diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2018-12-13 23:03:16 +0100 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2018-12-13 23:03:16 +0100 |
commit | b8a3d2b43c1c767db5962d7601277008b18c6006 (patch) | |
tree | f6829e8f72642ba0bfd419f9a82658b4695d383f /retired/CVE-2018-11506 | |
parent | 03ef65a96265d6155877de7785e460ee399931cd (diff) |
Retire CVE-2018-11506
Diffstat (limited to 'retired/CVE-2018-11506')
-rw-r--r-- | retired/CVE-2018-11506 | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/retired/CVE-2018-11506 b/retired/CVE-2018-11506 new file mode 100644 index 00000000..1aa18272 --- /dev/null +++ b/retired/CVE-2018-11506 @@ -0,0 +1,21 @@ +Description: sr: pass down correctly sized SCSI sense buffer +References: +Notes: + carnil> Possibly just introduced with 82ed4db499b8598f16f8871261bff088d6b0597f + carnil> in 4.11-rc1. + carnil> For 4.16 fixed in 4.16.13. + bwh> The change in 4.11 moved the copying of sense data into + bwh> __scsi_execute() and changed the length to a fixed 96 bytes. + bwh> Prior to that scsi_io_completion() could still copy up to 96 + bwh> bytes into the sense buffer. So I think a fix is still + bwh> needed in older versions, but we need to be careful to avoid + bwh> introducing an information leak. +Bugs: +upstream: released (4.17-rc7) [f7068114d45ec55996b9040e98111afa56e010fe] +4.9-upstream-stable: released (4.9.145) [cb101349f51699074fc1739534cb4346a49e56ef] +3.16-upstream-stable: released (3.16.58) [d98da66531a3b203dded83749d69dd07ca9e646a] +3.2-upstream-stable: ignored "EOL" +sid: released (4.16.16-1) +4.9-stretch-security: released (4.9.110-1) [bugfix/all/sr-pass-down-correctly-sized-scsi-sense-buffer.patch] +3.16-jessie-security: released (3.16.57-1) [bugfix/all/sr-pass-down-correctly-sized-scsi-sense-buffer.patch] +3.2-wheezy-security: ignored "EOL" |