retire some issues

6 files changed, 0 insertions, 115 deletions

diff --git a/active/CVE-2019-19036 b/active/CVE-2019-19036
deleted file mode 100644
index 7ab73d15..00000000
--- a/active/CVE-2019-19036
+++ /dev/null
@@ -1,25 +0,0 @@
-Description: btrfs: crafted image causes null deref in btrfs_root_node
-References:
- https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19036
- https://bugzilla.redhat.com/show_bug.cgi?id=1775187
- https://bugzilla.suse.com/show_bug.cgi?id=1157692
-Notes:
- jmm> Fixed by 62fdaa52a3d00a875da771719b6dc537ca79fce1 ?
- carnil> This is a good candidate and is included in 5.4-rc1. It was
- carnil> futhermore backported to 5.3.4, 5.2.19 and 4.19.129, where the
- carnil> 5.3.4 fixing information would as well match what is available
- carnil> from the Red Hat bugzilla.
- bwh> I think this affects 4.9 but the fix depends on commits going back
- bwh> to at least 581c1760415c "btrfs: Validate child tree block's level
- bwh> and first key".
-Bugs:
-upstream: released (5.4-rc1) [62fdaa52a3d00a875da771719b6dc537ca79fce1]
-5.10-upstream-stable: N/A "Fixed before branch point"
-4.19-upstream-stable: released (4.19.129) [227af79e6cb0ee3faeb8c70be4bc0aec0b09ea25]
-4.9-upstream-stable: needed
-3.16-upstream-stable: ignored "EOL"
-sid: released (5.3.7-1)
-5.10-bullseye-security: N/A "Fixed before branching point"
-4.19-buster-security: released (4.19.131-1)
-4.9-stretch-security: ignored "EOL"
-3.16-jessie-security: ignored "EOL"
diff --git a/active/CVE-2019-19377 b/active/CVE-2019-19377
deleted file mode 100644
index 57e43caf..00000000
--- a/active/CVE-2019-19377
+++ /dev/null
@@ -1,19 +0,0 @@
-Description: btrfs: crafted image causes use-after-free in btrfs_queue_work
-References:
- https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19377
-Notes:
- carnil> This might affect only 5.4+ stable releases, the fix at least
- carnil> was submitted for those only and addressed in 5.4.33, 5.5.18
- carnil> and 5.6.5 as well. This needs to be verified/confirmed.
- bwh> Apparently fixed along with CVE-2019-19039.
-Bugs:
-upstream: released (5.7-rc1) [b3ff8f1d380e65dddd772542aa9bff6c86bf715a]
-5.10-upstream-stable: N/A "Fixed before branch point"
-4.19-upstream-stable: released (4.19.156) [1527c0e0229d2dd1c8ae1e73b1579bd8d5866b5b]
-4.9-upstream-stable: needed
-3.16-upstream-stable: ignored "EOL"
-sid: released (5.6.7-1)
-5.10-bullseye-security: N/A "Fixed before branching point"
-4.19-buster-security: released (4.19.160-1)
-4.9-stretch-security: ignored "EOL"
-3.16-jessie-security: ignored "EOL"
diff --git a/active/CVE-2019-9453 b/active/CVE-2019-9453
deleted file mode 100644
index e1fa0174..00000000
--- a/active/CVE-2019-9453
+++ /dev/null
@@ -1,16 +0,0 @@
-Description: f2fs: fix to avoid accessing xattr across the boundary
-References:
- https://source.android.com/security/bulletin/pixel/2019-09-01
-Notes:
- bwh> Apparently introduced in 3.8 when f2fs was added.
-Bugs:
-upstream: released (5.2-rc1) [2777e654371dd4207a3a7f4fb5fa39550053a080]
-5.10-upstream-stable: N/A "Fixed before branch point"
-4.19-upstream-stable: released (4.19.53) [ae3787d433f7b87ebf6b916e524c6e280e4e5804]
-4.9-upstream-stable: needed
-3.16-upstream-stable: ignored "f2fs is not supportable"
-sid: released (5.2.6-1)
-5.10-bullseye-security: N/A "Fixed before branching point"
-4.19-buster-security: released (4.19.67-1)
-4.9-stretch-security: ignored "f2fs is not supportable"
-3.16-jessie-security: ignored "f2fs is not supportable"
diff --git a/active/CVE-2020-0030 b/active/CVE-2020-0030
deleted file mode 100644
index c22f65dc..00000000
--- a/active/CVE-2020-0030
+++ /dev/null
@@ -1,21 +0,0 @@
-Description: ANDROID: binder: synchronize_rcu() when using POLLFREE
-References:
- https://source.android.com/security/bulletin/2020-02-01.html
-Notes:
- bwh> Although the upstream commit has been backported to 4.9, it
- bwh> depends on commit 7a4408c6bd3e "binder: make sure accesses to
- bwh> proc/thread are safe" which has not.
- carnil> For tracking, this was in 4.9.196 with
- carnil> b6c6212514fe9f2387fc6677181028d4a9ae20c7 commit in linux-4.9.y
- carnil> branch
-Bugs:
-upstream: released (4.16-rc3) [5eeb2ca02a2f6084fc57ae5c244a38baab07033a]
-5.10-upstream-stable: N/A "Fixed before branch point"
-4.19-upstream-stable: N/A "Fixed before branching point"
-4.9-upstream-stable: needed
-3.16-upstream-stable: ignored "Too difficult and risky to backport"
-sid: released (4.15.11-1)
-5.10-bullseye-security: N/A "Fixed before branching point"
-4.19-buster-security: N/A "Fixed before branching point"
-4.9-stretch-security: ignored "binder not enabled, and risky to backport"
-3.16-jessie-security: ignored "binder not enabled, and risky to backport"
diff --git a/active/CVE-2021-33624 b/active/CVE-2021-33624
deleted file mode 100644
index 3da976cd..00000000
--- a/active/CVE-2021-33624
+++ /dev/null
@@ -1,20 +0,0 @@
-Description: Linux kernel BPF protection against speculative execution attacks can be bypassed to read arbitrary kernel memory
-References:
- https://www.openwall.com/lists/oss-security/2021/06/21/1
-Notes:
- carnil> 9183671af6db ("bpf: Fix leakage under speculation on
- carnil> mispredicted branches") is the main part of the fixes.
- carnil> The selftest fixes commit was included in later release as well
- carnil> in 5.10.57 but the CVE fixes covered already in 5.10.46.
- bwh> I think this can be ignored. Privileged users can generally read
- bwh> kernel memory through kprobes/tracepoints. Unprivileged use of
- bwh> eBPF is now disabled by default in all Debian suites.
-Bugs:
-upstream: released (5.13-rc7) [d203b0fd863a2261e5d00b97f3d060c4c2a6db71, fe9a5ca7e370e613a9a75a13008a3845ea759d6e, 9183671af6dbf60a1219371d4ed73e23f43b49db, 973377ffe8148180b2651825b92ae91988141b05]
-5.10-upstream-stable: released (5.10.46) [e9d271731d21647f8f9e9a261582cf47b868589a, 8c82c52d1de931532200b447df8b4fc92129cfd9, 5fc6ed1831ca5a30fb0ceefd5e33c7c689e7627b], released (5.10.57) [30ea1c535291e88e41413464277fcf98a95cf8c6]
-4.19-upstream-stable: released (4.19.204) [0abc8c9754c953f5cd0ac7488c668ca8d53ffc90, c510c1845f7b54214b4117272e0d87dff8732af6, 5fc6ed1831ca5a30fb0ceefd5e33c7c689e7627b, c15b387769446c37a892f958b169744dabf7ff23]
-4.9-upstream-stable: needed
-sid: released (5.10.46-1)
-5.10-bullseye-security: N/A "Fixed before branching point"
-4.19-buster-security: released (4.19.208-1)
-4.9-stretch-security: ignored "Too risky to backport, and mitigated by default"
diff --git a/active/CVE-2021-33655 b/active/CVE-2021-33655
deleted file mode 100644
index f151faf5..00000000
--- a/active/CVE-2021-33655
+++ /dev/null
@@ -1,14 +0,0 @@
-Description: When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds.
-References:
- https://www.openwall.com/lists/oss-security/2022/07/19/2
-Notes:
- bwh> One commit is marked for backport to stable branches 4.14+, so I
- bwh> assume all branches are somewhat affected.
- bwh> Released in 5.18.11.
-Bugs:
-upstream: released (5.19-rc7) [65a01e601dbba8b7a51a2677811f70f783766682, e64242caef18b4a5840b0e7a9bff37abd4f4f933, 6c11df58fd1ac0aefcb3b227f72769272b939e56]
-5.10-upstream-stable: released (5.10.130) [b727561ddc9360de9631af2d970d8ffed676a750, cecb806c766c78e1be62b6b7b1483ef59bbaeabe, b81212828ad19ab3eccf00626cd04099215060bf]
-4.19-upstream-stable: released (4.19.252) [eae522ed28fe1c00375a8a0081a97dce7996e4d8]
-sid: released (5.18.14-1)
-5.10-bullseye-security: released (5.10.127-2) [bugfix/all/fbmem-check-virtual-screen-sizes-in-fb_set_var.patch, bugfix/all/fbcon-disallow-setting-font-bigger-than-screen-size.patch, bugfix/all/fbcon-prevent-that-screen-size-is-smaller-than-font-.patch]
-4.19-buster-security: released (4.19.260-1)