Helmut Grohne pushed to branch master at Debian Security Tracker / security-tracker
Commits: 954ccfc8 by Helmut Grohne at 2022-11-07T10:35:21+01:00 delete glibc annotations conflicting with elts tracker - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -63932,13 +63932,11 @@ CVE-2022-23219 (The deprecated compatibility function clnt_create in the sunrpc {DLA-3152-1} - glibc 2.33-3 [bullseye] - glibc 2.31-13+deb11u3 - [stretch] - glibc <no-dsa> (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22542 CVE-2022-23218 (The deprecated compatibility function svcunix_create in the sunrpc mod ...) {DLA-3152-1} - glibc 2.33-3 [bullseye] - glibc 2.31-13+deb11u3 - [stretch] - glibc <no-dsa> (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28768 CVE-2022-23217 RESERVED @@ -74458,7 +74456,6 @@ CVE-2021-3999 (A flaw was found in glibc. An off-by-one buffer overflow and unde {DLA-3152-1} - glibc 2.33-4 [bullseye] - glibc 2.31-13+deb11u4 - [stretch] - glibc <no-dsa> (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28769 NOTE: https://www.openwall.com/lists/oss-security/2022/01/24/4 NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=23e0e8f5f1fb5ed150253d986ecccdc90c2dcd5e @@ -99017,7 +99014,6 @@ CVE-2021-35943 (Couchbase Server 6.5.x and 6.6.x through 6.6.2 has Incorrect Acc CVE-2021-35942 (The wordexp function in the GNU C Library (aka glibc) through 2.33 may ...) {DLA-3152-1} - glibc 2.31-13 (bug #990542) - [stretch] - glibc <no-dsa> (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28011 NOTE: https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=5adda61f62b77384718b4c0d8336ade8f2b4b35c CVE-2021-35941 (Western Digital WD My Book Live (2.x and later) and WD My Book Live Du ...) @@ -104600,7 +104596,6 @@ CVE-2021-33574 (The mq_notify function in the GNU C Library (aka glibc) versions [experimental] - glibc 2.32-0experimental0 - glibc 2.32-1 (bug #989147) [bullseye] - glibc 2.31-13+deb11u3 - [stretch] - glibc <no-dsa> (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=27896 NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=42d359350510506b87101cf77202fefcbfc790cb NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=217b6dc298156bdb0d6aea9ea93e7e394a5ff091 @@ -123608,7 +123603,6 @@ CVE-2021-26273 (The Agent in NinjaRMM 5.0.909 has Incorrect Access Control. ...) CVE-2021-3326 (The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and ...) {DLA-3152-1} - glibc 2.31-10 (bug #981198) - [stretch] - glibc <no-dsa> (Minor issue) NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2146 NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=27256 NOTE: https://sourceware.org/pipermail/libc-alpha/2021-January/122058.html @@ -135695,7 +135689,6 @@ CVE-2020-35931 (An issue was discovered in Foxit Reader before 10.1.1 (and befor CVE-2019-25013 (The iconv feature in the GNU C Library (aka glibc or libc6) through 2. ...) {DLA-3152-1} - glibc 2.31-9 (bug #979273) - [stretch] - glibc <postponed> (Minor issue; can be fixed in next update) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24973 NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;a=commit;h=ee7a3144c9922808181009b7b3e50e852fb4999b CVE-2019-25012 (The Webform Report project 7.x-1.x-dev for Drupal allows remote attack ...) @@ -152223,7 +152216,6 @@ CVE-2020-27619 (In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.p CVE-2020-27618 (The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and ...) {DLA-3152-1} - glibc 2.31-5 (bug #973914) - [stretch] - glibc <no-dsa> (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=26224 NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=9a99c682144bdbd40792ebf822fe9264e0376fb5 CVE-2020-27617 (eth_get_gso_type in net/eth.c in QEMU 4.2.1 allows guest OS users to t ...) @@ -195790,8 +195782,6 @@ CVE-2020-10030 (An issue has been found in PowerDNS Recursor 4.1.0 up to and inc CVE-2020-10029 (The GNU C Library (aka glibc or libc6) before 2.32 could overflow an o ...) {DLA-3152-1} - glibc 2.30-1 (bug #953108) - [stretch] - glibc <no-dsa> (Minor issue) - [jessie] - glibc <no-dsa> (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25487 NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9333498794cde1d5cca518badf79533a24114b6f NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c10acd40262486dac597001aecc20ad9d3bd0e4a @@ -218183,8 +218173,6 @@ CVE-2020-1753 (A security flaw was found in Ansible Engine, all Ansible 2.7.x ve CVE-2020-1752 (A use-after-free vulnerability introduced in glibc upstream version 2. ...) {DLA-3152-1} - glibc 2.30-3 (bug #953788) - [stretch] - glibc <no-dsa> (Minor issue) - [jessie] - glibc <no-dsa> (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25414 NOTE: Introduced in: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f2962a71959fd254a7a223437ca4b63b9e81130c (2.14) NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ddc650e9b3dc916eab417ce9f79e67337b05035c @@ -219072,7 +219060,6 @@ CVE-2019-19127 (An authentication bypass vulnerability is present in the standal CVE-2019-19126 (On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 ...) {DLA-3152-1} - glibc 2.29-8 (bug #945250) - [stretch] - glibc <no-dsa> (Minor issue) [jessie] - glibc <not-affected> (Vulnerable code introduced in 2.23) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25204 NOTE: Introduced by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=object;h=b9eb92ab05204df772eb4929eccd018637c9f3e9 @@ -253528,8 +253515,6 @@ CVE-2019-9170 (An issue was discovered in GitLab Community and Enterprise Editio NOTE: https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/ CVE-2019-9169 (In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_n ...) - glibc 2.28-9 (bug #924612) - [stretch] - glibc <no-dsa> (Minor issue) - [jessie] - glibc <no-dsa> (Minor issue) - eglibc <removed> NOTE: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34140 NOTE: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34142 @@ -300931,7 +300916,6 @@ CVE-2018-11237 (An AVX-512-optimized implementation of the mempcpy function in t CVE-2018-11236 (stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 a ...) - glibc 2.27-4 (low; bug #899071) [stretch] - glibc 2.24-11+deb9u4 - [jessie] - glibc <no-dsa> (Minor issue, can be fixed along in future DSA or point update) - eglibc <removed> NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22786 NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5460617d1567657621107d895ee2dd83bc1f88f2 @@ -314011,8 +313995,6 @@ CVE-2018-6552 (Apport does not properly handle crashes originating from a PID na CVE-2018-6551 (The malloc implementation in the GNU C Library (aka glibc or libc6), f ...) [experimental] - glibc 2.26.9000+20180127.7e23a7dd-0experimental0 - glibc 2.27-1 - [stretch] - glibc <no-dsa> (Minor issue) - [jessie] - glibc <not-affected> (Issue introduced in 2.24, 2.26 only for i386) - eglibc <not-affected> (Issue introduced in 2.24 for powerpc, 2.26 only for i386) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22774 NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;a=commit;h=8e448310d74b283c5cd02b9ed7fb997b47bf9b22 @@ -314324,8 +314306,6 @@ CVE-2017-18080 (The saveConfigureSecurity resource in Atlassian Bamboo before ve CVE-2018-6485 (An integer overflow in the implementation of the posix_memalign in mem ...) [experimental] - glibc 2.26.9000+20180127.7e23a7dd-0experimental0 - glibc 2.27-1 (bug #878159) - [stretch] - glibc <no-dsa> (Minor issue) - [jessie] - glibc <no-dsa> (Minor issue) - eglibc <removed> [wheezy] - eglibc <ignored> (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22343 @@ -317857,8 +317837,6 @@ CVE-2018-1000004 (In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versi [stretch] - linux 4.9.80-1 CVE-2018-1000001 (In glibc 2.26 and earlier there is confusion in the usage of getcwd() ...) - glibc 2.26-4 (bug #887001) - [stretch] - glibc <postponed> (Minor issue, can be fixed along in next DSA or preferably point release) - [jessie] - glibc <postponed> (Minor issue, can be fixed along in next DSA or preferably point release) - eglibc <removed> [wheezy] - eglibc <postponed> (Minor issue, can be fixed along in next DSA) NOTE: https://www.openwall.com/lists/oss-security/2018/01/11/5 @@ -329778,14 +329756,12 @@ CVE-2017-1000410 (The Linux kernel version 3.3-rc1 and later is affected by a vu CVE-2017-1000409 (A buffer overflow in glibc 2.5 (released on September 29, 2006) and ca ...) - glibc 2.25-5 (bug #884133) [stretch] - glibc 2.24-11+deb9u4 - [jessie] - glibc <no-dsa> (Minor issue) - eglibc <removed> [wheezy] - eglibc <no-dsa> (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2017/12/11/4 CVE-2017-1000408 (A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached ...) - glibc 2.25-5 (bug #884132) [stretch] - glibc 2.24-11+deb9u4 - [jessie] - glibc <no-dsa> (Minor issue) - eglibc <removed> [wheezy] - eglibc <no-dsa> (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2017/12/11/4 @@ -332616,7 +332592,6 @@ CVE-2017-16998 CVE-2017-16997 (elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2 ...) - glibc 2.25-6 (bug #884615) [stretch] - glibc 2.24-11+deb9u4 - [jessie] - glibc <no-dsa> (Minor issue) - eglibc <removed> [wheezy] - eglibc <no-dsa> (Minor issue) NOTE: Upstream bug: https://sourceware.org/bugzilla/show_bug.cgi?id=22625 @@ -337471,7 +337446,6 @@ CVE-2017-15805 (Cisco Small Business SA520 and SA540 devices with firmware 2.1.7 CVE-2017-15804 (The glob function in glob.c in the GNU C Library (aka glibc or libc6) ...) - glibc 2.25-3 (low; bug #879955) [stretch] - glibc 2.24-11+deb9u4 - [jessie] - glibc <no-dsa> (Minor issue) - eglibc <removed> (low) [wheezy] - eglibc <no-dsa> (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22332 @@ -337798,7 +337772,6 @@ CVE-2017-15671 (The glob function in glob.c in the GNU C Library (aka glibc or l [experimental] - glibc 2.26-0experimental0 - glibc 2.25-3 (low; bug #879500) [stretch] - glibc 2.24-11+deb9u4 - [jessie] - glibc <no-dsa> (Minor issue) - eglibc <removed> (low) [wheezy] - eglibc <no-dsa> (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22325 @@ -337807,7 +337780,6 @@ CVE-2017-15670 (The GNU C Library (aka glibc or libc6) before 2.27 contains an o [experimental] - glibc 2.26-0experimental0 - glibc 2.25-3 (low; bug #879501) [stretch] - glibc 2.24-11+deb9u4 - [jessie] - glibc <no-dsa> (Minor issue) - eglibc <removed> (low) [wheezy] - eglibc <no-dsa> (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22320 @@ -348657,7 +348629,6 @@ CVE-2017-12134 (The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c CVE-2017-12133 (Use-after-free vulnerability in the clntudp_call function in sunrpc/cl ...) - glibc 2.24-15 (bug #870648) [stretch] - glibc 2.24-11+deb9u2 - [jessie] - glibc <no-dsa> (Minor issue) - eglibc <removed> [wheezy] - eglibc <no-dsa> (Minor issue) NOTE: issue introduced by fix for CVE-2016-4429 @@ -348666,8 +348637,6 @@ CVE-2017-12133 (Use-after-free vulnerability in the clntudp_call function in sun CVE-2017-12132 (The DNS stub resolver in the GNU C Library (aka glibc or libc6) before ...) [experimental] - glibc 2.25-0experimental1 - glibc 2.25-1 (bug #870650) - [stretch] - glibc <no-dsa> (Minor issue) - [jessie] - glibc <no-dsa> (Minor issue) - eglibc <removed> [wheezy] - eglibc <no-dsa> (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21361 @@ -367402,7 +367371,6 @@ CVE-2017-6077 (ping.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0. CVE-2016-10228 (The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and e ...) {DLA-3152-1} - glibc 2.31-3 (low; bug #856503) - [stretch] - glibc <no-dsa> (Minor issue) [jessie] - glibc <no-dsa> (Minor issue) - eglibc <removed> [wheezy] - eglibc <no-dsa> (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/954ccfc86b985f390a91d3f8abf60414b245887b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/954ccfc86b985f390a91d3f8abf60414b245887b You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits