diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2021-10-09 09:48:26 +0200 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2021-10-09 09:48:26 +0200 |
commit | f8aad96e2dfbe988c5fef78ffc0934e3b2b7059b (patch) | |
tree | 5990f8fa8c6988e718482c849522bde6b166c912 | |
parent | aac5c2cf5eee7a24152347b40e31e766795a476e (diff) |
Merge fixes for src:linux for buster (10.11) and bullseye (11.1)
This can be done, since at this point the d-i will need to be based on
these versions. Cleanup the next point releases tracking lists
accordingly.
-rw-r--r-- | data/CVE/2020.list | 5 | ||||
-rw-r--r-- | data/CVE/2021.list | 30 | ||||
-rw-r--r-- | data/next-oldstable-point-update.txt | 52 | ||||
-rw-r--r-- | data/next-point-update.txt | 14 |
4 files changed, 33 insertions, 68 deletions
diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 99e7ad6b75..50d91d768f 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -10924,6 +10924,7 @@ CVE-2020-26542 (An issue was discovered in the MongoDB Simple LDAP plugin throug NOT-FOR-US: MongoDB plugin CVE-2020-26541 (The Linux kernel through 5.8.13 does not properly enforce the Secure B ...) - linux 5.14.6-1 + [bullseye] - linux 5.10.70-1 [stretch] - linux <not-affected> (Secure Boot key import not supported) NOTE: https://lkml.org/lkml/2020/9/15/1871 CVE-2020-26540 (An issue was discovered in Foxit Reader and PhantomPDF before 4.1 on m ...) @@ -33630,8 +33631,7 @@ CVE-2020-16120 (Overlayfs did not properly perform permission checking when copy CVE-2020-16119 (Use-after-free vulnerability in the Linux kernel exploitable by a loca ...) {DSA-4978-1} - linux 5.14.6-1 - [bullseye] - linux <no-dsa> (Minor issue, blacklisted by default, revisit if fixed upstream) - [buster] - linux <no-dsa> (Minor issue, blacklisted by default, revisit if fixed upstream) + [buster] - linux 4.19.208-1 NOTE: https://www.openwall.com/lists/oss-security/2020/10/13/7 NOTE: https://git.kernel.org/linus/d9ea761fdd197351890418acd462c51f241014a7 CVE-2020-16118 (In GNOME Balsa before 2.6.0, a malicious server operator or man in the ...) @@ -64225,6 +64225,7 @@ CVE-2020-3703 (u'Buffer over-read issue in Bluetooth peripheral firmware due to CVE-2020-3702 (u'Specifically timed and handcrafted traffic can cause internal errors ...) {DSA-4978-1} - linux 5.14.6-1 + [buster] - linux 4.19.208-1 NOTE: https://lore.kernel.org/linux-wireless/CABvG-CVvPF++0vuGzCrBj8+s=Bcx1GwWfiW1_Somu_GVncTAcQ@mail.gmail.com/ NOTE: https://lore.kernel.org/stable/20210818084859.vcs4vs3yd6zetmyt@pali/t/#mf8b430d4f19f1b939a29b6c5098fdc514fd1a928 CVE-2020-3701 (Use after free issue while processing error notification from camx dri ...) diff --git a/data/CVE/2021.list b/data/CVE/2021.list index a8e130cf16..193f22aa8b 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -241,6 +241,8 @@ CVE-2021-3859 RESERVED CVE-2021-42008 (The decode_data function in drivers/net/hamradio/6pack.c in the Linux ...) - linux 5.14.6-1 + [bullseye] - linux 5.10.70-1 + [buster] - linux 4.19.208-1 NOTE: https://git.kernel.org/linus/19d1532a187669ce86d5a2696eb7275310070793 (5.14-rc7) CVE-2021-42007 RESERVED @@ -3815,6 +3817,7 @@ CVE-2021-40491 (The ftp client in GNU Inetutils before 2.2 does not validate add CVE-2021-40490 (A race condition was discovered in ext4_write_inline_data_end in fs/ex ...) {DSA-4978-1} - linux 5.14.6-1 + [buster] - linux 4.19.208-1 NOTE: https://lore.kernel.org/linux-ext4/000000000000e5080305c9e51453@google.com/ CVE-2021-40437 RESERVED @@ -4063,6 +4066,7 @@ CVE-2021-3753 RESERVED {DSA-4978-1} - linux 5.14.6-1 + [buster] - linux 4.19.208-1 NOTE: https://git.kernel.org/linus/2287a51ba822384834dafc1c798453375d1107c7 CVE-2021-3752 RESERVED @@ -4481,6 +4485,7 @@ CVE-2021-3743 RESERVED {DSA-4978-1} - linux 5.14.6-1 + [buster] - linux 4.19.208-1 [stretch] - linux <not-affected> (Vulnerable code introduced later) NOTE: https://lists.openwall.net/netdev/2021/08/17/124 NOTE: https://git.kernel.org/linus/7e78c597c3ebfd0cb329aa09a838734147e4f117 @@ -5626,6 +5631,7 @@ CVE-2021-3732 [overlayfs: Mounting overlayfs inside an unprivileged user namespa RESERVED {DSA-4978-1} - linux 5.14.6-1 + [buster] - linux 4.19.208-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1995249 NOTE: https://git.kernel.org/linus/427215d85e8d1476da1a86b8d67aceb485eb3631 CVE-2021-39615 (** UNSUPPORTED WHEN ASSIGNED ** D-Link DSR-500N version 1.02 contains ...) @@ -8805,6 +8811,7 @@ CVE-2021-38301 RESERVED CVE-2021-38300 (arch/mips/net/bpf_jit.c in the Linux kernel through 5.14.6 can generat ...) - linux 5.14.6-1 + [bullseye] - linux 5.10.70-1 [stretch] - linux <ignored> (mips not supported in LTS) NOTE: https://www.openwall.com/lists/oss-security/2021/09/15/5 NOTE: https://lore.kernel.org/bpf/20210915160437.4080-1-piotras@gmail.com/ @@ -9035,9 +9042,13 @@ CVE-2021-38206 (The mac80211 subsystem in the Linux kernel before 5.12.13, when NOTE: https://git.kernel.org/linus/bddc0c411a45d3718ac535a070f349be8eca8d48 CVE-2021-38205 (drivers/net/ethernet/xilinx/xilinx_emaclite.c in the Linux kernel befo ...) - linux 5.14.6-1 + [bullseye] - linux 5.10.70-1 + [buster] - linux 4.19.208-1 NOTE: https://git.kernel.org/linus/d0d62baa7f505bd4c59cd169692ff07ec49dde37 CVE-2021-38204 (drivers/usb/host/max3421-hcd.c in the Linux kernel before 5.13.6 allow ...) - linux 5.14.6-1 (unimportant) + [bullseye] - linux 5.10.70-1 + [buster] - linux 4.19.208-1 NOTE: https://git.kernel.org/linus/b5fdf5c6e6bee35837e160c00ac89327bdad031b CVE-2021-38203 (btrfs in the Linux kernel before 5.13.4 allows attackers to cause a de ...) - linux 5.14.6-1 @@ -9057,9 +9068,11 @@ CVE-2021-38200 (arch/powerpc/perf/core-book3s.c in the Linux kernel before 5.12. CVE-2021-38199 (fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect co ...) {DSA-4978-1} - linux 5.14.6-1 + [buster] - linux 4.19.208-1 NOTE: https://git.kernel.org/linus/dd99e9f98fbf423ff6d365b37a98e8879170f17c CVE-2021-38198 (arch/x86/kvm/mmu/paging_tmpl.h in the Linux kernel before 5.12.11 inco ...) - linux 5.10.46-1 + [buster] - linux 4.19.208-1 NOTE: https://git.kernel.org/linus/b1bd5cba3306691c771d558e94baa73e8b0b96b7 CVE-2021-38197 (unarr.go in go-unarr (aka Go bindings for unarr) 0.1.1 allows Director ...) NOT-FOR-US: Go unarr @@ -9180,6 +9193,7 @@ CVE-2021-38165 (Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI CVE-2021-38160 (** DISPUTED ** In drivers/char/virtio_console.c in the Linux kernel be ...) {DSA-4978-1} - linux 5.14.6-1 + [buster] - linux 4.19.208-1 NOTE: https://git.kernel.org/linus/d00d8da5869a2608e97cfede094dfc5e11462a46 CVE-2021-38154 (Certain Canon devices manufactured in 2012 through 2020 (such as image ...) NOT-FOR-US: Canon @@ -9734,6 +9748,7 @@ CVE-2021-3680 (showdoc is vulnerable to Missing Cryptographic Step ...) CVE-2021-3679 (A lack of CPU resource in the Linux kernel tracing module functionalit ...) {DSA-4978-1} - linux 5.14.6-1 + [buster] - linux 4.19.208-1 NOTE: https://git.kernel.org/linus/67f0d6d9883c13174669f88adac4f0ee656cc16a CVE-2021-3678 (showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random N ...) NOT-FOR-US: showdoc @@ -10627,6 +10642,7 @@ CVE-2021-3666 (body-parser-xml is vulnerable to Improperly Controlled Modificati CVE-2021-37576 (arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on t ...) {DSA-4978-1} - linux 5.14.6-1 + [buster] - linux 4.19.208-1 [stretch] - linux <ignored> (powerpc architectures not included in LTS) NOTE: https://git.kernel.org/linus/f62f3c20647ebd5fb6ecb8f0b477b9281c44c10a (5.14-rc3) CVE-2021-37538 (Multiple SQL injection vulnerabilities in SmartDataSoft SmartBlog for ...) @@ -11466,6 +11482,8 @@ CVE-2021-3657 RESERVED CVE-2021-37159 (hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel throu ...) - linux 5.14.6-1 + [bullseye] - linux 5.10.70-1 + [buster] - linux 4.19.208-1 NOTE: https://www.spinics.net/lists/linux-usb/msg202228.html CVE-2021-37150 RESERVED @@ -11502,6 +11520,7 @@ CVE-2021-3656 [KVM: nSVM: always intercept VMLOAD/VMSAVE when nested] RESERVED {DSA-4978-1} - linux 5.14.6-1 + [buster] - linux 4.19.208-1 [stretch] - linux <not-affected> (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2021/08/16/1 CVE-2021-37139 @@ -11824,6 +11843,7 @@ CVE-2021-36981 (In the server in SerNet verinice before 1.22.2, insecure Java de NOT-FOR-US: SerNet verinice CVE-2021-3655 (A vulnerability was found in the Linux kernel in versions prior to v5. ...) - linux 5.10.46-3 + [buster] - linux 4.19.208-1 CVE-2021-3654 [novnc allows open redirection] RESERVED - nova 2:23.0.2-3 (bug #991441) @@ -12277,6 +12297,7 @@ CVE-2021-36775 CVE-2021-3653 (A flaw was found in the KVM's AMD code for supporting SVM nested virtu ...) {DSA-4978-1} - linux 5.14.6-1 + [buster] - linux 4.19.208-1 NOTE: https://www.openwall.com/lists/oss-security/2021/08/16/1 CVE-2021-36774 RESERVED @@ -15235,6 +15256,7 @@ CVE-2021-35478 (Nagios Log Server before 2.1.9 contains Reflected XSS in the dro NOT-FOR-US: Nagios Log Server CVE-2021-35477 (In the Linux kernel through 5.13.7, an unprivileged BPF program can ob ...) - linux 5.10.46-4 + [buster] - linux 4.19.208-1 NOTE: https://www.openwall.com/lists/oss-security/2021/08/01/3 CVE-2021-35476 RESERVED @@ -16145,6 +16167,7 @@ CVE-2021-35067 (Meross MSG100 devices before 3.2.3 allow an attacker to replay t NOT-FOR-US: Meross MSG100 devices CVE-2021-3612 (An out-of-bounds memory write flaw was found in the Linux kernel's joy ...) - linux 5.10.46-3 + [buster] - linux 4.19.208-1 NOTE: Introduced by: https://lore.kernel.org/linux-input/20210219083215.GS2087@kadam/ CVE-2021-35066 (An XXE vulnerability exists in ConnectWise Automate before 2021.0.6.13 ...) NOT-FOR-US: ConnectWise Automate @@ -16226,6 +16249,8 @@ CVE-2021-35040 RESERVED CVE-2021-35039 (kernel/module.c in the Linux kernel before 5.12.14 mishandles Signatur ...) - linux 5.14.6-1 + [bullseye] - linux 5.10.70-1 + [buster] - linux 4.19.208-1 [stretch] - linux <not-affected> (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2021/07/06/3 NOTE: https://git.kernel.org/linus/0c18f29aae7ce3dadd26d8ee3505d07cc982df75 @@ -17011,6 +17036,7 @@ CVE-2021-34682 (Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack CVE-2021-3600 RESERVED - linux 5.10.19-1 + [buster] - linux 4.19.208-1 NOTE: https://git.kernel.org/linus/e88b2c6e5a4d9ce30d75391e4d950da74bb2bd90 NOTE: https://www.openwall.com/lists/oss-security/2021/06/23/1 CVE-2021-3599 @@ -17329,6 +17355,7 @@ CVE-2021-34558 (The crypto/tls package of Go through 1.16.5 does not properly as NOTE: key_agreement.go also bundled in various other packages CVE-2021-34556 (In the Linux kernel through 5.13.7, an unprivileged BPF program can ob ...) - linux 5.10.46-4 + [buster] - linux 4.19.208-1 NOTE: https://www.openwall.com/lists/oss-security/2021/08/01/3 CVE-2021-34555 (OpenDMARC 1.4.1 and 1.4.1.1 allows remote attackers to cause a denial ...) - opendmarc 1.4.0~beta1+dfsg-6 (bug #990001) @@ -19418,6 +19445,7 @@ CVE-2021-33625 RESERVED CVE-2021-33624 (In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch ...) - linux 5.10.46-1 + [buster] - linux 4.19.208-1 NOTE: https://www.openwall.com/lists/oss-security/2021/06/21/1 CVE-2021-33623 (The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.j ...) NOT-FOR-US: Node.js trim-newlines package @@ -32282,6 +32310,7 @@ CVE-2021-28493 (In Arista's MOS (Metamako Operating System) software which is su NOT-FOR-US: Arista CVE-2021-3444 (The bpf verifier in the Linux kernel did not properly handle mod32 des ...) - linux 5.10.19-1 + [buster] - linux 4.19.208-1 [stretch] - linux <not-affected> (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/9b00f1b78809309163dda2d044d9e94a3c0248a3 NOTE: https://www.openwall.com/lists/oss-security/2021/03/23/2 @@ -46065,6 +46094,7 @@ CVE-2021-22544 RESERVED CVE-2021-22543 (An issue was discovered in Linux: KVM through Improper handling of VM_ ...) - linux 5.10.46-2 + [buster] - linux 4.19.208-1 NOTE: https://www.openwall.com/lists/oss-security/2021/05/26/3 NOTE: https://github.com/google/security-research/security/advisories/GHSA-7wq5-phmq-m584 NOTE: https://git.kernel.org/linus/f8be156be163a052a067306417cd0ff679068c97 diff --git a/data/next-oldstable-point-update.txt b/data/next-oldstable-point-update.txt index f91320eb4f..5e5e328f85 100644 --- a/data/next-oldstable-point-update.txt +++ b/data/next-oldstable-point-update.txt @@ -61,58 +61,6 @@ CVE-2021-40540 [buster] - ulfius 2.5.2-4+deb10u1 CVE-2021-38562 [buster] - request-tracker4 4.4.3-2+deb10u1 -CVE-2020-16119 - [buster] - linux 4.19.208-1 -CVE-2020-3702 - [buster] - linux 4.19.208-1 -CVE-2021-22543 - [buster] - linux 4.19.208-1 -CVE-2021-33624 - [buster] - linux 4.19.208-1 -CVE-2021-3444 - [buster] - linux 4.19.208-1 -CVE-2021-34556 - [buster] - linux 4.19.208-1 -CVE-2021-35039 - [buster] - linux 4.19.208-1 -CVE-2021-35477 - [buster] - linux 4.19.208-1 -CVE-2021-3600 - [buster] - linux 4.19.208-1 -CVE-2021-3612 - [buster] - linux 4.19.208-1 -CVE-2021-3653 - [buster] - linux 4.19.208-1 -CVE-2021-3655 - [buster] - linux 4.19.208-1 -CVE-2021-3656 - [buster] - linux 4.19.208-1 -CVE-2021-3679 - [buster] - linux 4.19.208-1 -CVE-2021-37159 - [buster] - linux 4.19.208-1 -CVE-2021-3732 - [buster] - linux 4.19.208-1 -CVE-2021-3743 - [buster] - linux 4.19.208-1 -CVE-2021-3753 - [buster] - linux 4.19.208-1 -CVE-2021-37576 - [buster] - linux 4.19.208-1 -CVE-2021-38160 - [buster] - linux 4.19.208-1 -CVE-2021-38198 - [buster] - linux 4.19.208-1 -CVE-2021-38199 - [buster] - linux 4.19.208-1 -CVE-2021-38204 - [buster] - linux 4.19.208-1 -CVE-2021-38205 - [buster] - linux 4.19.208-1 -CVE-2021-40490 - [buster] - linux 4.19.208-1 -CVE-2021-42008 - [buster] - linux 4.19.208-1 CVE-2019-20807 [buster] - vim 2:8.1.0875-5+deb10u1 CVE-2021-3770 diff --git a/data/next-point-update.txt b/data/next-point-update.txt index b72a4cc703..5732045040 100644 --- a/data/next-point-update.txt +++ b/data/next-point-update.txt @@ -54,20 +54,6 @@ CVE-2021-3593 [bullseye] - libslirp 4.4.0-1+deb11u2 CVE-2021-38562 [bullseye] - request-tracker4 4.4.4+dfsg-2+deb11u1 -CVE-2020-26541 - [bullseye] - linux 5.10.70-1 -CVE-2021-35039 - [bullseye] - linux 5.10.70-1 -CVE-2021-37159 - [bullseye] - linux 5.10.70-1 -CVE-2021-38204 - [bullseye] - linux 5.10.70-1 -CVE-2021-38205 - [bullseye] - linux 5.10.70-1 -CVE-2021-38300 - [bullseye] - linux 5.10.70-1 -CVE-2021-42008 - [bullseye] - linux 5.10.70-1 CVE-2019-11098 [bullseye] - edk2 2020.11-2+deb11u1 CVE-2021-38155 |