diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2018-07-14 16:17:43 +0200 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2018-07-14 16:17:43 +0200 |
commit | 75e31d6511c043ea84ab413b0a595d860367cd89 (patch) | |
tree | 777571a45e5fdba0861b3c734d6ac554b706357a /retired/CVE-2018-11412 | |
parent | 81f63b8fb3fdb033e956a9c74843a43c1edc2faf (diff) |
Retire several CVEs
Diffstat (limited to 'retired/CVE-2018-11412')
-rw-r--r-- | retired/CVE-2018-11412 | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/retired/CVE-2018-11412 b/retired/CVE-2018-11412 new file mode 100644 index 00000000..de730157 --- /dev/null +++ b/retired/CVE-2018-11412 @@ -0,0 +1,19 @@ +Description: ext4: out-of-bounds memcpy via non-inline system.data xattr +References: + https://bugs.chromium.org/p/project-zero/issues/detail?id=1580 + https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?h=dev&id=117166efb1ee8f13c38f9e96b258f16d4923f888 +Notes: + carnil> fixed in ext4.git via 117166efb1ee8f13c38f9e96b258f16d4923f888 + carnil> Might be needed to add as well the followup commit + carnil> eb9b5f01c33adebc31cbc236c02695f605b0e417 + carnil> which relates to the fix for CVE-2018-11412. +Bugs: + https://bugzilla.kernel.org/show_bug.cgi?id=199803 +upstream: released (4.18-rc1) [117166efb1ee8f13c38f9e96b258f16d4923f888] +4.9-upstream-stable: N/A "Vulnerable code introduced in 4.13-rc1" +3.16-upstream-stable: N/A "Vulnerable code introduced in 4.13-rc1" +3.2-upstream-stable: N/A "Vulnerable code introduced in 4.13-rc1" +sid: released (4.17.3-1) +4.9-stretch-security: N/A "Vulnerable code introduced later" +3.16-jessie-security: N/A "Vulnerable code introduced later" +3.2-wheezy-security: N/A "Vulnerable code introduced later" |