diff options
| author | Salvatore Bonaccorso <carnil@debian.org> | 2024-02-06 22:01:38 +0100 |
|---|---|---|
| committer | Salvatore Bonaccorso <carnil@debian.org> | 2024-02-06 22:01:38 +0100 |
| commit | 7a3afca05854f9fad10d7bed9730fbb430b584dd (patch) | |
| tree | 4a28e83e982950139a7ecd9cf98fd33b7ca50da6 /data | |
| parent | 709ed7a8206904270a6ecd5b87de0a842f3a718b (diff) | |
Merge linux changes for bookworm 12.5
Diffstat (limited to 'data')
| -rw-r--r-- | data/CVE/list | 12 | ||||
| -rw-r--r-- | data/next-point-update.txt | 24 |
2 files changed, 12 insertions, 24 deletions
diff --git a/data/CVE/list b/data/CVE/list index 5d768634f8..e4ccae8df6 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1184,10 +1184,12 @@ CVE-2024-1087 REJECTED CVE-2024-1086 (A use-after-free vulnerability in the Linux kernel's netfilter: nf_tab ...) - linux 6.6.15-1 + [bookworm] - linux 6.1.76-1 NOTE: https://kernel.dance/f342de4e2f33e0e39165d8639387aa6c19dff660 NOTE: https://git.kernel.org/linus/f342de4e2f33e0e39165d8639387aa6c19dff660 (6.8-rc2) CVE-2024-1085 (A use-after-free vulnerability in the Linux kernel's netfilter: nf_tab ...) - linux 6.6.15-1 + [bookworm] - linux 6.1.76-1 [bullseye] - linux <not-affected> (Vulnerable code not present) [buster] - linux <not-affected> (Vulnerable code not present) NOTE: https://kernel.dance/b1db244ffd041a49ecc9618e8feb6b5c1afcdaa7 @@ -1670,6 +1672,7 @@ CVE-2024-0986 (A vulnerability was found in Issabel PBX 4.0.0. It has been rated NOT-FOR-US: Issabel PBX CVE-2023-52340 [ipv6: remove max_size check inline with ipv4] - linux 6.3.7-1 + [bookworm] - linux 6.1.76-1 NOTE: https://git.kernel.org/linus/af6d10345ca76670c1b7c37799f0d5576ccef277 (6.3-rc1) CVE-2024-0841 (A null pointer dereference flaw was found in the hugetlbfs_fill_super ...) - linux <unfixed> @@ -2572,6 +2575,7 @@ CVE-2024-23850 (In btrfs_get_root_ref in fs/btrfs/disk-io.c in the Linux kernel NOTE: https://lore.kernel.org/all/6a80cb4b32af89787dadee728310e5e2ca85343f.1705741883.git.wqu%40suse.com/ CVE-2024-23849 (In rds_recv_track_latency in net/rds/af_rds.c in the Linux kernel thro ...) - linux 6.6.15-1 + [bookworm] - linux 6.1.76-1 NOTE: https://lore.kernel.org/netdev/1705715319-19199-1-git-send-email-sharath.srinivasan%40oracle.com/ CVE-2024-23848 (In the Linux kernel through 6.7.1, there is a use-after-free in cec_qu ...) - linux <unfixed> @@ -2594,6 +2598,7 @@ CVE-2024-23180 (Improper input validation vulnerability in a-blog cms Ver.3.1.x NOT-FOR-US: a-blog cms CVE-2024-22705 (An issue was discovered in ksmbd in the Linux kernel before 6.6.10. sm ...) - linux 6.6.11-1 + [bookworm] - linux 6.1.76-1 [bullseye] - linux <not-affected> (Vulnerable code not present) [buster] - linux <not-affected> (Vulnerable code not present) NOTE: https://git.kernel.org/linus/d10c77873ba1e9e6b91905018e29e196fd5f863d (6.7-rc8) @@ -2934,6 +2939,7 @@ CVE-2023-46839 [pci: phantom functions assigned to incorrect contexts] NOTE: https://xenbits.xen.org/xsa/advisory-449.html CVE-2023-46838 (Transmit requests in Xen's virtual network protocol can consist of mul ...) - linux 6.6.15-1 + [bookworm] - linux 6.1.76-1 NOTE: https://xenbits.xen.org/xsa/advisory-448.html NOTE: https://git.kernel.org/linus/c7ec4f2d684e17d69bbdd7c4324db0ef5daac26a CVE-2024-23771 (darkhttpd before 1.15 uses strcmp (which is not constant time) to veri ...) @@ -4221,6 +4227,7 @@ CVE-2023-6941 (The Keap Official Opt-in Forms WordPress plugin through 1.0.11 do NOT-FOR-US: WordPress plugin CVE-2023-6915 (A Null pointer dereference problem was found in ida_free in lib/idr.c ...) - linux 6.6.13-1 + [bookworm] - linux 6.1.76-1 NOTE: https://git.kernel.org/linus/af73483f4e8b6f5c68c9aa63257bdd929a9c194a (6.7-rc7) CVE-2023-6843 (The easy.jobs- Best Recruitment Plugin for Job Board Listing, Manager, ...) NOT-FOR-US: WordPress plugin @@ -11257,6 +11264,7 @@ CVE-2023-6646 (A vulnerability classified as problematic has been found in linkd NOT-FOR-US: linkding CVE-2023-50431 (sec_attest_info in drivers/accel/habanalabs/common/habanalabs_ioctl.c ...) - linux 6.6.15-1 + [bookworm] - linux 6.1.76-1 [bullseye] - linux <not-affected> (Vulnerable code not present) [buster] - linux <not-affected> (Vulnerable code not present) NOTE: https://lists.freedesktop.org/archives/dri-devel/2023-November/431772.html @@ -11327,6 +11335,7 @@ CVE-2023-6611 (A vulnerability was found in Tongda OA 2017 up to 11.9. It has be NOT-FOR-US: Tongda OA CVE-2023-6610 (An out-of-bounds read vulnerability was found in smb2_dump_detail in f ...) - linux 6.6.13-1 (unimportant) + [bookworm] - linux 6.1.76-1 NOTE: CONFIG_CIFS_DEBUG2 not enabled in Debian NOTE: https://git.kernel.org/linus/567320c46a60a3c39b69aa1df802d753817a3f86 CVE-2023-6609 (A vulnerability was found in osCommerce 4. It has been classified as p ...) @@ -11338,6 +11347,7 @@ CVE-2023-6607 (A vulnerability has been found in Tongda OA 2017 up to 11.10 and CVE-2023-6606 (An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb ...) {DLA-3710-1} - linux 6.6.9-1 + [bookworm] - linux 6.1.76-1 NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=218218 NOTE: https://git.kernel.org/linus/b35858b3786ddbb56e1c35138ba25d6adf8d0bef CVE-2023-6507 (An issue was found in CPython 3.12.0 `subprocess` module on POSIX plat ...) @@ -19179,6 +19189,7 @@ CVE-2023-33517 (carRental 1.0 is vulnerable to Incorrect Access Control (Arbitra NOT-FOR-US: carRental CVE-2023-5633 (The reference count changes made as part of the CVE-2023-33951 and CVE ...) - linux 6.5.8-1 + [bookworm] - linux 6.1.76-1 [bullseye] - linux <not-affected> (Vulnerable code not present) [buster] - linux <not-affected> (Vulnerable code not present) NOTE: https://git.kernel.org/linus/91398b413d03660fd5828f7b4abc64e884b98069 (6.6-rc6) @@ -53298,6 +53309,7 @@ CVE-2023-1194 (An out-of-bounds (OOB) memory read flaw was found in parse_lease_ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2154176 CVE-2023-1193 (A use-after-free flaw was found in setup_async_work in the KSMBD imple ...) - linux 6.3.7-1 + [bookworm] - linux 6.1.76-1 [bullseye] - linux <not-affected> (Vulnerable code not present) [buster] - linux <not-affected> (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2154177 diff --git a/data/next-point-update.txt b/data/next-point-update.txt index e20ab14aaa..87c3d7b3c4 100644 --- a/data/next-point-update.txt +++ b/data/next-point-update.txt @@ -68,30 +68,6 @@ CVE-2023-6683 [bookworm] - qemu 1:7.2+dfsg-7+deb12u4 CVE-2024-0911 [bookworm] - indent 2.2.12-4+deb12u3 -CVE-2023-1193 - [bookworm] - linux 6.1.76-1 -CVE-2023-46838 - [bookworm] - linux 6.1.76-1 -CVE-2023-50431 - [bookworm] - linux 6.1.76-1 -CVE-2023-52340 - [bookworm] - linux 6.1.76-1 -CVE-2023-5633 - [bookworm] - linux 6.1.76-1 -CVE-2023-6606 - [bookworm] - linux 6.1.76-1 -CVE-2023-6610 - [bookworm] - linux 6.1.76-1 -CVE-2023-6915 - [bookworm] - linux 6.1.76-1 -CVE-2024-1085 - [bookworm] - linux 6.1.76-1 -CVE-2024-1086 - [bookworm] - linux 6.1.76-1 -CVE-2024-22705 - [bookworm] - linux 6.1.76-1 -CVE-2024-23849 - [bookworm] - linux 6.1.76-1 CVE-2023-46837 [bookworm] - xen 4.17.3+10-g091466ba55-1~deb12u1 CVE-2023-46840 |