Add CVE-2020-36322 and add note for CVE-2021-28950

author: Salvatore Bonaccorso <carnil@debian.org> 2021-04-14 10:16:25 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2021-04-14 10:16:25 +0200
commit: 10945ebfe6838a04a20ceb24cbf13b6cd5abbbbb (patch)
tree: f7359bd48c37717b3ca13b280cff420985914efb
parent: c2c0f731c4b430efc832fcdc0bf770f4a25c76c6 (diff)
2 files changed, 14 insertions, 0 deletions
diff --git a/active/CVE-2020-36322 b/active/CVE-2020-36322
new file mode 100644
index 00000000..d8450635
--- /dev/null
+++ b/active/CVE-2020-36322
@@ -0,0 +1,13 @@
+Description: fuse: fix bad inode
+References:
+Notes:
+ carnil> Note that this CVE relates as well to CVE-2021-28950, which is
+ carnil> assigned because of an initial incomplete fix for this CVE.
+Bugs:
+upstream: released (5.11-rc1) [5d069dbe8aaf2a197142558b6fb2978189ba3454]
+5.10-upstream-stable: released (5.10.6) [36cf9ae54b0ead0daab7701a994de3dcd9ef605d]
+4.19-upstream-stable:
+4.9-upstream-stable:
+sid: released (5.10.9-1)
+4.19-buster-security:
+4.9-stretch-security:
diff --git a/active/CVE-2021-28950 b/active/CVE-2021-28950
index 82d3c02a..73e83f65 100644
--- a/active/CVE-2021-28950
+++ b/active/CVE-2021-28950
@@ -6,6 +6,7 @@ Notes:
  carnil> older versions.
  bwh> Commit 5d069dbe8aaf "fuse: fix bad inode" fixed another DoS issue,
  bwh> so we'll need to backport both of them.
+ carnil> The 5d069dbe8aaf "fuse: fix bad inode" is CVE-2020-36322.
 Bugs:
 upstream: released (5.12-rc4) [775c5033a0d164622d9d10dd0f0a5531639ed3ed]
 5.10-upstream-stable: released (5.10.25) [d955f13ea2120269319d6133d0dd82b66d1eeca3]
author	Salvatore Bonaccorso <carnil@debian.org>	2021-04-14 10:16:25 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2021-04-14 10:16:25 +0200
commit	10945ebfe6838a04a20ceb24cbf13b6cd5abbbbb (patch)
tree	f7359bd48c37717b3ca13b280cff420985914efb
parent	c2c0f731c4b430efc832fcdc0bf770f4a25c76c6 (diff)