Retire CVE-2018-11506

1 files changed, 21 insertions, 0 deletions

diff --git a/retired/CVE-2018-11506 b/retired/CVE-2018-11506
new file mode 100644
index 00000000..1aa18272
--- /dev/null
+++ b/retired/CVE-2018-11506
@@ -0,0 +1,21 @@
+Description: sr: pass down correctly sized SCSI sense buffer
+References:
+Notes:
+ carnil> Possibly just introduced with 82ed4db499b8598f16f8871261bff088d6b0597f
+ carnil> in 4.11-rc1.
+ carnil> For 4.16 fixed in 4.16.13.
+ bwh> The change in 4.11 moved the copying of sense data into
+ bwh> __scsi_execute() and changed the length to a fixed 96 bytes.
+ bwh> Prior to that scsi_io_completion() could still copy up to 96
+ bwh> bytes into the sense buffer.  So I think a fix is still
+ bwh> needed in older versions, but we need to be careful to avoid
+ bwh> introducing an information leak.
+Bugs:
+upstream: released (4.17-rc7) [f7068114d45ec55996b9040e98111afa56e010fe]
+4.9-upstream-stable: released (4.9.145) [cb101349f51699074fc1739534cb4346a49e56ef]
+3.16-upstream-stable: released (3.16.58) [d98da66531a3b203dded83749d69dd07ca9e646a]
+3.2-upstream-stable: ignored "EOL"
+sid: released (4.16.16-1)
+4.9-stretch-security: released (4.9.110-1) [bugfix/all/sr-pass-down-correctly-sized-scsi-sense-buffer.patch]
+3.16-jessie-security: released (3.16.57-1) [bugfix/all/sr-pass-down-correctly-sized-scsi-sense-buffer.patch]
+3.2-wheezy-security: ignored "EOL"