diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2022-08-08 17:09:17 +0200 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2022-08-08 17:09:17 +0200 |
commit | dadbe19448ed8e339f54326b2c874db27e13bf7a (patch) | |
tree | cadb20df8ca408831125d66f1631bb8117c55bf6 /active/CVE-2022-1184 | |
parent | a4b6e4823958cc37b614a4c0a0aac98976eacc9d (diff) |
Update tracking for CVE-2022-1184
Diffstat (limited to 'active/CVE-2022-1184')
-rw-r--r-- | active/CVE-2022-1184 | 22 |
1 files changed, 14 insertions, 8 deletions
diff --git a/active/CVE-2022-1184 b/active/CVE-2022-1184 index 4d2e5af0f..d4d8bae5d 100644 --- a/active/CVE-2022-1184 +++ b/active/CVE-2022-1184 @@ -8,12 +8,18 @@ Notes: carnil> Ben, pelase double check if you agree on the triage. It is carnil> based on the additional information provided in the SUSE carnil> bugzilla. + carnil> Turns out that 46c116b920eb ("ext4: verify dir block before + carnil> splitting it") and 3ba733f879c2 ("ext4: avoid cycles in + carnil> directory h-tree") are not the upstream fixes, but according to + carnil> Lukas Czerner the following is needed: + carnil> 65f8ea4cd57d ("ext4: check if directory block is within + carnil> i_size") to fix the CVE and additional as defensive measure + carnil> b8a04fe77ef1 ("ext4: make sure ext4_append() always allocates + carnil> new block"). Bugs: -upstream: released (5.19-rc1) [46c116b920ebec58031f0a78c5ea9599b0d2a371, 3ba733f879c2a88910744647e41edeefbc0d92b2] -5.10-upstream-stable: released (5.10.121) [da2f05919238c7bdc6e28c79539f55c8355408bb, ff4cafa51762da3824881a9000ca421d4b78b138] -4.19-upstream-stable: released (4.19.247) [78398c2b2cc14f9a9c8592cf6d334c5a479ed611, b3ad9ff6f06c1dc6abf7437691c88ca3d6da3ac0] -4.9-upstream-stable: released (4.9.318) [93bbf0498ba20eadcd7132bd3cfdaff54eb72751] -sid: released (5.18.5-1) -5.10-bullseye-security: released (5.10.127-1) -4.19-buster-security: released (4.19.249-1) -4.9-stretch-security: ignored "EOL" +upstream: pending [65f8ea4cd57dbd46ea13b41dc8bac03176b04233] +5.10-upstream-stable: needed +4.19-upstream-stable: needed +sid: needed +5.10-bullseye-security: needed +4.19-buster-security: needed |