diff options
| author | Salvatore Bonaccorso <carnil@debian.org> | 2024-03-02 09:04:09 +0100 |
|---|---|---|
| committer | Salvatore Bonaccorso <carnil@debian.org> | 2024-03-02 09:04:09 +0100 |
| commit | 1ed93094a2d7706459c3f262cf45830849253aba (patch) | |
| tree | 56d70dee10ba57d9756baf8f61d0a24c33a131de | |
| parent | cfe5f650c4c0782672d2e5d39dfa399c9f46a610 (diff) | |
Track fixes in 6.7.7-1 upload to unstable
| -rw-r--r-- | active/CVE-2023-52485 | 2 | ||||
| -rw-r--r-- | active/CVE-2024-26581 | 13 | ||||
| -rw-r--r-- | active/CVE-2024-26582 | 9 | ||||
| -rw-r--r-- | active/CVE-2024-26583 | 9 | ||||
| -rw-r--r-- | active/CVE-2024-26584 | 9 | ||||
| -rw-r--r-- | active/CVE-2024-26585 | 9 | ||||
| -rw-r--r-- | active/CVE-2024-26593 | 9 | ||||
| -rw-r--r-- | active/CVE-2024-26596 | 6 | ||||
| -rw-r--r-- | active/CVE-2024-26600 | 2 | ||||
| -rw-r--r-- | active/CVE-2024-26601 | 2 | ||||
| -rw-r--r-- | active/CVE-2024-26602 | 2 | ||||
| -rw-r--r-- | active/CVE-2024-26603 | 2 | ||||
| -rw-r--r-- | active/CVE-2024-26604 | 2 | ||||
| -rw-r--r-- | active/CVE-2024-26605 | 2 | ||||
| -rw-r--r-- | active/CVE-2024-26606 | 2 |
15 files changed, 44 insertions, 36 deletions
diff --git a/active/CVE-2023-52485 b/active/CVE-2023-52485 index 64b29e2e..d9d1c34e 100644 --- a/active/CVE-2023-52485 +++ b/active/CVE-2023-52485 @@ -9,7 +9,7 @@ upstream: released (6.8-rc1) [8892780834ae294bc3697c7d0e056d7743900b39] 6.1-upstream-stable: needed 5.10-upstream-stable: needed 4.19-upstream-stable: needed -sid: needed +sid: released (6.7.7-1) 6.1-bookworm-security: needed 5.10-bullseye-security: needed 4.19-buster-security: needed diff --git a/active/CVE-2024-26581 b/active/CVE-2024-26581 index 118bafdc..ce373b3a 100644 --- a/active/CVE-2024-26581 +++ b/active/CVE-2024-26581 @@ -1,17 +1,16 @@ Description: netfilter: nft_set_rbtree: skip end interval element from gc References: - https://lore.kernel.org/linux-cve-announce/2024022024-uniquely-recluse-d893@gregkh/ Notes: - carnil> Issue introduced with f718863aca46 ("netfilter: nft_set_rbtree: - carnil> fix overlap expiration walk") in 6.5-rc4 (and backported to - carnil> 6.4.8, 6.1.43, 5.10.190). - carnil> For 6.6.y fixed in 6.6.17. + carnil> Introduced in f718863aca46 ("netfilter: nft_set_rbtree: fix overlap expiration + carnil> walk"). Vulnerable versions: 5.4.262 5.10.190 5.15.124 6.1.43 6.4.8 6.5-rc4. Bugs: upstream: released (6.8-rc4) [60c0c230c6f046da536d3df8b39a20b9a9fd6af0] +6.7-upstream-stable: released (6.7.5) [6eb14441f10602fa1cf691da9d685718b68b78a9] +6.6-upstream-stable: released (6.6.17) [b734f7a47aeb32a5ba298e4ccc16bb0c52b6dbf7] 6.1-upstream-stable: released (6.1.78) [1296c110c5a0b45a8fcf58e7d18bc5da61a565cb] -5.10-upstream-stable: released (5.10.210) +5.10-upstream-stable: released (5.10.210) [4cee42fcf54fec46b344681e7cc4f234bb22f85a] 4.19-upstream-stable: N/A "Vulnerable code not present" -sid: needed +sid: released (6.7.7-1) 6.1-bookworm-security: needed 5.10-bullseye-security: needed 4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2024-26582 b/active/CVE-2024-26582 index 482cb29b..b39919d8 100644 --- a/active/CVE-2024-26582 +++ b/active/CVE-2024-26582 @@ -1,15 +1,16 @@ Description: net: tls: fix use-after-free with partial reads and async decrypt References: Notes: - carnil> Introduced by fd31f3996af2 ("tls: rx: decrypt into a fresh - carnil> skb") in 6.0-rc1. - carnil> For 6.6.y fixed in 6.6.18 and for 6.7.y in 6.7.6. + carnil> Introduced in fd31f3996af2 ("tls: rx: decrypt into a fresh skb"). Vulnerable + carnil> versions: 6.0-rc1. Bugs: upstream: released (6.8-rc5) [32b55c5ff9103b8508c1e04bfa5a08c64e7a925f] +6.7-upstream-stable: released (6.7.6) [754c9bab77a1b895b97bd99d754403c505bc79df] +6.6-upstream-stable: released (6.6.18) [d684763534b969cca1022e2a28645c7cc91f7fa5] 6.1-upstream-stable: released (6.1.79) [20b4ed034872b4d024b26e2bc1092c3f80e5db96] 5.10-upstream-stable: N/A "Vulnerable code not present" 4.19-upstream-stable: N/A "Vulnerable code not present" -sid: needed +sid: released (6.7.7-1) 6.1-bookworm-security: needed 5.10-bullseye-security: N/A "Vulnerable code not present" 4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2024-26583 b/active/CVE-2024-26583 index f48b6039..e463768f 100644 --- a/active/CVE-2024-26583 +++ b/active/CVE-2024-26583 @@ -1,15 +1,16 @@ Description: tls: fix race between async notify and socket close References: Notes: - carnil> Introduced with 0cada33241d9 ("net/tls: fix race condition - carnil> causing kernel panic") in 5.7 and backported to 5.6.16. - carnil> For 6.6.y fixed in 6.6.18. For 6.7.y in 6.7.6. + carnil> Introduced in 0cada33241d9 ("net/tls: fix race condition causing kernel + carnil> panic"). Vulnerable versions: 5.4.44 5.4.71 5.6.16 5.7 5.8.15. Bugs: upstream: released (6.8-rc5) [aec7961916f3f9e88766e2688992da6980f11b8d] +6.7-upstream-stable: released (6.7.6) [6209319b2efdd8524691187ee99c40637558fa33] +6.6-upstream-stable: released (6.6.18) [86dc27ee36f558fe223dbdfbfcb6856247356f4a] 6.1-upstream-stable: released (6.1.79) [7a3ca06d04d589deec81f56229a9a9d62352ce01] 5.10-upstream-stable: needed 4.19-upstream-stable: N/A "Vulnerable code not present" -sid: needed +sid: released (6.7.7-1) 6.1-bookworm-security: needed 5.10-bullseye-security: needed 4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2024-26584 b/active/CVE-2024-26584 index bcb734b9..2143c8f8 100644 --- a/active/CVE-2024-26584 +++ b/active/CVE-2024-26584 @@ -1,13 +1,18 @@ Description: net: tls: handle backlogging of crypto requests References: Notes: - carnil> For 6.6.y fixed in 6.6.18. For 6.7.y in 6.7.6. + carnil> Introduced in a54667f6728c ("tls: Add support for encryption using async + carnil> offload accelerator") + carnil> 94524d8fc965 ("net/tls: Add support for async decryption of tls records"). + carnil> Vulnerable versions: 4.16-rc1 4.20-rc1. Bugs: upstream: released (6.8-rc5) [8590541473188741055d27b955db0777569438e3] +6.7-upstream-stable: released (6.7.6) [ab6397f072e5097f267abf5cb08a8004e6b17694] +6.6-upstream-stable: released (6.6.18) [13eca403876bbea3716e82cdfe6f1e6febb38754] 6.1-upstream-stable: needed 5.10-upstream-stable: needed 4.19-upstream-stable: needed -sid: needed +sid: released (6.7.7-1) 6.1-bookworm-security: needed 5.10-bullseye-security: needed 4.19-buster-security: needed diff --git a/active/CVE-2024-26585 b/active/CVE-2024-26585 index 559f2a87..40133c28 100644 --- a/active/CVE-2024-26585 +++ b/active/CVE-2024-26585 @@ -1,15 +1,16 @@ Description: tls: fix race between tx work scheduling and socket close References: - carnil> Introduced with a42055e8d2c3 ("net/tls: Add support for async - carnil> encryption of records for performance") in 4.20-rc1. - carnil> For 6.6.y fixed in 6.6.18. For 6.7.y in 6.7.6. Notes: + carnil> Introduced in a42055e8d2c3 ("net/tls: Add support for async encryption of + carnil> records for performance"). Vulnerable versions: 4.20-rc1. Bugs: upstream: released (6.8-rc5) [e01e3934a1b2d122919f73bc6ddbe1cdafc4bbdb] +6.7-upstream-stable: released (6.7.6) [e327ed60bff4a991cd7a709c47c4f0c5b4a4fd57] +6.6-upstream-stable: released (6.6.18) [6db22d6c7a6dc914b12c0469b94eb639b6a8a146] 6.1-upstream-stable: needed 5.10-upstream-stable: needed 4.19-upstream-stable: N/A "Vulnerable code not present" -sid: needed +sid: released (6.7.7-1) 6.1-bookworm-security: needed 5.10-bullseye-security: needed 4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2024-26593 b/active/CVE-2024-26593 index 1729a666..6b523a3b 100644 --- a/active/CVE-2024-26593 +++ b/active/CVE-2024-26593 @@ -1,15 +1,16 @@ Description: i2c: i801: Fix block process call transactions References: Notes: - carnil> Introduced with 315cd67c9453 ("i2c: i801: Add Block Write-Block - carnil> Read Process Call support") in 5.3-rc1. - carnil> Fixed in 6.6.y with 6.6.18 and 6.7.y with 6.7.6. + carnil> Introduced in 315cd67c9453 ("i2c: i801: Add Block Write-Block Read Process Call + carnil> support"). Vulnerable versions: 5.3-rc1. Bugs: upstream: released (6.8-rc5) [c1c9d0f6f7f1dbf29db996bd8e166242843a5f21] +6.7-upstream-stable: released (6.7.6) [609c7c1cc976e740d0fed4dbeec688b3ecb5dce2] +6.6-upstream-stable: released (6.6.18) [6be99c51829b24c914cef5bff6164877178e84d9] 6.1-upstream-stable: released (6.1.79) [491528935c9c48bf341d8b40eabc6c4fc5df6f2c] 5.10-upstream-stable: released (5.10.210) [7a14b8a477b88607d157c24aeb23e7389ec3319f] 4.19-upstream-stable: N/A "Vulnerable code not present" -sid: needed +sid: released (6.7.7-1) 6.1-bookworm-security: needed 5.10-bullseye-security: needed 4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2024-26596 b/active/CVE-2024-26596 index 6ec925dc..4211084d 100644 --- a/active/CVE-2024-26596 +++ b/active/CVE-2024-26596 @@ -1,8 +1,8 @@ Description: net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice events References: Notes: - carnil> Commit fixes 4c3f80d22b2e ("net: dsa: walk through all - carnil> changeupper notifier functions") in 6.1-rc1. + carnil> Introduced in 4c3f80d22b2e ("net: dsa: walk through all changeupper notifier + carnil> functions"). Vulnerable versions: 6.1-rc1. Bugs: upstream: released (6.8-rc1) [844f104790bd69c2e4dbb9ee3eba46fde1fcea7b] 6.7-upstream-stable: released (6.7.2) [dbd909c20c11f0d29c0054d41e0d1f668a60e8c8] @@ -10,7 +10,7 @@ upstream: released (6.8-rc1) [844f104790bd69c2e4dbb9ee3eba46fde1fcea7b] 6.1-upstream-stable: needed 5.10-upstream-stable: N/A "Vulnerable code not present" 4.19-upstream-stable: N/A "Vulnerable code not present" -sid: needed +sid: released (6.7.7-1) 6.1-bookworm-security: needed 5.10-bullseye-security: N/A "Vulnerable code not present" 4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2024-26600 b/active/CVE-2024-26600 index 4d9089dc..9a870fe0 100644 --- a/active/CVE-2024-26600 +++ b/active/CVE-2024-26600 @@ -10,7 +10,7 @@ upstream: released (6.8-rc3) [7104ba0f1958adb250319e68a15eff89ec4fd36d] 6.1-upstream-stable: released (6.1.78) [0430bfcd46657d9116a26cd377f112cbc40826a4] 5.10-upstream-stable: released (5.10.210) [be3b82e4871ba00e9b5d0ede92d396d579d7b3b3] 4.19-upstream-stable: released (4.19.307) [486218c11e8d1c8f515a3bdd70d62203609d4b6b] -sid: needed +sid: released (6.7.7-1) 6.1-bookworm-security: needed 5.10-bullseye-security: needed 4.19-buster-security: needed diff --git a/active/CVE-2024-26601 b/active/CVE-2024-26601 index 6b7b278a..bd28626d 100644 --- a/active/CVE-2024-26601 +++ b/active/CVE-2024-26601 @@ -10,7 +10,7 @@ upstream: released (6.8-rc3) [c9b528c35795b711331ed36dc3dbee90d5812d4e] 6.1-upstream-stable: released (6.1.78) [78327acd4cdc4a1601af718b781eece577b6b7d4] 5.10-upstream-stable: released (5.10.211) [94ebf71bddbcd4ab1ce43ae32c6cb66396d2d51a] 4.19-upstream-stable: N/A "Vulnerable code not present" -sid: needed +sid: released (6.7.7-1) 6.1-bookworm-security: needed 5.10-bullseye-security: needed 4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2024-26602 b/active/CVE-2024-26602 index 27ccf62b..099fe56c 100644 --- a/active/CVE-2024-26602 +++ b/active/CVE-2024-26602 @@ -11,7 +11,7 @@ upstream: released (6.8-rc6) [944d5fe50f3f03daacfea16300e656a1691c4a23] 6.1-upstream-stable: released (6.1.79) [24ec7504a08a67247fbe798d1de995208a8c128a] 5.10-upstream-stable: released (5.10.210) [db896bbe4a9c67cee377e5f6a743350d3ae4acf6] 4.19-upstream-stable: released (4.19.307) [3cd139875e9a7688b3fc715264032620812a5fa3] -sid: needed +sid: released (6.7.7-1) 6.1-bookworm-security: needed 5.10-bullseye-security: needed 4.19-buster-security: needed diff --git a/active/CVE-2024-26603 b/active/CVE-2024-26603 index caeec02f..7c44a912 100644 --- a/active/CVE-2024-26603 +++ b/active/CVE-2024-26603 @@ -10,7 +10,7 @@ upstream: released (6.8-rc4) [d877550eaf2dc9090d782864c96939397a3c6835] 6.1-upstream-stable: released (6.1.79) [627339cccdc9166792ecf96bc3c9f711a60ce996] 5.10-upstream-stable: N/A "Vulnerable code not present" 4.19-upstream-stable: N/A "Vulnerable code not present" -sid: needed +sid: released (6.7.7-1) 6.1-bookworm-security: needed 5.10-bullseye-security: N/A "Vulnerable code not present" 4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2024-26604 b/active/CVE-2024-26604 index 1e798188..b97ee4f2 100644 --- a/active/CVE-2024-26604 +++ b/active/CVE-2024-26604 @@ -10,7 +10,7 @@ upstream: released (6.8-rc5) [3ca8fbabcceb8bfe44f7f50640092fd8f1de375c] 6.1-upstream-stable: N/A "Vulnerable code not present" 5.10-upstream-stable: N/A "Vulnerable code not present" 4.19-upstream-stable: N/A "Vulnerable code not present" -sid: needed +sid: released (6.7.7-1) 6.1-bookworm-security: N/A "Vulnerable code not present" 5.10-bullseye-security: N/A "Vulnerable code not present" 4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2024-26605 b/active/CVE-2024-26605 index 8b341fb8..3d5335d4 100644 --- a/active/CVE-2024-26605 +++ b/active/CVE-2024-26605 @@ -10,7 +10,7 @@ upstream: released (6.8-rc3) [1e560864159d002b453da42bd2c13a1805515a20] 6.1-upstream-stable: needed 5.10-upstream-stable: N/A "Vulnerable code not present" 4.19-upstream-stable: N/A "Vulnerable code not present" -sid: needed +sid: released (6.7.7-1) 6.1-bookworm-security: needed 5.10-bullseye-security: N/A "Vulnerable code not present" 4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2024-26606 b/active/CVE-2024-26606 index b962581f..06b23718 100644 --- a/active/CVE-2024-26606 +++ b/active/CVE-2024-26606 @@ -10,7 +10,7 @@ upstream: released (6.8-rc3) [97830f3c3088638ff90b20dfba2eb4d487bf14d7] 6.1-upstream-stable: released (6.1.79) [90e09c016d72b91e76de25f71c7b93d94cc3c769] 5.10-upstream-stable: released (5.10.210) [a423042052ec2bdbf1e552e621e6a768922363cc] 4.19-upstream-stable: released (4.19.307) [dd64bb8329ce0ea27bc557e4160c2688835402ac] -sid: needed +sid: released (6.7.7-1) 6.1-bookworm-security: needed 5.10-bullseye-security: needed 4.19-buster-security: needed |