Add new assigned CVEs

Key issue remaining is yet to find the correct version in unstable due to branching for a release. Up to now the script will otherwise mark 5.10.40-1 as fixed in the bullseye branch, which is not correct as this was before the branching point and at same point mark an experimental version for the fix in sid. The rest seems to work reasonable now but will need a review later.
author: Salvatore Bonaccorso <carnil@debian.org> 2024-03-01 22:44:17 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2024-03-01 22:44:53 +0100
commit: 47b8f95b2c6a287f933ae7baac7b4c6be0d5951c (patch)
tree: a05d623ccfc194b9eb6ca82ed6b0986c2b310b46 /active/CVE-2021-47074
parent: 3a986a63a8120ce5be3821cd1cfacd8d3ea9f503 (diff)
1 files changed, 16 insertions, 0 deletions
diff --git a/active/CVE-2021-47074 b/active/CVE-2021-47074
new file mode 100644
index 00000000..1d27421f
--- /dev/null
+++ b/active/CVE-2021-47074
@@ -0,0 +1,16 @@
+Description: nvme-loop: fix memory leak in nvme_loop_create_ctrl()
+References:
+Notes:
+ carnil> Introduced in 3a85a5de29ea ("nvme-loop: add a NVMe loopback host driver").
+ carnil> Vulnerable versions: 4.8-rc1.
+Bugs:
+upstream: released (5.13-rc3) [03504e3b54cc8118cc26c064e60a0b00c2308708]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.40) [9c980795ccd77e8abec33dd6fe28dfe1c4083e65]
+4.19-upstream-stable: needed
+sid: released (5.10.40-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: needed
author	Salvatore Bonaccorso <carnil@debian.org>	2024-03-01 22:44:17 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2024-03-01 22:44:53 +0100
commit	47b8f95b2c6a287f933ae7baac7b4c6be0d5951c (patch)
tree	a05d623ccfc194b9eb6ca82ed6b0986c2b310b46 /active/CVE-2021-47074
parent	3a986a63a8120ce5be3821cd1cfacd8d3ea9f503 (diff)