Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
86548e12 by Salvatore Bonaccorso at 2018-03-03T21:00:17+01:00
Sync various issues with kernel-sec triage from benh
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -475,6 +475,8 @@ CVE-2018-7493
CVE-2017-18204 (The ocfs2_setattr function in fs/ocfs2/file.c in the Linux
kernel ...)
- linux 4.14.2-1
[stretch] - linux 4.9.65-1
+ [jessie] - linux <not-affected> (Vulnerable code introduced later)
+ [wheezy] - linux <not-affected> (Vulnerable code introduced later)
NOTE: Fixed by:
https://git.kernel.org/linus/28f5a8a7c033cbf3e32277f4cc9c6afd74f05300
CVE-2017-18203 (The dm_get_from_kobject function in drivers/md/dm.c in the
Linux kernel ...)
- linux 4.14.7-1
@@ -483,6 +485,8 @@ CVE-2017-18203 (The dm_get_from_kobject function in
drivers/md/dm.c in the Linux
CVE-2017-18202 (The __oom_reap_task_mm function in mm/oom_kill.c in the Linux
kernel ...)
- linux 4.14.7-1
[stretch] - linux 4.9.80-1
+ [jessie] - linux <not-affected> (Vulnerable code not present)
+ [wheezy] - linux <not-affected> (Vulnerable code not present)
NOTE: Fixed by:
https://git.kernel.org/linus/687cb0884a714ff484d038e9190edc874edcf146
CVE-2018-7492 (A NULL pointer dereference was found in the net/rds/rdma.c ...)
- linux 4.14.7-1
@@ -545,6 +549,8 @@ CVE-2018-7481
RESERVED
CVE-2018-7480 (The blkcg_init_queue function in block/blk-cgroup.c in the
Linux ...)
- linux 4.11.6-1
+ [jessie] - linux <not-affected> (Issue introduced later)
+ [wheezy] - linux <not-affected> (Issue introduced later)
NOTE: Fixed by:
https://git.kernel.org/linus/9b54d816e00425c3a517514e0d677bb3cec49258
CVE-2018-7479 (YzmCMS 3.6 allows remote attackers to discover the full path
via a ...)
NOT-FOR-US: YzmCMS
@@ -903,6 +909,8 @@ CVE-2017-18194 (SQL injection vulnerability in
users/signup.php in the "sig
NOT-FOR-US: HamayeshNegar CMS
CVE-2017-18193 (fs/f2fs/extent_cache.c in the Linux kernel before 4.13
mishandles ...)
- linux 4.13.4-1
+ [jessie] - linux <not-affected> (Vulnerable code not present)
+ [wheezy] - linux <not-affected> (Vulnerable code not present)
NOTE: Fixed by:
https://git.kernel.org/linus/dad48e73127ba10279ea33e6dbc8d3905c4d31c0
CVE-2017-6932 (Drupal core 7.x versions before 7.57 has an external link
injection ...)
{DSA-4123-1 DLA-1295-1}
@@ -1276,7 +1284,7 @@ CVE-2018-7275
CVE-2018-7274 (Yab Quarx through 2.4.3 is prone to multiple persistent
cross-site ...)
NOT-FOR-US: Yab Quarx
CVE-2018-7273 (In the Linux kernel through 4.15.4, the floppy driver reveals
the ...)
- - linux <unfixed>
+ - linux 4.15.4-1
NOTE: https://lkml.org/lkml/2018/2/20/669
CVE-2018-7272 (The REST APIs in ForgeRock AM before 5.5.0 include SSOToken IDs
as part ...)
NOT-FOR-US: ForgeRock AM
@@ -2935,6 +2943,8 @@ CVE-2018-1000041 (GNOME librsvg version before commit ...)
NOTE:
https://github.com/GNOME/librsvg/commit/4de19d9fdddf81773125b04a4defe1ffd0d3bfe0
CVE-2017-18174 (In the Linux kernel before 4.7, the amd_gpio_remove function
in ...)
- linux 4.7.2-1
+ [jessie] - linux <not-affected> (Vulnerable code not present)
+ [wheezy] - linux <not-affected> (Vulnerable code not present)
NOTE: Fixed by:
https://git.kernel.org/linus/251e22abde21833b3d29577e4d8c7aaccd650eee
CVE-2017-18173
RESERVED
@@ -50709,6 +50719,7 @@ CVE-2015-9017
CVE-2015-9016 [blk-mq: fix race between timeout and freeing request]
RESERVED
- linux 4.2.3-1
+ [wheezy] - linux <not-affected> (Vulnerable code not present)
NOTE: Fixed by:
https://git.kernel.org/linus/0048b4837affd153897ed1222283492070027aa9 (4.3-rc1)
CVE-2015-9015
RESERVED
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/86548e12c22a72005809a66ed1bff369acb312fd
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/86548e12c22a72005809a66ed1bff369acb312fd
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
