diff options
| author | Salvatore Bonaccorso <carnil@debian.org> | 2024-03-15 21:45:18 +0100 |
|---|---|---|
| committer | Salvatore Bonaccorso <carnil@debian.org> | 2024-03-15 21:45:18 +0100 |
| commit | 64a38df8b392033c012ab5b8b6bf22aa84f652f8 (patch) | |
| tree | 990e39fd16081733df367f7e06259e0dbafb8fb2 /active/CVE-2021-47131 | |
| parent | 8cdf38b8945b5e6fa0554d35eab20a73aa23425c (diff) | |
Add new batch of CVEs
One source of problem for the automatic processing was the following
manual fixup:
- detection of N/A in case the version never affected a unstable
released version and so the sid: field should be N/A "Vulnerable code
not present"
- The second manual fixup is where 5.14.6-1 was placed as fixed version
for sid, as it should have been 5.10.46-1 as this is before the
branching point. There is no such support of tracking branching points
yet so it seems to cause fallouts on the recent CVEs assigned by
importing the issues from the GSD.
Diffstat (limited to 'active/CVE-2021-47131')
| -rw-r--r-- | active/CVE-2021-47131 | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/active/CVE-2021-47131 b/active/CVE-2021-47131 new file mode 100644 index 00000000..15370f22 --- /dev/null +++ b/active/CVE-2021-47131 @@ -0,0 +1,16 @@ +Description: net/tls: Fix use-after-free after the TLS device goes down and up +References: +Notes: + carnil> Introduced in e8f69799810c ("net/tls: Add generic NIC offload infrastructure"). + carnil> Vulnerable versions: 4.18-rc1. +Bugs: +upstream: released (5.13-rc5) [c55dcdd435aa6c6ad6ccac0a4c636d010ee367a4] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.43) [f1d4184f128dede82a59a841658ed40d4e6d3aa2] +4.19-upstream-stable: needed +sid: released (5.10.46-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: N/A "Fixed before branching point" +4.19-buster-security: needed |