Retire several CVEs

1 files changed, 20 insertions, 0 deletions

diff --git a/retired/CVE-2018-1093 b/retired/CVE-2018-1093
new file mode 100644
index 00000000..f9e3981b
--- /dev/null
+++ b/retired/CVE-2018-1093
@@ -0,0 +1,20 @@
+Description: Out of bounds read in ext4/balloc.c:ext4_valid_block_bitmap() causes crash with crafted ext4 image
+References:
+Notes:
+ carnil> Ben noticed that the fix is not correct in Message-ID:
+ carnil> <30c688b5783a5779811ce68893b7001390b9e200.camel@decadent.org.uk>
+ carnil> and fix needs a followup.
+ carnil> Caused other regressions:
+ carnil> https://marc.info/?l=linux-ext4&m=152416385122029&w=2
+ bwh> Regressions should be fixed by commit 22be37acce25 "ext4: fix bitmap
+ bwh> position validation".
+Bugs:
+ https://bugzilla.kernel.org/show_bug.cgi?id=199181
+upstream: released (4.17-rc1) [7dac4a1726a9c64a517d595c40e95e2d0d135f6f]
+4.9-upstream-stable: released (4.9.98) [76964816c83d3e4e8a6a393777b30f22a6f9cd51, 1fd7c778ebf0f74e0aadcdf112800736cfdbca00]
+3.16-upstream-stable: released (3.16.57) [91a9c8e8ac7da66d7159fd758464808d2a1c979a, 73cc97df78e4fbc22a34b0eeedbaaf30b47d7ee5]
+3.2-upstream-stable: released (3.2.102) [f278235ce148485cdb9dc990673943addafbd577, 02a37ffd681be59775c9f13686e20621f7097f7e]
+sid: released (4.15.17-1) [bugfix/all/ext4-add-validity-checks-for-bitmap-block-numbers.patch]
+4.9-stretch-security: released (4.9.88-1) [bugfix/all/ext4-add-validity-checks-for-bitmap-block-numbers.patch, bugfix/all/ext4-fix-bitmap-position-validation.patch]
+3.16-jessie-security: released (3.16.57-1)
+3.2-wheezy-security: released (3.2.102-1)