Add CVE-2020-16119

author: Salvatore Bonaccorso <carnil@debian.org> 2020-10-13 19:48:56 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2020-10-13 19:48:56 +0200
commit: d56fcca280daea7ccc4e7f0cd2f5e3237f6ac024 (patch)
tree: 6a2d8748aad5696bc820d8f4eeb23e53eeb68392
parent: 9534672f2de1a2ecd3820bca5acd7885b2518522 (diff)
1 files changed, 15 insertions, 0 deletions
diff --git a/active/CVE-2020-16119 b/active/CVE-2020-16119
new file mode 100644
index 00000000..daf316d1
--- /dev/null
+++ b/active/CVE-2020-16119
@@ -0,0 +1,15 @@
+Description: net: dccp: fix structure use-after-free
+References:
+ https://www.openwall.com/lists/oss-security/2020/10/13/7
+ https://lore.kernel.org/netdev/20201013171849.236025-1-kleber.souza@canonical.com/T/
+Notes:
+ carnil> Introduced with 2677d2067731 ("dccp: don't free
+ carnil> ccid2_hc_tx_sock struct in dccp_disconnect()") in 4.17-rc7 (and
+ carnil> backported as well to various stable series as e.g. 4.9.108).
+Bugs:
+upstream: needed
+4.19-upstream-stable: needed
+4.9-upstream-stable: needed
+sid: needed
+4.19-buster-security: needed
+4.9-stretch-security: needed
author	Salvatore Bonaccorso <carnil@debian.org>	2020-10-13 19:48:56 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2020-10-13 19:48:56 +0200
commit	d56fcca280daea7ccc4e7f0cd2f5e3237f6ac024 (patch)
tree	6a2d8748aad5696bc820d8f4eeb23e53eeb68392
parent	9534672f2de1a2ecd3820bca5acd7885b2518522 (diff)