Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
37ce58dc by Salvatore Bonaccorso at 2018-02-22T16:52:21+01:00
Merge fixes included in DSA
- - - - -
2 changed files:
- data/CVE/list
- data/next-point-update.txt
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1124,6 +1124,7 @@ CVE-2015-9252 (An issue was discovered in QPDF before
7.0.0. Endless recursion c
NOTE: https://github.com/qpdf/qpdf/issues/51
CVE-2018-6927 (The futex_requeue function in kernel/futex.c in the Linux
kernel before ...)
- linux 4.14.17-1
+ [stretch] - linux 4.9.80-1
NOTE: Fixed by:
https://git.kernel.org/linus/fbe0e839d1e22d88810f3ee3e2f1479be4c0aa4a
CVE-2018-6926 (In app/Controller/ServersController.php in MISP 2.4.87, a
server ...)
NOT-FOR-US: MISP
@@ -3264,6 +3265,7 @@ CVE-2017-1000475 (FreeSSHd 1.3.1 version is vulnerable to
an Unquoted Path Servi
NOT-FOR-US: FreeSSHd
CVE-2017-18075 (crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles
freeing ...)
- linux 4.14.13-1
+ [stretch] - linux 4.9.80-1
[jessie] - linux <not-affected> (Vulnerable code not present)
[wheezy] - linux <not-affected> (Vulnerable code not present)
NOTE: Fixed by:
https://git.kernel.org/linus/d76c68109f37cb85b243a1cf0f40313afd2bae68
@@ -5399,6 +5401,7 @@ CVE-2018-5346
RESERVED
CVE-2018-1000004 (In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier
versions a ...)
- linux 4.14.17-1
+ [stretch] - linux 4.9.80-1
CVE-2018-1000001 (In glibc 2.26 and earlier there is confusion in the usage of
getcwd() ...)
- glibc 2.26-4 (bug #887001)
[stretch] - glibc <postponed> (Minor issue, can be fixed along in next
DSA or preferably point release)
@@ -5414,6 +5417,7 @@ CVE-2018-5345 (A stack-based buffer overflow within GNOME
gcab through 0.7.4 can
NOTE:
https://git.gnome.org/browse/gcab/commit/?id=bd2abee5f0a9b5cbe3a1ab1f338c4fb8f6ca797b
CVE-2018-5344 (In the Linux kernel through 4.14.13, drivers/block/loop.c
mishandles ...)
- linux 4.14.17-1
+ [stretch] - linux 4.9.80-1
[jessie] - linux <not-affected> (Vulnerability introduced later)
[wheezy] - linux <not-affected> (Vulnerability introduced later)
NOTE: Fixed by:
https://git.kernel.org/linus/ae6650163c66a7eff1acd6eb8b0f752dcfa8eba5
@@ -5452,9 +5456,11 @@ CVE-2018-5334 (In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to
2.2.11, the IxVeriWave f
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=dc308c05ba0673460fe80873b22d296880ee996d
CVE-2018-5333 (In the Linux kernel through 4.14.13, the rds_cmsg_atomic
function in ...)
- linux 4.14.17-1
+ [stretch] - linux 4.9.80-1
NOTE: Fixed by:
https://git.kernel.org/linus/7d11f77f84b27cef452cee332f4e469503084737
CVE-2018-5332 (In the Linux kernel through 4.14.13, the
rds_message_alloc_sgs() ...)
- linux 4.14.17-1
+ [stretch] - linux 4.9.80-1
NOTE: Fixed by:
https://git.kernel.org/linus/c095508770aebf1b9218e77026e48345d719b17c
CVE-2017-1000441
REJECTED
@@ -19738,15 +19744,19 @@ CVE-2017-16915
RESERVED
CVE-2017-16914 (The "stub_send_ret_submit()" function
(drivers/usb/usbip/stub_tx.c) in ...)
- linux 4.14.12-1
+ [stretch] - linux 4.9.80-1
NOTE: Fixed by:
https://git.kernel.org/linus/be6123df1ea8f01ee2f896a16c2b7be3e4557a5a
CVE-2017-16913 (The "stub_recv_cmd_submit()" function
(drivers/usb/usbip/stub_rx.c) in ...)
- linux 4.14.12-1
+ [stretch] - linux 4.9.80-1
NOTE: Fixed by:
https://git.kernel.org/linus/c6688ef9f29762e65bce325ef4acd6c675806366
CVE-2017-16912 (The "get_pipe()" function
(drivers/usb/usbip/stub_rx.c) in the Linux ...)
- linux 4.14.12-1
+ [stretch] - linux 4.9.80-1
NOTE: Fixed by:
https://git.kernel.org/linus/635f545a7e8be7596b9b2b6a43cab6bbd5a88e43
CVE-2017-16911 (The vhci_hcd driver in the Linux Kernel before version 4.14.8
and ...)
- linux 4.14.12-1
+ [stretch] - linux 4.9.80-1
NOTE: Fixed by:
https://git.kernel.org/linus/2f2d0088eb93db5c649d2a5e34a3800a8a935fc5
CVE-2017-16910
RESERVED
@@ -25283,6 +25293,7 @@ CVE-2017-15130
RESERVED
CVE-2017-15129 (A use-after-free vulnerability was found in network namespaces
code ...)
- linux 4.14.12-1
+ [stretch] - linux 4.9.80-1
[jessie] - linux <not-affected> (Vulnerable code not present)
[wheezy] - linux <not-affected> (Vulnerable code not present)
NOTE: Fixed by:
https://git.kernel.org/linus/21b5944350052d2583e82dd59b19a9ba94a007f0
@@ -30806,6 +30817,7 @@ CVE-2017-13217 (In DisplayFtmItem in the bootloader,
there is an out-of-bounds w
NOT-FOR-US: Android kernel component (no source release, no apparently
not affecting mainline)
CVE-2017-13216 (In ashmem_ioctl of ashmem.c, there is an out-of-bounds write
due to ...)
- linux 4.14.17-1 (unimportant)
+ [stretch] - linux 4.9.80-1
[wheezy] - linux <not-affected> (Vulnerable code not present)
NOTE: Fixed by:
https://git.kernel.org/linus/443064cb0b1fb4569fe0a71209da7625129f
CVE-2017-13215 (A elevation of privilege vulnerability in the Upstream kernel
...)
@@ -67838,7 +67850,7 @@ CVE-2017-0862 (An elevation of privilege vulnerability
in the Upstream kernel ke
NOT-FOR-US: Android driver (proprietary, not part of upstream kernel)
CVE-2017-0861 (Use-after-free vulnerability in the snd_pcm_info function in
the ALSA ...)
- linux 4.13.4-1
- [stretch] - linux <ignored> (Minor issue, cf. kernel-sec information)
+ [stretch] - linux 4.9.80-1
[jessie] - linux <ignored> (Minor issue, cf. kernel-sec information)
[wheezy] - linux <ignored> (Minor issue, cf. kernel-sec information)
NOTE:
https://git.kernel.org/linus/362bca57f5d78220f8b5907b875961af9436e229
=====================================
data/next-point-update.txt
=====================================
--- a/data/next-point-update.txt
+++ b/data/next-point-update.txt
@@ -105,32 +105,6 @@ CVE-2017-12380
[stretch] - clamav 0.99.2+dfsg-6+deb9u1
CVE-2018-6560
[stretch] - flatpak 0.8.9-0+deb9u1
-CVE-2017-13216
- [stretch] - linux 4.9.80-1
-CVE-2017-15129
- [stretch] - linux 4.9.80-1
-CVE-2017-16911
- [stretch] - linux 4.9.80-1
-CVE-2017-16912
- [stretch] - linux 4.9.80-1
-CVE-2017-16913
- [stretch] - linux 4.9.80-1
-CVE-2017-16914
- [stretch] - linux 4.9.80-1
-CVE-2017-18075
- [stretch] - linux 4.9.80-1
-CVE-2018-5332
- [stretch] - linux 4.9.80-1
-CVE-2018-5333
- [stretch] - linux 4.9.80-1
-CVE-2018-5344
- [stretch] - linux 4.9.80-1
-CVE-2018-6927
- [stretch] - linux 4.9.80-1
-CVE-2017-0861
- [stretch] - linux 4.9.80-1
-CVE-2018-1000004
- [stretch] - linux 4.9.80-1
CVE-2017-1000494
[stretch] - miniupnpd 1.8.20140523-4.1+deb9u1
CVE-2018-6758
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/37ce58dc4f97feff3ccca5adaa598948ba7cecae
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/37ce58dc4f97feff3ccca5adaa598948ba7cecae
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
