Merge ~alexmurray/ubuntu-cve-tracker:launchpad-yaml-for-check-syntax into ubuntu-cve-tracker:master
- Git
- lp:~alexmurray/ubuntu-cve-tracker
- launchpad-yaml-for-check-syntax
- Merge into master
Proposed by
Alex Murray
Status: | Merged |
---|---|
Merged at revision: | cd6fc6d4873bee751cc6452dfb04a4a3d21b5f5e |
Proposed branch: | ~alexmurray/ubuntu-cve-tracker:launchpad-yaml-for-check-syntax |
Merge into: | ubuntu-cve-tracker:master |
Diff against target: |
1498 lines (+277/-150) 35 files modified
.launchpad.yaml (+50/-0) active/CVE-2021-33621 (+1/-1) active/CVE-2021-3669 (+2/-1) active/CVE-2021-4155 (+5/-4) active/CVE-2021-43618 (+2/-1) active/CVE-2022-20566 (+5/-4) active/CVE-2022-3424 (+2/-1) active/CVE-2022-3521 (+6/-4) active/CVE-2022-3545 (+6/-4) active/CVE-2022-3628 (+6/-4) active/CVE-2022-36280 (+2/-1) active/CVE-2022-3640 (+6/-4) active/CVE-2022-41218 (+2/-1) active/CVE-2022-41858 (+5/-4) active/CVE-2022-42328 (+6/-4) active/CVE-2022-42329 (+6/-4) active/CVE-2022-42895 (+11/-8) active/CVE-2022-47929 (+2/-1) active/CVE-2023-0045 (+7/-5) active/CVE-2023-0266 (+2/-1) active/CVE-2023-0394 (+2/-1) active/CVE-2023-0461 (+6/-4) active/CVE-2023-0795 (+8/-6) active/CVE-2023-0796 (+8/-6) active/CVE-2023-0797 (+8/-6) active/CVE-2023-0798 (+8/-6) active/CVE-2023-0799 (+8/-6) active/CVE-2023-0800 (+8/-6) active/CVE-2023-0801 (+8/-6) active/CVE-2023-0802 (+8/-6) active/CVE-2023-0803 (+8/-6) active/CVE-2023-0804 (+8/-6) active/CVE-2023-23455 (+2/-1) active/CVE-2023-23559 (+7/-5) scripts/packages-mirror (+46/-22) |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Ubuntu Security Team | Pending | ||
Review via email: mp+432413@code.launchpad.net |
Commit message
Description of the change
To post a comment you must log in.
Revision history for this message
Alex Murray (alexmurray) wrote : | # |
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1 | diff --git a/.launchpad.yaml b/.launchpad.yaml |
2 | new file mode 100644 |
3 | index 0000000..1773ff9 |
4 | --- /dev/null |
5 | +++ b/.launchpad.yaml |
6 | @@ -0,0 +1,50 @@ |
7 | +license: |
8 | + spdx: GPL-3.0 |
9 | + |
10 | +pipeline: |
11 | + - tests |
12 | +jobs: |
13 | + tests: |
14 | + series: jammy |
15 | + architectures: amd64 |
16 | + packages: |
17 | + - distro-info |
18 | + - lsb-release |
19 | + - python3 |
20 | + - python3-apt |
21 | + - python3-configobj |
22 | + - python3-progressbar |
23 | + - python3-pytest |
24 | + - python3-yaml |
25 | + - rsync |
26 | + - wget |
27 | + run-before: | |
28 | + # configure a basic ~/.ubuntu-cve-tracker.conf and setup packages-mirror |
29 | + # for source_map |
30 | + echo plb_authentication=/dev/null > ~/.ubuntu-cve-tracker.conf |
31 | + echo "packages_mirror=$HOME/mirrors/ubuntu/" >> ~/.ubuntu-cve-tracker.conf |
32 | + for mirror in debian partner; do |
33 | + echo "${mirror}_mirror=$HOME/mirrors/${mirror}/" >> ~/.ubuntu-cve-tracker.conf |
34 | + done |
35 | + echo "Setting up packages-mirror..." |
36 | + # use wget for packages-mirror since rsync is not accessible in lp |
37 | + # builders - also invoke with -v since this seems to make downloading more |
38 | + # reliable (probably slows down wget or somesuch to it doesn't thrash the |
39 | + # internal mirror) |
40 | + echo "./scripts/packages-mirror -w -v" |
41 | + ./scripts/packages-mirror -w -v |
42 | + run: | |
43 | + export UCT=$(pwd) |
44 | + # when lpcraft runs on a local users machine where embargoed already |
45 | + # exists as a symlink it won't point to anywhere so remove that and fake a |
46 | + # new one |
47 | + rm -f embargoed |
48 | + mkdir embargoed |
49 | + echo "Running unit tests..." |
50 | + ./scripts/test_cve_lib.py |
51 | + ./scripts/test_kernel_lib.py |
52 | + ./scripts/test_usn_lib.py |
53 | + ./scripts/check-cves --test |
54 | + |
55 | + echo "Checking syntax..." |
56 | + ./scripts/check-syntax |
57 | diff --git a/active/CVE-2021-33621 b/active/CVE-2021-33621 |
58 | index aef178b..eaecb69 100644 |
59 | --- a/active/CVE-2021-33621 |
60 | +++ b/active/CVE-2021-33621 |
61 | @@ -86,7 +86,7 @@ bionic_ruby3.0: DNE |
62 | focal_ruby3.0: DNE |
63 | jammy_ruby3.0: released (3.0.2-7ubuntu2.3) |
64 | kinetic_ruby3.0: released (3.0.4-7ubuntu0.1) |
65 | -devel_ruby3.0: released (3.0.4-8ubuntu1) |
66 | +devel_ruby3.0: DNE |
67 | |
68 | Patches_ruby3.1: |
69 | upstream_ruby3.1: released (3.1.2-4) |
70 | diff --git a/active/CVE-2021-3669 b/active/CVE-2021-3669 |
71 | index 7f48f42..0657603 100644 |
72 | --- a/active/CVE-2021-3669 |
73 | +++ b/active/CVE-2021-3669 |
74 | @@ -5,6 +5,7 @@ References: |
75 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3669 |
76 | https://lore.kernel.org/all/20210809203554.1562989-1-aquini@redhat.com/ |
77 | https://ubuntu.com/security/notices/USN-5924-1 |
78 | + https://ubuntu.com/security/notices/USN-5927-1 |
79 | Description: |
80 | A flaw was found in the Linux kernel. Measuring usage of the shared memory |
81 | does not scale with large shared memory segment counts which could lead to |
82 | @@ -222,7 +223,7 @@ upstream_linux-azure-4.15: released (5.15~rc1) |
83 | trusty_linux-azure-4.15: DNE |
84 | trusty/esm_linux-azure-4.15: DNE |
85 | xenial_linux-azure-4.15: DNE |
86 | -bionic_linux-azure-4.15: needed |
87 | +bionic_linux-azure-4.15: released (4.15.0-1162.177) |
88 | focal_linux-azure-4.15: DNE |
89 | hirsute_linux-azure-4.15: DNE |
90 | impish_linux-azure-4.15: DNE |
91 | diff --git a/active/CVE-2021-4155 b/active/CVE-2021-4155 |
92 | index 8055fd5..e60031b 100644 |
93 | --- a/active/CVE-2021-4155 |
94 | +++ b/active/CVE-2021-4155 |
95 | @@ -14,6 +14,7 @@ References: |
96 | https://ubuntu.com/security/notices/USN-5298-1 |
97 | https://ubuntu.com/security/notices/USN-5362-1 |
98 | https://ubuntu.com/security/notices/USN-5884-1 |
99 | + https://ubuntu.com/security/notices/USN-5926-1 |
100 | Description: |
101 | A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS |
102 | filesystem allowed for size increase of files with unaligned size. A local |
103 | @@ -40,7 +41,7 @@ upstream_linux: released (5.16) |
104 | trusty_linux: ignored (out of standard support) |
105 | trusty/esm_linux: ignored (was needed ESM criteria) |
106 | xenial_linux: ignored (was needs-triage now end-of-life) |
107 | -esm-infra/xenial_linux: pending |
108 | +esm-infra/xenial_linux: released (4.4.0-237.271) |
109 | bionic_linux: released (4.15.0-169.177) |
110 | focal_linux: released (5.4.0-100.113) |
111 | hirsute_linux: ignored (reached end-of-life) |
112 | @@ -120,7 +121,7 @@ devel_linux-hwe-edge: DNE |
113 | Patches_linux-lts-xenial: |
114 | upstream_linux-lts-xenial: released (5.16) |
115 | trusty_linux-lts-xenial: ignored (out of standard support) |
116 | -trusty/esm_linux-lts-xenial: pending |
117 | +trusty/esm_linux-lts-xenial: released (4.4.0-237.271~14.04.1) |
118 | xenial_linux-lts-xenial: DNE |
119 | bionic_linux-lts-xenial: DNE |
120 | focal_linux-lts-xenial: DNE |
121 | @@ -135,7 +136,7 @@ upstream_linux-kvm: released (5.16) |
122 | trusty_linux-kvm: DNE |
123 | trusty/esm_linux-kvm: DNE |
124 | xenial_linux-kvm: ignored (was needs-triage now end-of-life) |
125 | -esm-infra/xenial_linux-kvm: pending |
126 | +esm-infra/xenial_linux-kvm: released (4.4.0-1117.127) |
127 | bionic_linux-kvm: released (4.15.0-1107.109) |
128 | focal_linux-kvm: released (5.4.0-1056.58) |
129 | hirsute_linux-kvm: ignored (reached end-of-life) |
130 | @@ -147,7 +148,7 @@ devel_linux-kvm: not-affected (5.19.0-1008.8) |
131 | Patches_linux-aws: |
132 | upstream_linux-aws: released (5.16) |
133 | trusty_linux-aws: ignored (out of standard support) |
134 | -trusty/esm_linux-aws: pending |
135 | +trusty/esm_linux-aws: released (4.4.0-1116.122) |
136 | xenial_linux-aws: ignored (was needs-triage now end-of-life) |
137 | esm-infra/xenial_linux-aws: released (4.4.0-1154.169) |
138 | bionic_linux-aws: released (4.15.0-1121.129) |
139 | diff --git a/active/CVE-2021-43618 b/active/CVE-2021-43618 |
140 | index 25d50fe..4902d72 100644 |
141 | --- a/active/CVE-2021-43618 |
142 | +++ b/active/CVE-2021-43618 |
143 | @@ -5,6 +5,7 @@ References: |
144 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43618 |
145 | https://gmplib.org/list-archives/gmp-bugs/2021-September/005077.html |
146 | https://ubuntu.com/security/notices/USN-5672-1 |
147 | + https://ubuntu.com/security/notices/USN-5672-2 |
148 | Description: |
149 | GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an |
150 | mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted |
151 | @@ -25,7 +26,7 @@ CVSS: |
152 | Patches_gmp: |
153 | upstream: https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e |
154 | upstream_gmp: released (2:6.2.1+dfsg-3) |
155 | -trusty/esm_gmp: needs-triage |
156 | +trusty/esm_gmp: released (2:5.1.3+dfsg-1ubuntu1+esm1) |
157 | esm-infra/xenial_gmp: released (2:6.1.0+dfsg-2ubuntu0.1~esm1) |
158 | trusty_gmp: ignored (out of standard support) |
159 | xenial_gmp: ignored (out of standard support) |
160 | diff --git a/active/CVE-2022-20566 b/active/CVE-2022-20566 |
161 | index f575cbc..5ad5008 100644 |
162 | --- a/active/CVE-2022-20566 |
163 | +++ b/active/CVE-2022-20566 |
164 | @@ -6,6 +6,7 @@ References: |
165 | https://git.kernel.org/linus/d0be8347c623e0ac4202a1d4e0373882821f56b0 |
166 | https://ubuntu.com/security/notices/USN-5884-1 |
167 | https://ubuntu.com/security/notices/USN-5913-1 |
168 | + https://ubuntu.com/security/notices/USN-5926-1 |
169 | Description: |
170 | In l2cap_chan_put of l2cap_core, there is a possible use after free due to |
171 | improper locking. This could lead to local escalation of privilege with no |
172 | @@ -29,7 +30,7 @@ CVSS: |
173 | Patches_linux: |
174 | break-fix: 4af66c691f4e5c2db9bb00793669a548e9db1974 d0be8347c623e0ac4202a1d4e0373882821f56b0 |
175 | upstream_linux: released (5.19) |
176 | -esm-infra/xenial_linux: pending |
177 | +esm-infra/xenial_linux: released (4.4.0-237.271) |
178 | trusty_linux: ignored (out of standard support) |
179 | xenial_linux: ignored (out of standard support) |
180 | bionic_linux: released (4.15.0-197.208) |
181 | @@ -112,11 +113,11 @@ bionic_linux-lts-xenial: DNE |
182 | focal_linux-lts-xenial: DNE |
183 | jammy_linux-lts-xenial: DNE |
184 | kinetic_linux-lts-xenial: DNE |
185 | -trusty/esm_linux-lts-xenial: pending |
186 | +trusty/esm_linux-lts-xenial: released (4.4.0-237.271~14.04.1) |
187 | |
188 | Patches_linux-kvm: |
189 | upstream_linux-kvm: released (5.19) |
190 | -esm-infra/xenial_linux-kvm: pending |
191 | +esm-infra/xenial_linux-kvm: released (4.4.0-1117.127) |
192 | trusty_linux-kvm: DNE |
193 | xenial_linux-kvm: ignored (end of standard support) |
194 | bionic_linux-kvm: released (4.15.0-1129.134) |
195 | @@ -134,7 +135,7 @@ bionic_linux-aws: released (4.15.0-1143.155) |
196 | focal_linux-aws: released (5.4.0-1086.93) |
197 | jammy_linux-aws: released (5.15.0-1021.25) |
198 | kinetic_linux-aws: not-affected (5.19.0-1005.5) |
199 | -trusty/esm_linux-aws: pending |
200 | +trusty/esm_linux-aws: released (4.4.0-1116.122) |
201 | devel_linux-aws: not-affected (5.19.0-1009.9) |
202 | |
203 | Patches_linux-aws-5.0: |
204 | diff --git a/active/CVE-2022-3424 b/active/CVE-2022-3424 |
205 | index ea31238..1bb5db9 100644 |
206 | --- a/active/CVE-2022-3424 |
207 | +++ b/active/CVE-2022-3424 |
208 | @@ -8,6 +8,7 @@ References: |
209 | https://ubuntu.com/security/notices/USN-5856-1 |
210 | https://ubuntu.com/security/notices/USN-5917-1 |
211 | https://ubuntu.com/security/notices/USN-5924-1 |
212 | + https://ubuntu.com/security/notices/USN-5927-1 |
213 | Description: |
214 | [misc: sgi-gru: fix use-after-free error in gru_set_context_option, |
215 | gru_fault and gru_handle_user_call_os] |
216 | @@ -211,7 +212,7 @@ Patches_linux-azure-4.15: |
217 | upstream_linux-azure-4.15: needs-triage |
218 | trusty_linux-azure-4.15: DNE |
219 | xenial_linux-azure-4.15: DNE |
220 | -bionic_linux-azure-4.15: needs-triage |
221 | +bionic_linux-azure-4.15: released (4.15.0-1162.177) |
222 | focal_linux-azure-4.15: DNE |
223 | jammy_linux-azure-4.15: DNE |
224 | |
225 | diff --git a/active/CVE-2022-3521 b/active/CVE-2022-3521 |
226 | index 2791905..05e5e37 100644 |
227 | --- a/active/CVE-2022-3521 |
228 | +++ b/active/CVE-2022-3521 |
229 | @@ -11,6 +11,8 @@ References: |
230 | https://ubuntu.com/security/notices/USN-5919-1 |
231 | https://ubuntu.com/security/notices/USN-5920-1 |
232 | https://ubuntu.com/security/notices/USN-5924-1 |
233 | + https://ubuntu.com/security/notices/USN-5925-1 |
234 | + https://ubuntu.com/security/notices/USN-5927-1 |
235 | Description: |
236 | A vulnerability has been found in Linux Kernel and classified as |
237 | problematic. This vulnerability affects the function kcm_tx_work of the |
238 | @@ -132,7 +134,7 @@ upstream_linux-kvm: needs-triage |
239 | esm-infra/xenial_linux-kvm: needs-triage |
240 | trusty_linux-kvm: DNE |
241 | xenial_linux-kvm: ignored (end of standard support) |
242 | -bionic_linux-kvm: needs-triage |
243 | +bionic_linux-kvm: released (4.15.0-1136.141) |
244 | focal_linux-kvm: released (5.4.0-1087.93) |
245 | jammy_linux-kvm: needs-triage |
246 | kinetic_linux-kvm: needs-triage |
247 | @@ -247,7 +249,7 @@ Patches_linux-azure-4.15: |
248 | upstream_linux-azure-4.15: needs-triage |
249 | trusty_linux-azure-4.15: DNE |
250 | xenial_linux-azure-4.15: DNE |
251 | -bionic_linux-azure-4.15: needs-triage |
252 | +bionic_linux-azure-4.15: released (4.15.0-1162.177) |
253 | focal_linux-azure-4.15: DNE |
254 | jammy_linux-azure-4.15: DNE |
255 | kinetic_linux-azure-4.15: DNE |
256 | @@ -776,7 +778,7 @@ Patches_linux-raspi2: |
257 | upstream_linux-raspi2: needs-triage |
258 | trusty_linux-raspi2: DNE |
259 | xenial_linux-raspi2: ignored (end of standard support) |
260 | -bionic_linux-raspi2: needs-triage |
261 | +bionic_linux-raspi2: released (4.15.0-1128.136) |
262 | esm-apps/bionic_linux-raspi2: needs-triage |
263 | focal_linux-raspi2: ignored (replaced by linux-raspi) |
264 | jammy_linux-raspi2: DNE |
265 | @@ -838,7 +840,7 @@ Patches_linux-snapdragon: |
266 | upstream_linux-snapdragon: needs-triage |
267 | trusty_linux-snapdragon: DNE |
268 | xenial_linux-snapdragon: ignored (end of standard support) |
269 | -bionic_linux-snapdragon: needs-triage |
270 | +bionic_linux-snapdragon: released (4.15.0-1146.156) |
271 | focal_linux-snapdragon: DNE |
272 | jammy_linux-snapdragon: DNE |
273 | kinetic_linux-snapdragon: DNE |
274 | diff --git a/active/CVE-2022-3545 b/active/CVE-2022-3545 |
275 | index 27e663c..c88389c 100644 |
276 | --- a/active/CVE-2022-3545 |
277 | +++ b/active/CVE-2022-3545 |
278 | @@ -13,6 +13,8 @@ References: |
279 | https://ubuntu.com/security/notices/USN-5919-1 |
280 | https://ubuntu.com/security/notices/USN-5920-1 |
281 | https://ubuntu.com/security/notices/USN-5924-1 |
282 | + https://ubuntu.com/security/notices/USN-5925-1 |
283 | + https://ubuntu.com/security/notices/USN-5927-1 |
284 | Description: |
285 | A vulnerability has been found in Linux Kernel and classified as critical. |
286 | Affected by this vulnerability is the function area_cache_get of the file |
287 | @@ -135,7 +137,7 @@ upstream_linux-kvm: released (6.0~rc1) |
288 | esm-infra/xenial_linux-kvm: not-affected (4.4.0-1004.9) |
289 | trusty_linux-kvm: DNE |
290 | xenial_linux-kvm: ignored (end of standard support) |
291 | -bionic_linux-kvm: pending (4.15.0-1136.141) |
292 | +bionic_linux-kvm: released (4.15.0-1136.141) |
293 | focal_linux-kvm: released (5.4.0-1087.93) |
294 | jammy_linux-kvm: pending (5.15.0-1029.34) |
295 | kinetic_linux-kvm: pending (5.19.0-1019.20) |
296 | @@ -250,7 +252,7 @@ Patches_linux-azure-4.15: |
297 | upstream_linux-azure-4.15: released (6.0~rc1) |
298 | trusty_linux-azure-4.15: DNE |
299 | xenial_linux-azure-4.15: DNE |
300 | -bionic_linux-azure-4.15: needed |
301 | +bionic_linux-azure-4.15: released (4.15.0-1162.177) |
302 | focal_linux-azure-4.15: DNE |
303 | jammy_linux-azure-4.15: DNE |
304 | kinetic_linux-azure-4.15: DNE |
305 | @@ -779,7 +781,7 @@ Patches_linux-raspi2: |
306 | upstream_linux-raspi2: released (6.0~rc1) |
307 | trusty_linux-raspi2: DNE |
308 | xenial_linux-raspi2: ignored (end of standard support) |
309 | -bionic_linux-raspi2: pending (4.15.0-1128.136) |
310 | +bionic_linux-raspi2: released (4.15.0-1128.136) |
311 | esm-apps/bionic_linux-raspi2: needed |
312 | focal_linux-raspi2: ignored (replaced by linux-raspi) |
313 | jammy_linux-raspi2: DNE |
314 | @@ -841,7 +843,7 @@ Patches_linux-snapdragon: |
315 | upstream_linux-snapdragon: released (6.0~rc1) |
316 | trusty_linux-snapdragon: DNE |
317 | xenial_linux-snapdragon: ignored (end of standard support) |
318 | -bionic_linux-snapdragon: pending (4.15.0-1146.156) |
319 | +bionic_linux-snapdragon: released (4.15.0-1146.156) |
320 | focal_linux-snapdragon: DNE |
321 | jammy_linux-snapdragon: DNE |
322 | kinetic_linux-snapdragon: DNE |
323 | diff --git a/active/CVE-2022-3628 b/active/CVE-2022-3628 |
324 | index 58f8389..b7d9fda 100644 |
325 | --- a/active/CVE-2022-3628 |
326 | +++ b/active/CVE-2022-3628 |
327 | @@ -22,6 +22,8 @@ References: |
328 | https://ubuntu.com/security/notices/USN-5919-1 |
329 | https://ubuntu.com/security/notices/USN-5920-1 |
330 | https://ubuntu.com/security/notices/USN-5924-1 |
331 | + https://ubuntu.com/security/notices/USN-5925-1 |
332 | + https://ubuntu.com/security/notices/USN-5927-1 |
333 | Description: |
334 | A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC |
335 | Wi-Fi driver. This issue occurs when a user connects to a malicious USB |
336 | @@ -135,7 +137,7 @@ upstream_linux-kvm: released (6.1~rc5) |
337 | esm-infra/xenial_linux-kvm: ignored (was needed ESM criteria) |
338 | trusty_linux-kvm: DNE |
339 | xenial_linux-kvm: ignored (end of standard support) |
340 | -bionic_linux-kvm: needed |
341 | +bionic_linux-kvm: released (4.15.0-1136.141) |
342 | focal_linux-kvm: released (5.4.0-1086.92) |
343 | jammy_linux-kvm: released (5.15.0-1028.33) |
344 | kinetic_linux-kvm: released (5.19.0-1018.19) |
345 | @@ -242,7 +244,7 @@ Patches_linux-azure-4.15: |
346 | upstream_linux-azure-4.15: released (6.1~rc5) |
347 | trusty_linux-azure-4.15: DNE |
348 | xenial_linux-azure-4.15: DNE |
349 | -bionic_linux-azure-4.15: needed |
350 | +bionic_linux-azure-4.15: released (4.15.0-1162.177) |
351 | focal_linux-azure-4.15: DNE |
352 | jammy_linux-azure-4.15: DNE |
353 | kinetic_linux-azure-4.15: DNE |
354 | @@ -725,7 +727,7 @@ Patches_linux-raspi2: |
355 | upstream_linux-raspi2: released (6.1~rc5) |
356 | trusty_linux-raspi2: DNE |
357 | xenial_linux-raspi2: ignored (end of standard support) |
358 | -bionic_linux-raspi2: needed |
359 | +bionic_linux-raspi2: released (4.15.0-1128.136) |
360 | esm-apps/bionic_linux-raspi2: needs-triage |
361 | focal_linux-raspi2: ignored (replaced by linux-raspi) |
362 | jammy_linux-raspi2: DNE |
363 | @@ -782,7 +784,7 @@ Patches_linux-snapdragon: |
364 | upstream_linux-snapdragon: released (6.1~rc5) |
365 | trusty_linux-snapdragon: DNE |
366 | xenial_linux-snapdragon: ignored (end of standard support) |
367 | -bionic_linux-snapdragon: needed |
368 | +bionic_linux-snapdragon: released (4.15.0-1146.156) |
369 | focal_linux-snapdragon: DNE |
370 | jammy_linux-snapdragon: DNE |
371 | kinetic_linux-snapdragon: DNE |
372 | diff --git a/active/CVE-2022-36280 b/active/CVE-2022-36280 |
373 | index 6485f01..f5d54e7 100644 |
374 | --- a/active/CVE-2022-36280 |
375 | +++ b/active/CVE-2022-36280 |
376 | @@ -6,6 +6,7 @@ References: |
377 | https://ubuntu.com/security/notices/USN-5915-1 |
378 | https://ubuntu.com/security/notices/USN-5917-1 |
379 | https://ubuntu.com/security/notices/USN-5924-1 |
380 | + https://ubuntu.com/security/notices/USN-5927-1 |
381 | Description: |
382 | An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx |
383 | driver in drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the Linux |
384 | @@ -133,7 +134,7 @@ Patches_linux-azure-4.15: |
385 | upstream_linux-azure-4.15: needs-triage |
386 | trusty_linux-azure-4.15: ignored (out of standard support) |
387 | xenial_linux-azure-4.15: ignored (out of standard support) |
388 | -bionic_linux-azure-4.15: needs-triage |
389 | +bionic_linux-azure-4.15: released (4.15.0-1162.177) |
390 | focal_linux-azure-4.15: DNE |
391 | jammy_linux-azure-4.15: DNE |
392 | |
393 | diff --git a/active/CVE-2022-3640 b/active/CVE-2022-3640 |
394 | index 30375e2..35a1f63 100644 |
395 | --- a/active/CVE-2022-3640 |
396 | +++ b/active/CVE-2022-3640 |
397 | @@ -21,6 +21,8 @@ References: |
398 | https://ubuntu.com/security/notices/USN-5919-1 |
399 | https://ubuntu.com/security/notices/USN-5920-1 |
400 | https://ubuntu.com/security/notices/USN-5924-1 |
401 | + https://ubuntu.com/security/notices/USN-5925-1 |
402 | + https://ubuntu.com/security/notices/USN-5927-1 |
403 | Description: |
404 | A vulnerability, which was classified as critical, was found in Linux |
405 | Kernel. Affected is the function l2cap_conn_del of the file |
406 | @@ -128,7 +130,7 @@ upstream_linux-kvm: needed |
407 | esm-infra/xenial_linux-kvm: not-affected (4.4.0-1004.9) |
408 | trusty_linux-kvm: DNE |
409 | xenial_linux-kvm: ignored (end of standard support) |
410 | -bionic_linux-kvm: needed |
411 | +bionic_linux-kvm: released (4.15.0-1136.141) |
412 | focal_linux-kvm: released (5.4.0-1086.92) |
413 | jammy_linux-kvm: released (5.15.0-1028.33) |
414 | kinetic_linux-kvm: released (5.19.0-1018.19) |
415 | @@ -227,7 +229,7 @@ Patches_linux-azure-4.15: |
416 | upstream_linux-azure-4.15: needed |
417 | trusty_linux-azure-4.15: DNE |
418 | xenial_linux-azure-4.15: DNE |
419 | -bionic_linux-azure-4.15: needed |
420 | +bionic_linux-azure-4.15: released (4.15.0-1162.177) |
421 | focal_linux-azure-4.15: DNE |
422 | jammy_linux-azure-4.15: DNE |
423 | |
424 | @@ -656,7 +658,7 @@ Patches_linux-raspi2: |
425 | upstream_linux-raspi2: needed |
426 | trusty_linux-raspi2: DNE |
427 | xenial_linux-raspi2: ignored (end of standard support) |
428 | -bionic_linux-raspi2: needed |
429 | +bionic_linux-raspi2: released (4.15.0-1128.136) |
430 | esm-apps/bionic_linux-raspi2: needed |
431 | focal_linux-raspi2: ignored (replaced by linux-raspi) |
432 | jammy_linux-raspi2: DNE |
433 | @@ -708,7 +710,7 @@ Patches_linux-snapdragon: |
434 | upstream_linux-snapdragon: needed |
435 | trusty_linux-snapdragon: DNE |
436 | xenial_linux-snapdragon: ignored (end of standard support) |
437 | -bionic_linux-snapdragon: needed |
438 | +bionic_linux-snapdragon: released (4.15.0-1146.156) |
439 | focal_linux-snapdragon: DNE |
440 | jammy_linux-snapdragon: DNE |
441 | |
442 | diff --git a/active/CVE-2022-41218 b/active/CVE-2022-41218 |
443 | index e0c106e..b9dc071 100644 |
444 | --- a/active/CVE-2022-41218 |
445 | +++ b/active/CVE-2022-41218 |
446 | @@ -13,6 +13,7 @@ References: |
447 | https://ubuntu.com/security/notices/USN-5915-1 |
448 | https://ubuntu.com/security/notices/USN-5917-1 |
449 | https://ubuntu.com/security/notices/USN-5924-1 |
450 | + https://ubuntu.com/security/notices/USN-5927-1 |
451 | Description: |
452 | In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, |
453 | there is a use-after-free caused by refcount races, affecting |
454 | @@ -215,7 +216,7 @@ Patches_linux-azure-4.15: |
455 | upstream_linux-azure-4.15: needs-triage |
456 | trusty_linux-azure-4.15: DNE |
457 | xenial_linux-azure-4.15: DNE |
458 | -bionic_linux-azure-4.15: needs-triage |
459 | +bionic_linux-azure-4.15: released (4.15.0-1162.177) |
460 | focal_linux-azure-4.15: DNE |
461 | jammy_linux-azure-4.15: DNE |
462 | |
463 | diff --git a/active/CVE-2022-41858 b/active/CVE-2022-41858 |
464 | index de076ee..e5f48cb 100644 |
465 | --- a/active/CVE-2022-41858 |
466 | +++ b/active/CVE-2022-41858 |
467 | @@ -6,6 +6,7 @@ References: |
468 | https://git.kernel.org/linus/ec4eb8a86ade4d22633e1da2a7d85a846b7d1798 (5.18-rc2) |
469 | https://access.redhat.com/security/cve/CVE-2022-41858 |
470 | https://ubuntu.com/security/notices/USN-5884-1 |
471 | + https://ubuntu.com/security/notices/USN-5926-1 |
472 | Description: |
473 | A flaw was found in the Linux kernel. A NULL pointer dereference may occur |
474 | while a slip driver is in progress to detach in sl_tx_timeout in |
475 | @@ -27,7 +28,7 @@ CVSS: |
476 | Patches_linux: |
477 | break-fix: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 ec4eb8a86ade4d22633e1da2a7d85a846b7d1798 |
478 | upstream_linux: released (5.18~rc2) |
479 | -esm-infra/xenial_linux: pending |
480 | +esm-infra/xenial_linux: released (4.4.0-237.271) |
481 | trusty_linux: ignored (out of standard support) |
482 | xenial_linux: ignored (out of standard support) |
483 | bionic_linux: released (4.15.0-189.200) |
484 | @@ -110,11 +111,11 @@ bionic_linux-lts-xenial: DNE |
485 | focal_linux-lts-xenial: DNE |
486 | jammy_linux-lts-xenial: DNE |
487 | kinetic_linux-lts-xenial: DNE |
488 | -trusty/esm_linux-lts-xenial: pending |
489 | +trusty/esm_linux-lts-xenial: released (4.4.0-237.271~14.04.1) |
490 | |
491 | Patches_linux-kvm: |
492 | upstream_linux-kvm: released (5.18~rc2) |
493 | -esm-infra/xenial_linux-kvm: pending |
494 | +esm-infra/xenial_linux-kvm: released (4.4.0-1117.127) |
495 | trusty_linux-kvm: DNE |
496 | xenial_linux-kvm: ignored (end of standard support) |
497 | bionic_linux-kvm: released (4.15.0-1123.128) |
498 | @@ -132,7 +133,7 @@ bionic_linux-aws: released (4.15.0-1137.148) |
499 | focal_linux-aws: released (5.4.0-1081.88) |
500 | jammy_linux-aws: released (5.15.0-1009.11) |
501 | kinetic_linux-aws: not-affected (5.19.0-1005.5) |
502 | -trusty/esm_linux-aws: pending |
503 | +trusty/esm_linux-aws: released (4.4.0-1116.122) |
504 | devel_linux-aws: not-affected (5.19.0-1009.9) |
505 | |
506 | Patches_linux-aws-5.0: |
507 | diff --git a/active/CVE-2022-42328 b/active/CVE-2022-42328 |
508 | index db4ffc3..ce43ece 100644 |
509 | --- a/active/CVE-2022-42328 |
510 | +++ b/active/CVE-2022-42328 |
511 | @@ -12,6 +12,8 @@ References: |
512 | https://ubuntu.com/security/notices/USN-5919-1 |
513 | https://ubuntu.com/security/notices/USN-5920-1 |
514 | https://ubuntu.com/security/notices/USN-5924-1 |
515 | + https://ubuntu.com/security/notices/USN-5925-1 |
516 | + https://ubuntu.com/security/notices/USN-5927-1 |
517 | Description: |
518 | Guests can trigger deadlock in Linux netback driver T[his CNA information |
519 | record relates to multiple CVEs; the text explains which |
520 | @@ -128,7 +130,7 @@ upstream_linux-kvm: released (6.1) |
521 | esm-infra/xenial_linux-kvm: not-affected (4.4.0-1004.9) |
522 | trusty_linux-kvm: DNE |
523 | xenial_linux-kvm: ignored (end of standard support) |
524 | -bionic_linux-kvm: pending (4.15.0-1136.141) |
525 | +bionic_linux-kvm: released (4.15.0-1136.141) |
526 | focal_linux-kvm: released (5.4.0-1087.93) |
527 | jammy_linux-kvm: pending (5.15.0-1029.34) |
528 | kinetic_linux-kvm: needed |
529 | @@ -235,7 +237,7 @@ Patches_linux-azure-4.15: |
530 | upstream_linux-azure-4.15: released (6.1) |
531 | trusty_linux-azure-4.15: DNE |
532 | xenial_linux-azure-4.15: DNE |
533 | -bionic_linux-azure-4.15: needed |
534 | +bionic_linux-azure-4.15: released (4.15.0-1162.177) |
535 | focal_linux-azure-4.15: DNE |
536 | jammy_linux-azure-4.15: DNE |
537 | kinetic_linux-azure-4.15: DNE |
538 | @@ -718,7 +720,7 @@ Patches_linux-raspi2: |
539 | upstream_linux-raspi2: released (6.1) |
540 | trusty_linux-raspi2: DNE |
541 | xenial_linux-raspi2: ignored (end of standard support) |
542 | -bionic_linux-raspi2: pending (4.15.0-1128.136) |
543 | +bionic_linux-raspi2: released (4.15.0-1128.136) |
544 | esm-apps/bionic_linux-raspi2: needs-triage |
545 | focal_linux-raspi2: ignored (replaced by linux-raspi) |
546 | jammy_linux-raspi2: DNE |
547 | @@ -775,7 +777,7 @@ Patches_linux-snapdragon: |
548 | upstream_linux-snapdragon: released (6.1) |
549 | trusty_linux-snapdragon: DNE |
550 | xenial_linux-snapdragon: ignored (end of standard support) |
551 | -bionic_linux-snapdragon: pending (4.15.0-1146.156) |
552 | +bionic_linux-snapdragon: released (4.15.0-1146.156) |
553 | focal_linux-snapdragon: DNE |
554 | jammy_linux-snapdragon: DNE |
555 | kinetic_linux-snapdragon: DNE |
556 | diff --git a/active/CVE-2022-42329 b/active/CVE-2022-42329 |
557 | index 3a0b3f1..e41cfdf 100644 |
558 | --- a/active/CVE-2022-42329 |
559 | +++ b/active/CVE-2022-42329 |
560 | @@ -11,6 +11,8 @@ References: |
561 | https://ubuntu.com/security/notices/USN-5919-1 |
562 | https://ubuntu.com/security/notices/USN-5920-1 |
563 | https://ubuntu.com/security/notices/USN-5924-1 |
564 | + https://ubuntu.com/security/notices/USN-5925-1 |
565 | + https://ubuntu.com/security/notices/USN-5927-1 |
566 | Description: |
567 | Guests can trigger deadlock in Linux netback driver T[his CNA information |
568 | record relates to multiple CVEs; the text explains which |
569 | @@ -127,7 +129,7 @@ upstream_linux-kvm: released (6.1) |
570 | esm-infra/xenial_linux-kvm: not-affected (4.4.0-1004.9) |
571 | trusty_linux-kvm: DNE |
572 | xenial_linux-kvm: ignored (end of standard support) |
573 | -bionic_linux-kvm: pending (4.15.0-1136.141) |
574 | +bionic_linux-kvm: released (4.15.0-1136.141) |
575 | focal_linux-kvm: released (5.4.0-1087.93) |
576 | jammy_linux-kvm: pending (5.15.0-1029.34) |
577 | kinetic_linux-kvm: needed |
578 | @@ -234,7 +236,7 @@ Patches_linux-azure-4.15: |
579 | upstream_linux-azure-4.15: released (6.1) |
580 | trusty_linux-azure-4.15: DNE |
581 | xenial_linux-azure-4.15: DNE |
582 | -bionic_linux-azure-4.15: pending (4.15.0-1162.177) |
583 | +bionic_linux-azure-4.15: released (4.15.0-1162.177) |
584 | focal_linux-azure-4.15: DNE |
585 | jammy_linux-azure-4.15: DNE |
586 | kinetic_linux-azure-4.15: DNE |
587 | @@ -717,7 +719,7 @@ Patches_linux-raspi2: |
588 | upstream_linux-raspi2: released (6.1) |
589 | trusty_linux-raspi2: DNE |
590 | xenial_linux-raspi2: ignored (end of standard support) |
591 | -bionic_linux-raspi2: pending (4.15.0-1128.136) |
592 | +bionic_linux-raspi2: released (4.15.0-1128.136) |
593 | esm-apps/bionic_linux-raspi2: needs-triage |
594 | focal_linux-raspi2: ignored (replaced by linux-raspi) |
595 | jammy_linux-raspi2: DNE |
596 | @@ -774,7 +776,7 @@ Patches_linux-snapdragon: |
597 | upstream_linux-snapdragon: released (6.1) |
598 | trusty_linux-snapdragon: DNE |
599 | xenial_linux-snapdragon: ignored (end of standard support) |
600 | -bionic_linux-snapdragon: pending (4.15.0-1146.156) |
601 | +bionic_linux-snapdragon: released (4.15.0-1146.156) |
602 | focal_linux-snapdragon: DNE |
603 | jammy_linux-snapdragon: DNE |
604 | kinetic_linux-snapdragon: DNE |
605 | diff --git a/active/CVE-2022-42895 b/active/CVE-2022-42895 |
606 | index 815ce98..6252f94 100644 |
607 | --- a/active/CVE-2022-42895 |
608 | +++ b/active/CVE-2022-42895 |
609 | @@ -25,6 +25,9 @@ References: |
610 | https://ubuntu.com/security/notices/USN-5919-1 |
611 | https://ubuntu.com/security/notices/USN-5920-1 |
612 | https://ubuntu.com/security/notices/USN-5924-1 |
613 | + https://ubuntu.com/security/notices/USN-5925-1 |
614 | + https://ubuntu.com/security/notices/USN-5926-1 |
615 | + https://ubuntu.com/security/notices/USN-5927-1 |
616 | Description: |
617 | There is an infoleak vulnerability in the Linux kernel's |
618 | net/bluetooth/l2cap_core.c's l2cap_parse_conf_req function which can be |
619 | @@ -48,7 +51,7 @@ CVSS: |
620 | Patches_linux: |
621 | break-fix: 42dceae2819b5ac6fc9a0d414ae05a8960e2a1d9 b1a2cd50c0357f243b7435a732b4e62ba3157a2e |
622 | upstream_linux: released (6.1~rc4) |
623 | -esm-infra/xenial_linux: pending |
624 | +esm-infra/xenial_linux: released (4.4.0-237.271) |
625 | trusty_linux: ignored (out of standard support) |
626 | xenial_linux: ignored (out of standard support) |
627 | bionic_linux: released (4.15.0-206.217) |
628 | @@ -131,14 +134,14 @@ bionic_linux-lts-xenial: DNE |
629 | focal_linux-lts-xenial: DNE |
630 | jammy_linux-lts-xenial: DNE |
631 | kinetic_linux-lts-xenial: DNE |
632 | -trusty/esm_linux-lts-xenial: pending |
633 | +trusty/esm_linux-lts-xenial: released (4.4.0-237.271~14.04.1) |
634 | |
635 | Patches_linux-kvm: |
636 | upstream_linux-kvm: released (6.1~rc4) |
637 | -esm-infra/xenial_linux-kvm: pending |
638 | +esm-infra/xenial_linux-kvm: released (4.4.0-1117.127) |
639 | trusty_linux-kvm: DNE |
640 | xenial_linux-kvm: ignored (end of standard support) |
641 | -bionic_linux-kvm: pending (4.15.0-1136.141) |
642 | +bionic_linux-kvm: released (4.15.0-1136.141) |
643 | focal_linux-kvm: released (5.4.0-1086.92) |
644 | jammy_linux-kvm: released (5.15.0-1028.33) |
645 | kinetic_linux-kvm: released (5.19.0-1018.19) |
646 | @@ -153,7 +156,7 @@ bionic_linux-aws: released (4.15.0-1151.164) |
647 | focal_linux-aws: released (5.4.0-1096.104) |
648 | jammy_linux-aws: released (5.15.0-1030.34) |
649 | kinetic_linux-aws: released (5.19.0-1019.20) |
650 | -trusty/esm_linux-aws: pending |
651 | +trusty/esm_linux-aws: released (4.4.0-1116.122) |
652 | devel_linux-aws: pending |
653 | |
654 | Patches_linux-aws-5.0: |
655 | @@ -245,7 +248,7 @@ Patches_linux-azure-4.15: |
656 | upstream_linux-azure-4.15: released (6.1~rc4) |
657 | trusty_linux-azure-4.15: DNE |
658 | xenial_linux-azure-4.15: DNE |
659 | -bionic_linux-azure-4.15: pending (4.15.0-1162.177) |
660 | +bionic_linux-azure-4.15: released (4.15.0-1162.177) |
661 | focal_linux-azure-4.15: DNE |
662 | jammy_linux-azure-4.15: DNE |
663 | kinetic_linux-azure-4.15: DNE |
664 | @@ -728,7 +731,7 @@ Patches_linux-raspi2: |
665 | upstream_linux-raspi2: released (6.1~rc4) |
666 | trusty_linux-raspi2: DNE |
667 | xenial_linux-raspi2: ignored (end of standard support) |
668 | -bionic_linux-raspi2: pending (4.15.0-1128.136) |
669 | +bionic_linux-raspi2: released (4.15.0-1128.136) |
670 | esm-apps/bionic_linux-raspi2: needs-triage |
671 | focal_linux-raspi2: ignored (replaced by linux-raspi) |
672 | jammy_linux-raspi2: DNE |
673 | @@ -785,7 +788,7 @@ Patches_linux-snapdragon: |
674 | upstream_linux-snapdragon: released (6.1~rc4) |
675 | trusty_linux-snapdragon: DNE |
676 | xenial_linux-snapdragon: ignored (end of standard support) |
677 | -bionic_linux-snapdragon: pending (4.15.0-1146.156) |
678 | +bionic_linux-snapdragon: released (4.15.0-1146.156) |
679 | focal_linux-snapdragon: DNE |
680 | jammy_linux-snapdragon: DNE |
681 | kinetic_linux-snapdragon: DNE |
682 | diff --git a/active/CVE-2022-47929 b/active/CVE-2022-47929 |
683 | index b11e120..8f957e9 100644 |
684 | --- a/active/CVE-2022-47929 |
685 | +++ b/active/CVE-2022-47929 |
686 | @@ -10,6 +10,7 @@ References: |
687 | https://ubuntu.com/security/notices/USN-5915-1 |
688 | https://ubuntu.com/security/notices/USN-5917-1 |
689 | https://ubuntu.com/security/notices/USN-5924-1 |
690 | + https://ubuntu.com/security/notices/USN-5927-1 |
691 | Description: |
692 | In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the |
693 | traffic control subsystem allows an unprivileged user to trigger a denial |
694 | @@ -229,7 +230,7 @@ Patches_linux-azure-4.15: |
695 | upstream_linux-azure-4.15: released (6.2~rc4) |
696 | trusty_linux-azure-4.15: DNE |
697 | xenial_linux-azure-4.15: DNE |
698 | -bionic_linux-azure-4.15: pending (4.15.0-1162.177) |
699 | +bionic_linux-azure-4.15: released (4.15.0-1162.177) |
700 | focal_linux-azure-4.15: DNE |
701 | jammy_linux-azure-4.15: DNE |
702 | kinetic_linux-azure-4.15: DNE |
703 | diff --git a/active/CVE-2023-0045 b/active/CVE-2023-0045 |
704 | index 024671c..10e141f 100644 |
705 | --- a/active/CVE-2023-0045 |
706 | +++ b/active/CVE-2023-0045 |
707 | @@ -13,6 +13,8 @@ References: |
708 | https://ubuntu.com/security/notices/USN-5915-1 |
709 | https://ubuntu.com/security/notices/USN-5917-1 |
710 | https://ubuntu.com/security/notices/USN-5924-1 |
711 | + https://ubuntu.com/security/notices/USN-5926-1 |
712 | + https://ubuntu.com/security/notices/USN-5927-1 |
713 | Description: |
714 | Ubuntu-Description: |
715 | José Oliveira and Rodrigo Branco discovered that the prctl syscall |
716 | @@ -30,7 +32,7 @@ CVSS: |
717 | Patches_linux: |
718 | break-fix: 9137bb27e60e554dab694eafa4cca241fa3a694f a664ec9158eeddd75121d39c9a0758016097fa96 |
719 | upstream_linux: released (6.2~rc3) |
720 | -esm-infra/xenial_linux: ignored (was needed ESM criteria) |
721 | +esm-infra/xenial_linux: released (4.4.0-237.271) |
722 | trusty_linux: ignored (out of standard support) |
723 | xenial_linux: ignored (out of standard support) |
724 | bionic_linux: needed |
725 | @@ -113,11 +115,11 @@ bionic_linux-lts-xenial: DNE |
726 | focal_linux-lts-xenial: DNE |
727 | jammy_linux-lts-xenial: DNE |
728 | kinetic_linux-lts-xenial: DNE |
729 | -trusty/esm_linux-lts-xenial: ignored (was needed ESM criteria) |
730 | +trusty/esm_linux-lts-xenial: released (4.4.0-237.271~14.04.1) |
731 | |
732 | Patches_linux-kvm: |
733 | upstream_linux-kvm: released (6.2~rc3) |
734 | -esm-infra/xenial_linux-kvm: ignored (was needed ESM criteria) |
735 | +esm-infra/xenial_linux-kvm: released (4.4.0-1117.127) |
736 | trusty_linux-kvm: DNE |
737 | xenial_linux-kvm: ignored (end of standard support) |
738 | bionic_linux-kvm: needed |
739 | @@ -135,7 +137,7 @@ bionic_linux-aws: needed |
740 | focal_linux-aws: released (5.4.0-1097.105) |
741 | jammy_linux-aws: needed |
742 | kinetic_linux-aws: needed |
743 | -trusty/esm_linux-aws: ignored (was needed ESM criteria) |
744 | +trusty/esm_linux-aws: released (4.4.0-1116.122) |
745 | devel_linux-aws: needed |
746 | |
747 | Patches_linux-aws-5.0: |
748 | @@ -227,7 +229,7 @@ Patches_linux-azure-4.15: |
749 | upstream_linux-azure-4.15: released (6.2~rc3) |
750 | trusty_linux-azure-4.15: DNE |
751 | xenial_linux-azure-4.15: DNE |
752 | -bionic_linux-azure-4.15: needed |
753 | +bionic_linux-azure-4.15: released (4.15.0-1162.177) |
754 | focal_linux-azure-4.15: DNE |
755 | jammy_linux-azure-4.15: DNE |
756 | kinetic_linux-azure-4.15: DNE |
757 | diff --git a/active/CVE-2023-0266 b/active/CVE-2023-0266 |
758 | index fee45a2..78ca91f 100644 |
759 | --- a/active/CVE-2023-0266 |
760 | +++ b/active/CVE-2023-0266 |
761 | @@ -7,6 +7,7 @@ References: |
762 | https://ubuntu.com/security/notices/USN-5915-1 |
763 | https://ubuntu.com/security/notices/USN-5917-1 |
764 | https://ubuntu.com/security/notices/USN-5924-1 |
765 | + https://ubuntu.com/security/notices/USN-5927-1 |
766 | Description: |
767 | A use after free vulnerability exists in the ALSA PCM package in the Linux |
768 | Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be |
769 | @@ -229,7 +230,7 @@ Patches_linux-azure-4.15: |
770 | upstream_linux-azure-4.15: released (6.2~rc4) |
771 | trusty_linux-azure-4.15: DNE |
772 | xenial_linux-azure-4.15: DNE |
773 | -bionic_linux-azure-4.15: needed |
774 | +bionic_linux-azure-4.15: released (4.15.0-1162.177) |
775 | focal_linux-azure-4.15: DNE |
776 | jammy_linux-azure-4.15: DNE |
777 | kinetic_linux-azure-4.15: DNE |
778 | diff --git a/active/CVE-2023-0394 b/active/CVE-2023-0394 |
779 | index 90e6e73..589081b 100644 |
780 | --- a/active/CVE-2023-0394 |
781 | +++ b/active/CVE-2023-0394 |
782 | @@ -7,6 +7,7 @@ References: |
783 | https://git.kernel.org/linus/cb3e9864cdbe35ff6378966660edbcbac955fe17 (6.2-rc4) |
784 | https://ubuntu.com/security/notices/USN-5917-1 |
785 | https://ubuntu.com/security/notices/USN-5924-1 |
786 | + https://ubuntu.com/security/notices/USN-5927-1 |
787 | Description: |
788 | A NULL pointer dereference flaw was found in rawv6_push_pending_frames in |
789 | net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw |
790 | @@ -224,7 +225,7 @@ Patches_linux-azure-4.15: |
791 | upstream_linux-azure-4.15: needs-triage |
792 | trusty_linux-azure-4.15: DNE |
793 | xenial_linux-azure-4.15: DNE |
794 | -bionic_linux-azure-4.15: needs-triage |
795 | +bionic_linux-azure-4.15: released (4.15.0-1162.177) |
796 | focal_linux-azure-4.15: DNE |
797 | jammy_linux-azure-4.15: DNE |
798 | kinetic_linux-azure-4.15: DNE |
799 | diff --git a/active/CVE-2023-0461 b/active/CVE-2023-0461 |
800 | index 5734750..74fa5b6 100644 |
801 | --- a/active/CVE-2023-0461 |
802 | +++ b/active/CVE-2023-0461 |
803 | @@ -13,6 +13,8 @@ References: |
804 | https://ubuntu.com/security/notices/USN-5919-1 |
805 | https://ubuntu.com/security/notices/USN-5920-1 |
806 | https://ubuntu.com/security/notices/USN-5924-1 |
807 | + https://ubuntu.com/security/notices/USN-5925-1 |
808 | + https://ubuntu.com/security/notices/USN-5927-1 |
809 | Description: |
810 | There is a use-after-free vulnerability in the Linux Kernel which can be |
811 | exploited to achieve local privilege escalation. To reach the vulnerability |
812 | @@ -142,7 +144,7 @@ upstream_linux-kvm: released (6.2~rc3) |
813 | esm-infra/xenial_linux-kvm: not-affected (4.4.0-1004.9) |
814 | trusty_linux-kvm: DNE |
815 | xenial_linux-kvm: ignored (end of standard support) |
816 | -bionic_linux-kvm: pending (4.15.0-1136.141) |
817 | +bionic_linux-kvm: released (4.15.0-1136.141) |
818 | focal_linux-kvm: released (5.4.0-1087.93) |
819 | jammy_linux-kvm: pending (5.15.0-1029.34) |
820 | kinetic_linux-kvm: pending (5.19.0-1019.20) |
821 | @@ -249,7 +251,7 @@ Patches_linux-azure-4.15: |
822 | upstream_linux-azure-4.15: released (6.2~rc3) |
823 | trusty_linux-azure-4.15: DNE |
824 | xenial_linux-azure-4.15: DNE |
825 | -bionic_linux-azure-4.15: needed |
826 | +bionic_linux-azure-4.15: released (4.15.0-1162.177) |
827 | focal_linux-azure-4.15: DNE |
828 | jammy_linux-azure-4.15: DNE |
829 | kinetic_linux-azure-4.15: DNE |
830 | @@ -767,7 +769,7 @@ Patches_linux-raspi2: |
831 | upstream_linux-raspi2: released (6.2~rc3) |
832 | trusty_linux-raspi2: DNE |
833 | xenial_linux-raspi2: ignored (end of standard support) |
834 | -bionic_linux-raspi2: pending (4.15.0-1128.136) |
835 | +bionic_linux-raspi2: released (4.15.0-1128.136) |
836 | focal_linux-raspi2: ignored (replaced by linux-raspi) |
837 | jammy_linux-raspi2: DNE |
838 | kinetic_linux-raspi2: DNE |
839 | @@ -824,7 +826,7 @@ Patches_linux-snapdragon: |
840 | upstream_linux-snapdragon: released (6.2~rc3) |
841 | trusty_linux-snapdragon: DNE |
842 | xenial_linux-snapdragon: ignored (end of standard support) |
843 | -bionic_linux-snapdragon: pending (4.15.0-1146.156) |
844 | +bionic_linux-snapdragon: released (4.15.0-1146.156) |
845 | focal_linux-snapdragon: DNE |
846 | jammy_linux-snapdragon: DNE |
847 | kinetic_linux-snapdragon: DNE |
848 | diff --git a/active/CVE-2023-0795 b/active/CVE-2023-0795 |
849 | index 7dec1e4..483058d 100644 |
850 | --- a/active/CVE-2023-0795 |
851 | +++ b/active/CVE-2023-0795 |
852 | @@ -1,3 +1,4 @@ |
853 | +PublicDateAtUSN: 2023-02-13 23:15:00 UTC |
854 | Candidate: CVE-2023-0795 |
855 | PublicDate: 2023-02-13 23:15:00 UTC |
856 | References: |
857 | @@ -5,6 +6,7 @@ References: |
858 | https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68 |
859 | https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0795.json |
860 | https://gitlab.com/libtiff/libtiff/-/issues/493 |
861 | + https://ubuntu.com/security/notices/USN-5923-1 |
862 | Description: |
863 | LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in |
864 | tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via |
865 | @@ -22,12 +24,12 @@ CVSS: |
866 | |
867 | Patches_tiff: |
868 | upstream_tiff: needs-triage |
869 | -esm-infra/xenial_tiff: needed |
870 | +esm-infra/xenial_tiff: released (4.0.6-1ubuntu0.8+esm10) |
871 | trusty_tiff: ignored (out of standard support) |
872 | xenial_tiff: ignored (out of standard support) |
873 | -bionic_tiff: needed |
874 | -focal_tiff: needed |
875 | -jammy_tiff: needed |
876 | -kinetic_tiff: needed |
877 | -trusty/esm_tiff: needed |
878 | +bionic_tiff: released (4.0.9-5ubuntu0.10) |
879 | +focal_tiff: released (4.1.0+git191117-2ubuntu0.20.04.8) |
880 | +jammy_tiff: released (4.3.0-6ubuntu0.4) |
881 | +kinetic_tiff: released (4.4.0-4ubuntu3.3) |
882 | +trusty/esm_tiff: released (4.0.3-7ubuntu0.11+esm7) |
883 | devel_tiff: needed |
884 | diff --git a/active/CVE-2023-0796 b/active/CVE-2023-0796 |
885 | index ac71312..a30205c 100644 |
886 | --- a/active/CVE-2023-0796 |
887 | +++ b/active/CVE-2023-0796 |
888 | @@ -1,3 +1,4 @@ |
889 | +PublicDateAtUSN: 2023-02-13 23:15:00 UTC |
890 | Candidate: CVE-2023-0796 |
891 | PublicDate: 2023-02-13 23:15:00 UTC |
892 | References: |
893 | @@ -5,6 +6,7 @@ References: |
894 | https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0796.json |
895 | https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68 |
896 | https://gitlab.com/libtiff/libtiff/-/issues/499 |
897 | + https://ubuntu.com/security/notices/USN-5923-1 |
898 | Description: |
899 | LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in |
900 | tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via |
901 | @@ -22,12 +24,12 @@ CVSS: |
902 | |
903 | Patches_tiff: |
904 | upstream_tiff: needs-triage |
905 | -esm-infra/xenial_tiff: needed |
906 | +esm-infra/xenial_tiff: released (4.0.6-1ubuntu0.8+esm10) |
907 | trusty_tiff: ignored (out of standard support) |
908 | xenial_tiff: ignored (out of standard support) |
909 | -bionic_tiff: needed |
910 | -focal_tiff: needed |
911 | -jammy_tiff: needed |
912 | -kinetic_tiff: needed |
913 | -trusty/esm_tiff: needed |
914 | +bionic_tiff: released (4.0.9-5ubuntu0.10) |
915 | +focal_tiff: released (4.1.0+git191117-2ubuntu0.20.04.8) |
916 | +jammy_tiff: released (4.3.0-6ubuntu0.4) |
917 | +kinetic_tiff: released (4.4.0-4ubuntu3.3) |
918 | +trusty/esm_tiff: released (4.0.3-7ubuntu0.11+esm7) |
919 | devel_tiff: needed |
920 | diff --git a/active/CVE-2023-0797 b/active/CVE-2023-0797 |
921 | index 578240d..704dce7 100644 |
922 | --- a/active/CVE-2023-0797 |
923 | +++ b/active/CVE-2023-0797 |
924 | @@ -1,3 +1,4 @@ |
925 | +PublicDateAtUSN: 2023-02-13 23:15:00 UTC |
926 | Candidate: CVE-2023-0797 |
927 | PublicDate: 2023-02-13 23:15:00 UTC |
928 | References: |
929 | @@ -5,6 +6,7 @@ References: |
930 | https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68 |
931 | https://gitlab.com/libtiff/libtiff/-/issues/495 |
932 | https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0797.json |
933 | + https://ubuntu.com/security/notices/USN-5923-1 |
934 | Description: |
935 | LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in |
936 | libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and |
937 | @@ -23,12 +25,12 @@ CVSS: |
938 | |
939 | Patches_tiff: |
940 | upstream_tiff: needs-triage |
941 | -esm-infra/xenial_tiff: needed |
942 | +esm-infra/xenial_tiff: released (4.0.6-1ubuntu0.8+esm10) |
943 | trusty_tiff: ignored (out of standard support) |
944 | xenial_tiff: ignored (out of standard support) |
945 | -bionic_tiff: needed |
946 | -focal_tiff: needed |
947 | -jammy_tiff: needed |
948 | -kinetic_tiff: needed |
949 | -trusty/esm_tiff: needed |
950 | +bionic_tiff: released (4.0.9-5ubuntu0.10) |
951 | +focal_tiff: released (4.1.0+git191117-2ubuntu0.20.04.8) |
952 | +jammy_tiff: released (4.3.0-6ubuntu0.4) |
953 | +kinetic_tiff: released (4.4.0-4ubuntu3.3) |
954 | +trusty/esm_tiff: released (4.0.3-7ubuntu0.11+esm7) |
955 | devel_tiff: needed |
956 | diff --git a/active/CVE-2023-0798 b/active/CVE-2023-0798 |
957 | index 371f0f1..2921a4c 100644 |
958 | --- a/active/CVE-2023-0798 |
959 | +++ b/active/CVE-2023-0798 |
960 | @@ -1,3 +1,4 @@ |
961 | +PublicDateAtUSN: 2023-02-13 23:15:00 UTC |
962 | Candidate: CVE-2023-0798 |
963 | PublicDate: 2023-02-13 23:15:00 UTC |
964 | References: |
965 | @@ -5,6 +6,7 @@ References: |
966 | https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0798.json |
967 | https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68 |
968 | https://gitlab.com/libtiff/libtiff/-/issues/492 |
969 | + https://ubuntu.com/security/notices/USN-5923-1 |
970 | Description: |
971 | LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in |
972 | tools/tiffcrop.c:3400, allowing attackers to cause a denial-of-service via |
973 | @@ -22,12 +24,12 @@ CVSS: |
974 | |
975 | Patches_tiff: |
976 | upstream_tiff: needs-triage |
977 | -esm-infra/xenial_tiff: needed |
978 | +esm-infra/xenial_tiff: released (4.0.6-1ubuntu0.8+esm10) |
979 | trusty_tiff: ignored (out of standard support) |
980 | xenial_tiff: ignored (out of standard support) |
981 | -bionic_tiff: needed |
982 | -focal_tiff: needed |
983 | -jammy_tiff: needed |
984 | -kinetic_tiff: needed |
985 | -trusty/esm_tiff: needed |
986 | +bionic_tiff: released (4.0.9-5ubuntu0.10) |
987 | +focal_tiff: released (4.1.0+git191117-2ubuntu0.20.04.8) |
988 | +jammy_tiff: released (4.3.0-6ubuntu0.4) |
989 | +kinetic_tiff: released (4.4.0-4ubuntu3.3) |
990 | +trusty/esm_tiff: released (4.0.3-7ubuntu0.11+esm7) |
991 | devel_tiff: needed |
992 | diff --git a/active/CVE-2023-0799 b/active/CVE-2023-0799 |
993 | index 67d434b..aa4f1b2 100644 |
994 | --- a/active/CVE-2023-0799 |
995 | +++ b/active/CVE-2023-0799 |
996 | @@ -1,3 +1,4 @@ |
997 | +PublicDateAtUSN: 2023-02-13 23:15:00 UTC |
998 | Candidate: CVE-2023-0799 |
999 | PublicDate: 2023-02-13 23:15:00 UTC |
1000 | References: |
1001 | @@ -5,6 +6,7 @@ References: |
1002 | https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0799.json |
1003 | https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68 |
1004 | https://gitlab.com/libtiff/libtiff/-/issues/494 |
1005 | + https://ubuntu.com/security/notices/USN-5923-1 |
1006 | Description: |
1007 | LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in |
1008 | tools/tiffcrop.c:3701, allowing attackers to cause a denial-of-service via |
1009 | @@ -22,12 +24,12 @@ CVSS: |
1010 | |
1011 | Patches_tiff: |
1012 | upstream_tiff: needs-triage |
1013 | -esm-infra/xenial_tiff: needed |
1014 | +esm-infra/xenial_tiff: released (4.0.6-1ubuntu0.8+esm10) |
1015 | trusty_tiff: ignored (out of standard support) |
1016 | xenial_tiff: ignored (out of standard support) |
1017 | -bionic_tiff: needed |
1018 | -focal_tiff: needed |
1019 | -jammy_tiff: needed |
1020 | -kinetic_tiff: needed |
1021 | -trusty/esm_tiff: needed |
1022 | +bionic_tiff: released (4.0.9-5ubuntu0.10) |
1023 | +focal_tiff: released (4.1.0+git191117-2ubuntu0.20.04.8) |
1024 | +jammy_tiff: released (4.3.0-6ubuntu0.4) |
1025 | +kinetic_tiff: released (4.4.0-4ubuntu3.3) |
1026 | +trusty/esm_tiff: released (4.0.3-7ubuntu0.11+esm7) |
1027 | devel_tiff: needed |
1028 | diff --git a/active/CVE-2023-0800 b/active/CVE-2023-0800 |
1029 | index f75dbe3..157e62e 100644 |
1030 | --- a/active/CVE-2023-0800 |
1031 | +++ b/active/CVE-2023-0800 |
1032 | @@ -1,3 +1,4 @@ |
1033 | +PublicDateAtUSN: 2023-02-13 23:15:00 UTC |
1034 | Candidate: CVE-2023-0800 |
1035 | PublicDate: 2023-02-13 23:15:00 UTC |
1036 | References: |
1037 | @@ -5,6 +6,7 @@ References: |
1038 | https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0800.json |
1039 | https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00 |
1040 | https://gitlab.com/libtiff/libtiff/-/issues/496 |
1041 | + https://ubuntu.com/security/notices/USN-5923-1 |
1042 | Description: |
1043 | LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in |
1044 | tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via |
1045 | @@ -22,12 +24,12 @@ CVSS: |
1046 | |
1047 | Patches_tiff: |
1048 | upstream_tiff: needs-triage |
1049 | -esm-infra/xenial_tiff: needed |
1050 | +esm-infra/xenial_tiff: released (4.0.6-1ubuntu0.8+esm10) |
1051 | trusty_tiff: ignored (out of standard support) |
1052 | xenial_tiff: ignored (out of standard support) |
1053 | -bionic_tiff: needed |
1054 | -focal_tiff: needed |
1055 | -jammy_tiff: needed |
1056 | -kinetic_tiff: needed |
1057 | -trusty/esm_tiff: needed |
1058 | +bionic_tiff: released (4.0.9-5ubuntu0.10) |
1059 | +focal_tiff: released (4.1.0+git191117-2ubuntu0.20.04.8) |
1060 | +jammy_tiff: released (4.3.0-6ubuntu0.4) |
1061 | +kinetic_tiff: released (4.4.0-4ubuntu3.3) |
1062 | +trusty/esm_tiff: released (4.0.3-7ubuntu0.11+esm7) |
1063 | devel_tiff: needed |
1064 | diff --git a/active/CVE-2023-0801 b/active/CVE-2023-0801 |
1065 | index 27f6a21..afea0fe 100644 |
1066 | --- a/active/CVE-2023-0801 |
1067 | +++ b/active/CVE-2023-0801 |
1068 | @@ -1,3 +1,4 @@ |
1069 | +PublicDateAtUSN: 2023-02-13 23:15:00 UTC |
1070 | Candidate: CVE-2023-0801 |
1071 | PublicDate: 2023-02-13 23:15:00 UTC |
1072 | References: |
1073 | @@ -5,6 +6,7 @@ References: |
1074 | https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00 |
1075 | https://gitlab.com/libtiff/libtiff/-/issues/498 |
1076 | https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0801.json |
1077 | + https://ubuntu.com/security/notices/USN-5923-1 |
1078 | Description: |
1079 | LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in |
1080 | libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and |
1081 | @@ -23,12 +25,12 @@ CVSS: |
1082 | |
1083 | Patches_tiff: |
1084 | upstream_tiff: needs-triage |
1085 | -esm-infra/xenial_tiff: needed |
1086 | +esm-infra/xenial_tiff: released (4.0.6-1ubuntu0.8+esm10) |
1087 | trusty_tiff: ignored (out of standard support) |
1088 | xenial_tiff: ignored (out of standard support) |
1089 | -bionic_tiff: needed |
1090 | -focal_tiff: needed |
1091 | -jammy_tiff: needed |
1092 | -kinetic_tiff: needed |
1093 | -trusty/esm_tiff: needed |
1094 | +bionic_tiff: released (4.0.9-5ubuntu0.10) |
1095 | +focal_tiff: released (4.1.0+git191117-2ubuntu0.20.04.8) |
1096 | +jammy_tiff: released (4.3.0-6ubuntu0.4) |
1097 | +kinetic_tiff: released (4.4.0-4ubuntu3.3) |
1098 | +trusty/esm_tiff: released (4.0.3-7ubuntu0.11+esm7) |
1099 | devel_tiff: needed |
1100 | diff --git a/active/CVE-2023-0802 b/active/CVE-2023-0802 |
1101 | index fc74216..6f171af 100644 |
1102 | --- a/active/CVE-2023-0802 |
1103 | +++ b/active/CVE-2023-0802 |
1104 | @@ -1,3 +1,4 @@ |
1105 | +PublicDateAtUSN: 2023-02-13 23:15:00 UTC |
1106 | Candidate: CVE-2023-0802 |
1107 | PublicDate: 2023-02-13 23:15:00 UTC |
1108 | References: |
1109 | @@ -5,6 +6,7 @@ References: |
1110 | https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0802.json |
1111 | https://gitlab.com/libtiff/libtiff/-/issues/500 |
1112 | https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00 |
1113 | + https://ubuntu.com/security/notices/USN-5923-1 |
1114 | Description: |
1115 | LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in |
1116 | tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via |
1117 | @@ -22,12 +24,12 @@ CVSS: |
1118 | |
1119 | Patches_tiff: |
1120 | upstream_tiff: needs-triage |
1121 | -esm-infra/xenial_tiff: needed |
1122 | +esm-infra/xenial_tiff: released (4.0.6-1ubuntu0.8+esm10) |
1123 | trusty_tiff: ignored (out of standard support) |
1124 | xenial_tiff: ignored (out of standard support) |
1125 | -bionic_tiff: needed |
1126 | -focal_tiff: needed |
1127 | -jammy_tiff: needed |
1128 | -kinetic_tiff: needed |
1129 | -trusty/esm_tiff: needed |
1130 | +bionic_tiff: released (4.0.9-5ubuntu0.10) |
1131 | +focal_tiff: released (4.1.0+git191117-2ubuntu0.20.04.8) |
1132 | +jammy_tiff: released (4.3.0-6ubuntu0.4) |
1133 | +kinetic_tiff: released (4.4.0-4ubuntu3.3) |
1134 | +trusty/esm_tiff: released (4.0.3-7ubuntu0.11+esm7) |
1135 | devel_tiff: needed |
1136 | diff --git a/active/CVE-2023-0803 b/active/CVE-2023-0803 |
1137 | index a6c66ad..8d7afc4 100644 |
1138 | --- a/active/CVE-2023-0803 |
1139 | +++ b/active/CVE-2023-0803 |
1140 | @@ -1,3 +1,4 @@ |
1141 | +PublicDateAtUSN: 2023-02-13 23:15:00 UTC |
1142 | Candidate: CVE-2023-0803 |
1143 | PublicDate: 2023-02-13 23:15:00 UTC |
1144 | References: |
1145 | @@ -5,6 +6,7 @@ References: |
1146 | https://gitlab.com/libtiff/libtiff/-/issues/501 |
1147 | https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00 |
1148 | https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0803.json |
1149 | + https://ubuntu.com/security/notices/USN-5923-1 |
1150 | Description: |
1151 | LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in |
1152 | tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via |
1153 | @@ -22,12 +24,12 @@ CVSS: |
1154 | |
1155 | Patches_tiff: |
1156 | upstream_tiff: needs-triage |
1157 | -esm-infra/xenial_tiff: needed |
1158 | +esm-infra/xenial_tiff: released (4.0.6-1ubuntu0.8+esm10) |
1159 | trusty_tiff: ignored (out of standard support) |
1160 | xenial_tiff: ignored (out of standard support) |
1161 | -bionic_tiff: needed |
1162 | -focal_tiff: needed |
1163 | -jammy_tiff: needed |
1164 | -kinetic_tiff: needed |
1165 | -trusty/esm_tiff: needed |
1166 | +bionic_tiff: released (4.0.9-5ubuntu0.10) |
1167 | +focal_tiff: released (4.1.0+git191117-2ubuntu0.20.04.8) |
1168 | +jammy_tiff: released (4.3.0-6ubuntu0.4) |
1169 | +kinetic_tiff: released (4.4.0-4ubuntu3.3) |
1170 | +trusty/esm_tiff: released (4.0.3-7ubuntu0.11+esm7) |
1171 | devel_tiff: needed |
1172 | diff --git a/active/CVE-2023-0804 b/active/CVE-2023-0804 |
1173 | index ca75e81..465e815 100644 |
1174 | --- a/active/CVE-2023-0804 |
1175 | +++ b/active/CVE-2023-0804 |
1176 | @@ -1,3 +1,4 @@ |
1177 | +PublicDateAtUSN: 2023-02-13 23:15:00 UTC |
1178 | Candidate: CVE-2023-0804 |
1179 | PublicDate: 2023-02-13 23:15:00 UTC |
1180 | References: |
1181 | @@ -5,6 +6,7 @@ References: |
1182 | https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00 |
1183 | https://gitlab.com/libtiff/libtiff/-/issues/497 |
1184 | https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0804.json |
1185 | + https://ubuntu.com/security/notices/USN-5923-1 |
1186 | Description: |
1187 | LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in |
1188 | tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via |
1189 | @@ -22,12 +24,12 @@ CVSS: |
1190 | |
1191 | Patches_tiff: |
1192 | upstream_tiff: needs-triage |
1193 | -esm-infra/xenial_tiff: needed |
1194 | +esm-infra/xenial_tiff: released (4.0.6-1ubuntu0.8+esm10) |
1195 | trusty_tiff: ignored (out of standard support) |
1196 | xenial_tiff: ignored (out of standard support) |
1197 | -bionic_tiff: needed |
1198 | -focal_tiff: needed |
1199 | -jammy_tiff: needed |
1200 | -trusty/esm_tiff: needed |
1201 | -kinetic_tiff: needed |
1202 | +bionic_tiff: released (4.0.9-5ubuntu0.10) |
1203 | +focal_tiff: released (4.1.0+git191117-2ubuntu0.20.04.8) |
1204 | +jammy_tiff: released (4.3.0-6ubuntu0.4) |
1205 | +trusty/esm_tiff: released (4.0.3-7ubuntu0.11+esm7) |
1206 | +kinetic_tiff: released (4.4.0-4ubuntu3.3) |
1207 | devel_tiff: needed |
1208 | diff --git a/active/CVE-2023-23455 b/active/CVE-2023-23455 |
1209 | index e2cbebb..23cd932 100644 |
1210 | --- a/active/CVE-2023-23455 |
1211 | +++ b/active/CVE-2023-23455 |
1212 | @@ -10,6 +10,7 @@ References: |
1213 | https://ubuntu.com/security/notices/USN-5915-1 |
1214 | https://ubuntu.com/security/notices/USN-5917-1 |
1215 | https://ubuntu.com/security/notices/USN-5924-1 |
1216 | + https://ubuntu.com/security/notices/USN-5927-1 |
1217 | Description: |
1218 | atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 |
1219 | allows attackers to cause a denial of service because of type confusion |
1220 | @@ -231,7 +232,7 @@ Patches_linux-azure-4.15: |
1221 | upstream_linux-azure-4.15: released (6.2~rc3) |
1222 | trusty_linux-azure-4.15: DNE |
1223 | xenial_linux-azure-4.15: DNE |
1224 | -bionic_linux-azure-4.15: pending (4.15.0-1162.177) |
1225 | +bionic_linux-azure-4.15: released (4.15.0-1162.177) |
1226 | focal_linux-azure-4.15: DNE |
1227 | jammy_linux-azure-4.15: DNE |
1228 | kinetic_linux-azure-4.15: DNE |
1229 | diff --git a/active/CVE-2023-23559 b/active/CVE-2023-23559 |
1230 | index c54692a..8987ae0 100644 |
1231 | --- a/active/CVE-2023-23559 |
1232 | +++ b/active/CVE-2023-23559 |
1233 | @@ -6,6 +6,8 @@ References: |
1234 | https://patchwork.kernel.org/project/linux-wireless/patch/20230110173007.57110-1-szymon.heidrich@gmail.com/ |
1235 | https://ubuntu.com/security/notices/USN-5884-1 |
1236 | https://ubuntu.com/security/notices/USN-5924-1 |
1237 | + https://ubuntu.com/security/notices/USN-5926-1 |
1238 | + https://ubuntu.com/security/notices/USN-5927-1 |
1239 | Description: |
1240 | In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel |
1241 | through 6.1.5, there is an integer overflow in an addition. |
1242 | @@ -26,7 +28,7 @@ CVSS: |
1243 | Patches_linux: |
1244 | break-fix: 80f8c5b434f94926c6489d7350d58aecb53ab70f b870e73a56c4cccbec33224233eaf295839f228c |
1245 | upstream_linux: released (6.2~rc5) |
1246 | -esm-infra/xenial_linux: pending |
1247 | +esm-infra/xenial_linux: released (4.4.0-237.271) |
1248 | trusty_linux: ignored (out of standard support) |
1249 | xenial_linux: ignored (out of standard support) |
1250 | bionic_linux: pending (4.15.0-207.218) |
1251 | @@ -109,11 +111,11 @@ bionic_linux-lts-xenial: DNE |
1252 | focal_linux-lts-xenial: DNE |
1253 | jammy_linux-lts-xenial: DNE |
1254 | kinetic_linux-lts-xenial: DNE |
1255 | -trusty/esm_linux-lts-xenial: pending |
1256 | +trusty/esm_linux-lts-xenial: released (4.4.0-237.271~14.04.1) |
1257 | |
1258 | Patches_linux-kvm: |
1259 | upstream_linux-kvm: released (6.2~rc5) |
1260 | -esm-infra/xenial_linux-kvm: pending |
1261 | +esm-infra/xenial_linux-kvm: released (4.4.0-1117.127) |
1262 | trusty_linux-kvm: DNE |
1263 | xenial_linux-kvm: ignored (end of standard support) |
1264 | bionic_linux-kvm: needed |
1265 | @@ -131,7 +133,7 @@ bionic_linux-aws: needed |
1266 | focal_linux-aws: needed |
1267 | jammy_linux-aws: needed |
1268 | kinetic_linux-aws: needed |
1269 | -trusty/esm_linux-aws: pending |
1270 | +trusty/esm_linux-aws: released (4.4.0-1116.122) |
1271 | devel_linux-aws: needed |
1272 | |
1273 | Patches_linux-aws-5.0: |
1274 | @@ -223,7 +225,7 @@ Patches_linux-azure-4.15: |
1275 | upstream_linux-azure-4.15: released (6.2~rc5) |
1276 | trusty_linux-azure-4.15: DNE |
1277 | xenial_linux-azure-4.15: DNE |
1278 | -bionic_linux-azure-4.15: pending (4.15.0-1162.177) |
1279 | +bionic_linux-azure-4.15: released (4.15.0-1162.177) |
1280 | focal_linux-azure-4.15: DNE |
1281 | jammy_linux-azure-4.15: DNE |
1282 | kinetic_linux-azure-4.15: DNE |
1283 | diff --git a/scripts/packages-mirror b/scripts/packages-mirror |
1284 | index 3b08dc1..6bac3b4 100755 |
1285 | --- a/scripts/packages-mirror |
1286 | +++ b/scripts/packages-mirror |
1287 | @@ -18,6 +18,7 @@ help() { |
1288 | cat <<EOM |
1289 | Usage: packages_mirror [OPTIONS] |
1290 | |
1291 | + -w use wget instead of rsync to fetch the mirror contents |
1292 | -t use timestamps (ie, don't update files if they have been |
1293 | updated within the last day) |
1294 | -f when using timestamps, force updating the files |
1295 | @@ -31,9 +32,10 @@ EOM |
1296 | } |
1297 | |
1298 | find_devel_release() { |
1299 | - PYTHONPATH="$(dirname $0)" python3 -c "import cve_lib; print(cve_lib.devel_release)" || true |
1300 | + PYTHONPATH="$(dirname "$0")" python3 -c "import cve_lib; print(cve_lib.devel_release)" || true |
1301 | } |
1302 | |
1303 | +use_wget="no" |
1304 | use_timestamp="no" |
1305 | force_timestamp="no" |
1306 | verbosity_args="-q" |
1307 | @@ -43,9 +45,10 @@ very_verbose="" |
1308 | only_partner="no" |
1309 | only_ubuntu="no" |
1310 | |
1311 | -while getopts "AhftvVpur:" opt |
1312 | +while getopts "AwhftvVpur:" opt |
1313 | do |
1314 | case "$opt" in |
1315 | + w) use_wget="yes";; |
1316 | f) force_timestamp="yes";; |
1317 | t) use_timestamp="yes";; |
1318 | v) verbosity_args="";; |
1319 | @@ -63,9 +66,11 @@ shift $((OPTIND - 1)) |
1320 | |
1321 | #server=se.archive.ubuntu.com |
1322 | #server=us.archive.ubuntu.com |
1323 | -server=archive.ubuntu.com |
1324 | +server=${server:-archive.ubuntu.com} |
1325 | ports=${ports:-ports.ubuntu.com} |
1326 | +debian=${debian:-ftp.debian.org} |
1327 | |
1328 | +# shellcheck disable=SC1091 |
1329 | . "$HOME"/.ubuntu-cve-tracker.conf |
1330 | |
1331 | for var in packages_mirror debian_mirror partner_mirror; do |
1332 | @@ -74,16 +79,19 @@ for var in packages_mirror debian_mirror partner_mirror; do |
1333 | exit 1 |
1334 | fi |
1335 | done |
1336 | +# shellcheck disable=SC2154 |
1337 | outPath=$packages_mirror |
1338 | mkdir -p "$outPath" |
1339 | |
1340 | +# shellcheck disable=SC2154 |
1341 | debianPath=$debian_mirror |
1342 | mkdir -p "$debianPath" |
1343 | |
1344 | +# shellcheck disable=SC2154 |
1345 | partnerPath=$partner_mirror |
1346 | mkdir -p "$partnerPath" |
1347 | |
1348 | -partner_dir_excludes=$(PYTHONPATH="${PYTHONPATH:+$PYTHONPATH:}$(dirname $0)" python3 -c '# |
1349 | +partner_dir_excludes=$(PYTHONPATH="${PYTHONPATH:+$PYTHONPATH:}$(dirname "$0")" python3 -c '# |
1350 | import cve_lib, sys |
1351 | s = "" |
1352 | for r in cve_lib.eol_releases + ["breezy", "warty", "hoary"]: |
1353 | @@ -161,9 +169,9 @@ function gen_packages() |
1354 | do |
1355 | for arch in $arches |
1356 | do |
1357 | - spew_bin_lines $rel $repo $arch |
1358 | + spew_bin_lines "$rel" "$repo" "$arch" |
1359 | done |
1360 | - spew_src_lines $rel $repo |
1361 | + spew_src_lines "$rel" "$repo" |
1362 | done |
1363 | done |
1364 | } |
1365 | @@ -185,9 +193,21 @@ function pull_packages() |
1366 | log=$(mktemp -t rsync-XXXXXX) |
1367 | set +e |
1368 | if [ "$verbosity_args" != "-q" ]; then |
1369 | - rsync -rlptv --progress --files-from="$filelist" $url $outPath/ 2>&1 | tee "$log" |
1370 | + if [ "$use_wget" != "no" ]; then |
1371 | + # need to cut dirs to remove any extra dir prefixes |
1372 | + cutdirs=$(echo "$url" | grep -o "/" | wc -l) |
1373 | + wget -N -np -i "$filelist" --base "http://$url/" --directory-prefix "$outPath/" --force-directories --no-host-directories --cut-dirs="$cutdirs" 2>&1 | tee "$log" |
1374 | + else |
1375 | + rsync -rlptv --progress --files-from="$filelist" "rsync://$url" "$outPath/" 2>&1 | tee "$log" |
1376 | + fi |
1377 | else |
1378 | - rsync -rlptq --files-from="$filelist" $url $outPath/ >"$log" 2>&1 |
1379 | + if [ "$use_wget" != "no" ]; then |
1380 | + # need to cut dirs to remove any extra dir prefixes |
1381 | + cutdirs=$(echo "$url" | grep -o "/" | wc -l) |
1382 | + wget --quiet -N -np -i "$filelist" --base "http://$url" --directory-prefix "$outPath/" --force-directories --no-host-directories --cut-dirs="$cutdirs" >"$log" 2>&1 |
1383 | + else |
1384 | + rsync -rlptq --files-from="$filelist" "rsync://$url" "$outPath/" >"$log" 2>&1 |
1385 | + fi |
1386 | fi |
1387 | rc=$? |
1388 | |
1389 | @@ -196,9 +216,7 @@ function pull_packages() |
1390 | break |
1391 | fi |
1392 | count=$((count + 1)) |
1393 | - if [ "$verbosity_args" != "-q" ]; then |
1394 | - echo "Try: $count" >&2 |
1395 | - fi |
1396 | + echo "Try: $count (rc: $rc)" >&2 |
1397 | done |
1398 | set -e |
1399 | OUT=$(< "$log" grep -Ev '(debian-installer|^rsync.*code 23)' || true) |
1400 | @@ -210,11 +228,14 @@ function pull_packages() |
1401 | fi |
1402 | |
1403 | # Some unknown error -- die |
1404 | - if [ $rc -ne 0 ] && [ $rc -ne 23 ]; then |
1405 | + if [ "$rc" -ne 0 ] && [ "$rc" -ne 23 ]; then |
1406 | + echo "failed: rc: $rc" |
1407 | return 1 |
1408 | fi |
1409 | # Missing files (rc 23), die only if it's not a debian-installer path |
1410 | - if [ $rc -eq 23 ] && [ -n "$OUT" ]; then |
1411 | + if [ "$rc" -eq 23 ] && [ -n "$OUT" ]; then |
1412 | + echo "failed: rc: $rc" |
1413 | + echo "$OUT" |
1414 | return 1 |
1415 | fi |
1416 | |
1417 | @@ -255,7 +276,7 @@ function do_use_timestamp() { |
1418 | elif [ ! -e "$1" ]; then |
1419 | return 0 |
1420 | else |
1421 | - tmp=$(find "$1" -mtime +$mtime) |
1422 | + tmp=$(find "$1" -mtime "+$mtime") |
1423 | if [ -n "$tmp" ]; then |
1424 | return 0 |
1425 | fi |
1426 | @@ -269,27 +290,30 @@ if [ "$only_partner" = "no" ]; then |
1427 | timestamp="${outPath}.timestamp" |
1428 | if [ ! -e "${outPath}/dists" ] || do_use_timestamp "$timestamp" ; then |
1429 | pull=$(mktemp -t packages-XXXXXX) |
1430 | + # shellcheck disable=SC2064 |
1431 | trap "rm -f $pull" EXIT HUP INT QUIT TERM |
1432 | |
1433 | # Sync Packages for non-ports supported arches |
1434 | if [ "$verbosity_args" != "-q" ]; then |
1435 | echo "Generating arch lists" |
1436 | fi |
1437 | + # shellcheck disable=SC2129 |
1438 | gen_packages trusty "amd64 i386" >> "$pull" |
1439 | gen_packages xenial "amd64 i386" >> "$pull" |
1440 | gen_packages bionic "amd64 i386" >> "$pull" |
1441 | gen_packages focal "amd64 i386" >> "$pull" |
1442 | gen_packages jammy "amd64 i386" >> "$pull" |
1443 | gen_packages kinetic "amd64 i386" >> "$pull" |
1444 | - gen_packages lunar "amd64 i386" >> "$pull" |
1445 | + gen_packages lunar "amd64 i386" >> "$pull" |
1446 | |
1447 | - pull_packages "$pull" rsync://$server/ubuntu || echo "FAIL: supported architectures" >&2 |
1448 | + pull_packages "$pull" "$server/ubuntu" || echo "FAIL: supported architectures" >&2 |
1449 | cat /dev/null > "$pull" |
1450 | |
1451 | # Sync Packages for ports arches |
1452 | if [ "$verbosity_args" != "-q" ]; then |
1453 | echo "Generating ports arch lists" |
1454 | fi |
1455 | + # shellcheck disable=SC2129 |
1456 | gen_packages trusty "powerpc ppc64el armhf arm64" >> "$pull" |
1457 | gen_packages xenial "powerpc ppc64el armhf arm64 s390x" >> "$pull" |
1458 | gen_packages bionic "ppc64el armhf arm64 s390x" >> "$pull" |
1459 | @@ -298,7 +322,7 @@ if [ "$only_partner" = "no" ]; then |
1460 | gen_packages kinetic "ppc64el armhf arm64 s390x riscv64" >> "$pull" |
1461 | gen_packages lunar "ppc64el armhf arm64 s390x riscv64" >> "$pull" |
1462 | |
1463 | - pull_packages "$pull" rsync://$ports/ubuntu-ports || echo "FAIL: ports architectures" >&2 |
1464 | + pull_packages "$pull" "$ports/ubuntu-ports" || echo "FAIL: ports architectures" >&2 |
1465 | cat /dev/null > "$pull" |
1466 | |
1467 | if [ "$use_timestamp" = "yes" ]; then |
1468 | @@ -325,11 +349,11 @@ if [ "$only_ubuntu" = "no" ]; then |
1469 | cd "$debianPath" |
1470 | for i in main contrib non-free |
1471 | do |
1472 | - wget $verbosity_args -N -R '*=*' -R 'Contents*' -X '/debian/dists/testing/*/source/Sources.diff,/debian/dists/testing/*/source/by-hash' -np -r http://ftp.debian.org/debian/dists/testing/$i/source/ |
1473 | + wget $verbosity_args -N -R '*=*' -R 'Contents*' -X '/debian/dists/testing/*/source/Sources.diff,/debian/dists/testing/*/source/by-hash' -np -r "http://$debian/debian/dists/testing/$i/source/" |
1474 | done |
1475 | - ln -sf ftp.debian.org/debian/dists dists |
1476 | + ln -sf "$debian/debian/dists" dists |
1477 | # remove dangling symlink |
1478 | - rm -f ftp.debian.org/debian/dists/dists || true |
1479 | + rm -f "$debian/debian/dists/dists" || true |
1480 | |
1481 | if [ "$use_timestamp" = "yes" ]; then |
1482 | touch "$timestamp" |
1483 | @@ -360,7 +384,7 @@ if [ "$only_ubuntu" = "no" ]; then |
1484 | rm -f "$timestamp" |
1485 | fi |
1486 | has_sources=$(find archive.canonical.com/dists -name Sources$) |
1487 | - if [ ! -z "$has_sources" ]; then |
1488 | + if [ -n "$has_sources" ]; then |
1489 | echo "" |
1490 | echo "WARNING: $partnerPath has Sources files! These should be removed now that -partner uses Sources.gz" |
1491 | fi |
1492 | @@ -370,5 +394,5 @@ fi |
1493 | |
1494 | # generate source package lists for umt grep |
1495 | for path in "$outPath" "$debianPath" "$partnerPath"; do |
1496 | - find $path -name Sources.gz -exec zgrep '^Package: .*' {} \; | cut -c10- | sort -u > $path/sources |
1497 | + find "$path" -name Sources.gz -exec zgrep '^Package: .*' {} \; | cut -c10- | sort -u > "$path/sources" |
1498 | done |
Merging this now since it works *and* currently appears to be green. Hopefully we can keep it that way.