diff options
| author | Ben Hutchings <ben@decadent.org.uk> | 2022-07-03 16:05:15 +0200 |
|---|---|---|
| committer | Ben Hutchings <ben@decadent.org.uk> | 2022-07-03 16:05:15 +0200 |
| commit | 6bed715130deb2e5e8f86dd310c22531850050d6 (patch) | |
| tree | 1788b2e0f5d3af6c983f3f51824e163a2167302f | |
| parent | 4e8b4edc8c45447c284c83fbd76dfe2c6ea1fa3a (diff) | |
Fill in status for several issues
| -rw-r--r-- | active/CVE-2021-39802 | 19 | ||||
| -rw-r--r-- | active/CVE-2022-1247 | 20 | ||||
| -rw-r--r-- | active/CVE-2022-1462 | 20 | ||||
| -rw-r--r-- | active/CVE-2022-1679 | 18 | ||||
| -rw-r--r-- | active/CVE-2022-1882 | 2 | ||||
| -rw-r--r-- | active/CVE-2022-21499 | 3 |
6 files changed, 45 insertions, 37 deletions
diff --git a/active/CVE-2021-39802 b/active/CVE-2021-39802 index fb1c3a91..643a5eb5 100644 --- a/active/CVE-2021-39802 +++ b/active/CVE-2021-39802 @@ -1,4 +1,4 @@ -Description: +Description: ANDROID: mm: Incorrect page permission management References: https://source.android.com/security/bulletin/2022-04-01 https://android.googlesource.com/kernel/common/+/ac4488815518c @@ -13,12 +13,13 @@ Notes: carnil> this is probably not an issue in mainline, the propblematic carnil> patch introducing the vulnerability was not merged in Linus carnil> tree, cf. https://lore.kernel.org/all/CAHk-=wj4KCujAH_oPh40Bkp48amM4MXr+8AcbZ=qd5LF4Q+TDg@mail.gmail.com/#t + bwh> This is indeed Android-specific. Bugs: -upstream: -5.10-upstream-stable: -4.19-upstream-stable: -4.9-upstream-stable: -sid: -5.10-bullseye-security: -4.19-buster-security: -4.9-stretch-security: +upstream: N/A "Vulnerability never present" +5.10-upstream-stable: N/A "Vulnerability never present" +4.19-upstream-stable: N/A "Vulnerability never present" +4.9-upstream-stable: N/A "Vulnerability never present" +sid: N/A "Vulnerability never present" +5.10-bullseye-security: N/A "Vulnerability never present" +4.19-buster-security: N/A "Vulnerability never present" +4.9-stretch-security: N/A "Vulnerability never present" diff --git a/active/CVE-2022-1247 b/active/CVE-2022-1247 index 7c9368cd..9e04f98b 100644 --- a/active/CVE-2022-1247 +++ b/active/CVE-2022-1247 @@ -1,13 +1,15 @@ -Description: +Description: rose: Race condition leads to use-after-free References: https://bugzilla.redhat.com/show_bug.cgi?id=2066799 Notes: + bwh> I'm assuming all branches are affected because I don't see any + bwh> locking changes since 4.9. Bugs: -upstream: -5.10-upstream-stable: -4.19-upstream-stable: -4.9-upstream-stable: -sid: -5.10-bullseye-security: -4.19-buster-security: -4.9-stretch-security: +upstream: needed +5.10-upstream-stable: needed +4.19-upstream-stable: needed +4.9-upstream-stable: needed +sid: needed +5.10-bullseye-security: needed +4.19-buster-security: needed +4.9-stretch-security: ignored "EOL" diff --git a/active/CVE-2022-1462 b/active/CVE-2022-1462 index bad2988e..b1db918f 100644 --- a/active/CVE-2022-1462 +++ b/active/CVE-2022-1462 @@ -1,4 +1,4 @@ -Description: +Description: tty: Race condition leads to heap buffer over-read References: https://bugzilla.redhat.com/show_bug.cgi?id=2078466 https://www.openwall.com/lists/oss-security/2022/05/27/2 @@ -15,12 +15,14 @@ Notes: carnil> memory. carnil> Issue introduced by 71a174b39f10 ("pty: do tty_flip_buffer_push carnil> without port->lock in pty_write") in 5.10-rc1. + bwh> All branches affected because this was introduced by a fix that + bwh> was also backported to stable. Bugs: -upstream: -5.10-upstream-stable: -4.19-upstream-stable: -4.9-upstream-stable: -sid: -5.10-bullseye-security: -4.19-buster-security: -4.9-stretch-security: +upstream: needed +5.10-upstream-stable: needed +4.19-upstream-stable: needed +4.9-upstream-stable: needed +sid: needed +5.10-bullseye-security: needed +4.19-buster-security: needed +4.9-stretch-security: ignored "EOL" diff --git a/active/CVE-2022-1679 b/active/CVE-2022-1679 index b3c1ab24..e56fad40 100644 --- a/active/CVE-2022-1679 +++ b/active/CVE-2022-1679 @@ -5,12 +5,14 @@ References: https://lore.kernel.org/lkml/f158608e209a6f45c76ec856474a796df93d9dcf.1652553719.git.paskripkin@gmail.com/T/#u https://lore.kernel.org/lkml/d57bbedc857950659bfacac0ab48790c1eda00c8.1655145743.git.paskripkin@gmail.com/ Notes: + bwh> The patch says it fixes commit fb9987d0f748 "ath9k_htc: Support for + bwh> AR9271 chipset." i.e. when the driver was added in 2.6.35. Bugs: -upstream: -5.10-upstream-stable: -4.19-upstream-stable: -4.9-upstream-stable: -sid: -5.10-bullseye-security: -4.19-buster-security: -4.9-stretch-security: +upstream: needed +5.10-upstream-stable: needed +4.19-upstream-stable: needed +4.9-upstream-stable: needed +sid: needed +5.10-bullseye-security: needed +4.19-buster-security: needed +4.9-stretch-security: needed diff --git a/active/CVE-2022-1882 b/active/CVE-2022-1882 index 51e86742..a457e36c 100644 --- a/active/CVE-2022-1882 +++ b/active/CVE-2022-1882 @@ -14,6 +14,6 @@ upstream: needed 4.19-upstream-stable: N/A "Vulnerable code not present" 4.9-upstream-stable: N/A "Vulnerable code not present" sid: needed -5.10-bullse ye-security: needed +5.10-bullseye-security: needed 4.19-buster-security: N/A "Vulnerable code not present" 4.9-stretch-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2022-21499 b/active/CVE-2022-21499 index 5ea68b28..c7a139f1 100644 --- a/active/CVE-2022-21499 +++ b/active/CVE-2022-21499 @@ -7,6 +7,7 @@ Notes: carnil> patches (replaced from the securelevel patch). Issue possibly carnil> as well present already in the securelevel patchset. carnil> Fixed as well in 5.17.10 for 5.17.y. + bwh> I think we can ignore this since we don't enable kgdb. Bugs: upstream: released (5.19-rc1) [eadb2f47a3ced5c64b23b90fd2a3463f63726066] 5.10-upstream-stable: released (5.10.119) [a8f4d63142f947cd22fa615b8b3b8921cdaf4991] @@ -15,4 +16,4 @@ upstream: released (5.19-rc1) [eadb2f47a3ced5c64b23b90fd2a3463f63726066] sid: released (5.17.11-1) 5.10-bullseye-security: released (5.10.120-1) 4.19-buster-security: -4.9-stretch-security: +4.9-stretch-security: N/A "Vulnerable code not present" |