Record fix for CVE-2018-16885 and retire it

author: Ben Hutchings <ben@decadent.org.uk> 2019-02-18 17:29:48 +0000
committer: Ben Hutchings <ben@decadent.org.uk> 2019-02-18 17:30:01 +0000
commit: 0f59fcd511373d9f7b1cdf2cdf0e654cd56ee926 (patch)
tree: 6d814eb42a8ca6d50525585f356e19e2603a78ea /retired/CVE-2018-16885
parent: f2acbdcc8008ce5baa07b4c76fca05f2467684c7 (diff)
1 files changed, 17 insertions, 0 deletions
diff --git a/retired/CVE-2018-16885 b/retired/CVE-2018-16885
new file mode 100644
index 00000000..c7ca9787
--- /dev/null
+++ b/retired/CVE-2018-16885
@@ -0,0 +1,17 @@
+Description: out-of-bound read in memcpy_fromiovecend()
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=1661503
+Notes:
+ carnil> Not much details provided in RedHat Bugzilla #1661503 but said
+ carnil> that the issue is indirectly fixed upstream by UFO removal, and
+ carnil> the buggy memcpy_fromiovecend() (and related functions) are
+ carnil> fixed by upstream commit
+ carnil> 21226abb4e9f14d88238964d89b279e461ddc30c (4.0-rc1)
+Bugs:
+upstream: released (3.17-rc1) [06ebb06d49486676272a3c030bfeef4bd969a8e6]
+4.19-upstream-stable: N/A "Fixed before branch point"
+4.9-upstream-stable: N/A "Fixed before branch point"
+3.16-upstream-stable: released (3.16.1) [874c613a476d6a283ce418290c4472a07dadadf6]
+sid: released (3.16.2-1)
+4.9-stretch-security: N/A "Fixed before branch point"
+3.16-jessie-security: N/A "Fixed before branch point"
author	Ben Hutchings <ben@decadent.org.uk>	2019-02-18 17:29:48 +0000
committer	Ben Hutchings <ben@decadent.org.uk>	2019-02-18 17:30:01 +0000
commit	0f59fcd511373d9f7b1cdf2cdf0e654cd56ee926 (patch)
tree	6d814eb42a8ca6d50525585f356e19e2603a78ea /retired/CVE-2018-16885
parent	f2acbdcc8008ce5baa07b4c76fca05f2467684c7 (diff)