireless/20210511200110.037aa5ca0390.I7bb888e2965a0db02a67075fcb5deb50eb7408aa@changeid/ CVE-2020-24586 (The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, ...) - linux <unfixed> + [buster] - linux 4.19.194-1 NOTE: https://papers.mathyvanhoef.com/usenix2021.pdf NOTE: https://www.fragattacks.com/ NOTE: https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johan...@sipsolutions.net/ ===================================== data/next-point-update.txt ===================================== @@ -144,68 +144,6 @@ CVE-2021-3541 [buster] - libxml2 2.9.4+dfsg1-7+deb10u2 CVE-2021-33833 [buster] - connman 1.36-2.1~deb10u2 -CVE-2020-24586 - [buster] - linux 4.19.194-1 -CVE-2020-24587 - [buster] - linux 4.19.194-1 -CVE-2020-24588 - [buster] - linux 4.19.194-1 -CVE-2020-25670 - [buster] - linux 4.19.194-1 -CVE-2020-25671 - [buster] - linux 4.19.194-1 -CVE-2020-25672 - [buster] - linux 4.19.194-1 -CVE-2020-26139 - [buster] - linux 4.19.194-1 -CVE-2020-26147 - [buster] - linux 4.19.194-1 -CVE-2020-26558 - [buster] - linux 4.19.194-1 -CVE-2020-29374 - [buster] - linux 4.19.194-1 -CVE-2021-0129 - [buster] - linux 4.19.194-1 -CVE-2021-23133 - [buster] - linux 4.19.194-1 -CVE-2021-23134 - [buster] - linux 4.19.194-1 -CVE-2021-28688 - [buster] - linux 4.19.194-1 -CVE-2021-28964 - [buster] - linux 4.19.194-1 -CVE-2021-28971 - [buster] - linux 4.19.194-1 -CVE-2021-28972 - [buster] - linux 4.19.194-1 -CVE-2021-29154 - [buster] - linux 4.19.194-1 -CVE-2021-29155 - [buster] - linux 4.19.194-1 -CVE-2021-29264 - [buster] - linux 4.19.194-1 -CVE-2021-29647 - [buster] - linux 4.19.194-1 -CVE-2021-29650 - [buster] - linux 4.19.194-1 -CVE-2021-31829 - [buster] - linux 4.19.194-1 -CVE-2021-31916 - [buster] - linux 4.19.194-1 -CVE-2021-32399 - [buster] - linux 4.19.194-1 -CVE-2021-33034 - [buster] - linux 4.19.194-1 -CVE-2021-3483 - [buster] - linux 4.19.194-1 -CVE-2021-3506 - [buster] - linux 4.19.194-1 -CVE-2021-3564 - [buster] - linux 4.19.194-1 -CVE-2021-3573 - [buster] - linux 4.19.194-1 -CVE-2021-3587 - [buster] - linux 4.19.194-1 CVE-2019-20446 [buster] - librsvg 2.44.10-2.1+deb10u1 CVE-2019-17134 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/db35c42516df8840c94bdf9da7701d0fe496b09d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/db35c42516df8840c94bdf9da7701d0fe496b09d You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits