Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2f636cc4 by Salvatore Bonaccorso at 2018-04-18T07:22:39+02:00
Sync kernel issues with kernel-sec triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -377,6 +377,7 @@ CVE-2018-10022
RESERVED
CVE-2018-10021 (** DISPUTED ** drivers/scsi/libsas/sas_scsi_host.c in the
Linux kernel ...)
- linux <unfixed>
+ [wheezy] - linux <not-affected> (Vulnerable code introduced later)
NOTE: Fixed by:
https://git.kernel.org/linus/318aaf34f1179b39fa9c30fa0f3288b645beee39 (4.16-rc7)
NOTE: Low security impact, failure can only occur for physically
NOTE: proximate attackers who unplug SAS Host Bus Adapter cables.
@@ -2017,6 +2018,7 @@ CVE-2018-9275 (In check_user_token in util.c in the
Yubico PAM module (aka pam_y
NOTE: https://github.com/Yubico/yubico-pam/issues/136
CVE-2017-18257 (The __get_data_block function in fs/f2fs/data.c in the Linux
kernel ...)
- linux 4.11.6-1
+ [wheezy] - linux <not-affected> (Vulnerable code not present)
NOTE: Fixed by:
https://git.kernel.org/linus/b86e33075ed1909d8002745b56ecf73b833db143
CVE-2018-1002150 (Koji version 1.12, 1.13, 1.14 and 1.15 contain an incorrect
access ...)
- koji <not-affected> (Issue introduced in 1.12.0, cf. #894832)
@@ -2690,6 +2692,7 @@ CVE-2017-18250 (An issue was discovered in ImageMagick
7.0.7. A NULL pointer ...
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/2f368e74a51ec7541b6595af712d17d6d1376534
CVE-2017-18249 (The add_free_nid function in fs/f2fs/node.c in the Linux
kernel before ...)
- linux 4.12.6-1
+ [wheezy] - linux <not-affected> (Vulnerable code not present)
NOTE: Fixed by:
https://git.kernel.org/linus/30a61ddf8117c26ac5b295e1233eaa9629a94ca3
CVE-2017-18248 (The add_job function in scheduler/ipp.c in CUPS before 2.2.6,
when ...)
- cups 2.2.6-1
@@ -3045,6 +3048,7 @@ CVE-2018-1000136 (Electron version 1.7 up to 1.7.12; 1.8
up to 1.8.3 and 2.0.0 u
- electron <itp> (bug #842420)
CVE-2017-18241 (fs/f2fs/segment.c in the Linux kernel before 4.13 allows local
users to ...)
- linux 4.13.4-1
+ [wheezy] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/d4fdf8ba0e5808ba9ad6b44337783bd9935e0982
CVE-2016-10717 (A vulnerability in the encryption and permission
implementation of ...)
NOT-FOR-US: Malwarebytes Anti-Malware
@@ -3557,6 +3561,7 @@ CVE-2018-8718 (Cross-site request forgery (CSRF)
vulnerability in the Mailer Plu
- jenkins-mailer-plugin <removed>
CVE-2017-18232 (The Serial Attached SCSI (SAS) implementation in the Linux
kernel ...)
- linux <unfixed>
+ [wheezy] - linux <not-affected> (Vulnerability introduced later)
NOTE: Fixed by:
https://git.kernel.org/linus/0558f33c06bb910e2879e355192227a8e8f0219d
CVE-2018-8717 (joyplus-cms 1.6.0 has CSRF, as demonstrated by adding an
administrator ...)
NOT-FOR-US: joyplus-cms
@@ -24343,6 +24348,7 @@ CVE-2018-1095 (The ext4_xattr_check_entries function in
fs/ext4/xattr.c in the L
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199185
CVE-2018-1094 (The ext4_fill_super function in fs/ext4/super.c in the Linux
kernel ...)
- linux <unfixed>
+ [wheezy] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199183
CVE-2018-1093 (The ext4_valid_block_bitmap function in fs/ext4/balloc.c in the
Linux ...)
- linux <unfixed>
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2f636cc440a7347ba3cfc4298ad567463383144c
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2f636cc440a7347ba3cfc4298ad567463383144c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
