Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 86548e12 by Salvatore Bonaccorso at 2018-03-03T21:00:17+01:00 Sync various issues with kernel-sec triage from benh - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -475,6 +475,8 @@ CVE-2018-7493 CVE-2017-18204 (The ocfs2_setattr function in fs/ocfs2/file.c in the Linux kernel ...) - linux 4.14.2-1 [stretch] - linux 4.9.65-1 + [jessie] - linux <not-affected> (Vulnerable code introduced later) + [wheezy] - linux <not-affected> (Vulnerable code introduced later) NOTE: Fixed by: https://git.kernel.org/linus/28f5a8a7c033cbf3e32277f4cc9c6afd74f05300 CVE-2017-18203 (The dm_get_from_kobject function in drivers/md/dm.c in the Linux kernel ...) - linux 4.14.7-1 @@ -483,6 +485,8 @@ CVE-2017-18203 (The dm_get_from_kobject function in drivers/md/dm.c in the Linux CVE-2017-18202 (The __oom_reap_task_mm function in mm/oom_kill.c in the Linux kernel ...) - linux 4.14.7-1 [stretch] - linux 4.9.80-1 + [jessie] - linux <not-affected> (Vulnerable code not present) + [wheezy] - linux <not-affected> (Vulnerable code not present) NOTE: Fixed by: https://git.kernel.org/linus/687cb0884a714ff484d038e9190edc874edcf146 CVE-2018-7492 (A NULL pointer dereference was found in the net/rds/rdma.c ...) - linux 4.14.7-1 @@ -545,6 +549,8 @@ CVE-2018-7481 RESERVED CVE-2018-7480 (The blkcg_init_queue function in block/blk-cgroup.c in the Linux ...) - linux 4.11.6-1 + [jessie] - linux <not-affected> (Issue introduced later) + [wheezy] - linux <not-affected> (Issue introduced later) NOTE: Fixed by: https://git.kernel.org/linus/9b54d816e00425c3a517514e0d677bb3cec49258 CVE-2018-7479 (YzmCMS 3.6 allows remote attackers to discover the full path via a ...) NOT-FOR-US: YzmCMS @@ -903,6 +909,8 @@ CVE-2017-18194 (SQL injection vulnerability in users/signup.php in the "sig NOT-FOR-US: HamayeshNegar CMS CVE-2017-18193 (fs/f2fs/extent_cache.c in the Linux kernel before 4.13 mishandles ...) - linux 4.13.4-1 + [jessie] - linux <not-affected> (Vulnerable code not present) + [wheezy] - linux <not-affected> (Vulnerable code not present) NOTE: Fixed by: https://git.kernel.org/linus/dad48e73127ba10279ea33e6dbc8d3905c4d31c0 CVE-2017-6932 (Drupal core 7.x versions before 7.57 has an external link injection ...) {DSA-4123-1 DLA-1295-1} @@ -1276,7 +1284,7 @@ CVE-2018-7275 CVE-2018-7274 (Yab Quarx through 2.4.3 is prone to multiple persistent cross-site ...) NOT-FOR-US: Yab Quarx CVE-2018-7273 (In the Linux kernel through 4.15.4, the floppy driver reveals the ...) - - linux <unfixed> + - linux 4.15.4-1 NOTE: https://lkml.org/lkml/2018/2/20/669 CVE-2018-7272 (The REST APIs in ForgeRock AM before 5.5.0 include SSOToken IDs as part ...) NOT-FOR-US: ForgeRock AM @@ -2935,6 +2943,8 @@ CVE-2018-1000041 (GNOME librsvg version before commit ...) NOTE: https://github.com/GNOME/librsvg/commit/4de19d9fdddf81773125b04a4defe1ffd0d3bfe0 CVE-2017-18174 (In the Linux kernel before 4.7, the amd_gpio_remove function in ...) - linux 4.7.2-1 + [jessie] - linux <not-affected> (Vulnerable code not present) + [wheezy] - linux <not-affected> (Vulnerable code not present) NOTE: Fixed by: https://git.kernel.org/linus/251e22abde21833b3d29577e4d8c7aaccd650eee CVE-2017-18173 RESERVED @@ -50709,6 +50719,7 @@ CVE-2015-9017 CVE-2015-9016 [blk-mq: fix race between timeout and freeing request] RESERVED - linux 4.2.3-1 + [wheezy] - linux <not-affected> (Vulnerable code not present) NOTE: Fixed by: https://git.kernel.org/linus/0048b4837affd153897ed1222283492070027aa9 (4.3-rc1) CVE-2015-9015 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/86548e12c22a72005809a66ed1bff369acb312fd --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/86548e12c22a72005809a66ed1bff369acb312fd You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits