diff options
author | Ben Hutchings <ben@decadent.org.uk> | 2019-02-18 17:29:48 +0000 |
---|---|---|
committer | Ben Hutchings <ben@decadent.org.uk> | 2019-02-18 17:30:01 +0000 |
commit | 0f59fcd511373d9f7b1cdf2cdf0e654cd56ee926 (patch) | |
tree | 6d814eb42a8ca6d50525585f356e19e2603a78ea /retired/CVE-2018-16885 | |
parent | f2acbdcc8008ce5baa07b4c76fca05f2467684c7 (diff) |
Record fix for CVE-2018-16885 and retire it
Diffstat (limited to 'retired/CVE-2018-16885')
-rw-r--r-- | retired/CVE-2018-16885 | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/retired/CVE-2018-16885 b/retired/CVE-2018-16885 new file mode 100644 index 00000000..c7ca9787 --- /dev/null +++ b/retired/CVE-2018-16885 @@ -0,0 +1,17 @@ +Description: out-of-bound read in memcpy_fromiovecend() +References: + https://bugzilla.redhat.com/show_bug.cgi?id=1661503 +Notes: + carnil> Not much details provided in RedHat Bugzilla #1661503 but said + carnil> that the issue is indirectly fixed upstream by UFO removal, and + carnil> the buggy memcpy_fromiovecend() (and related functions) are + carnil> fixed by upstream commit + carnil> 21226abb4e9f14d88238964d89b279e461ddc30c (4.0-rc1) +Bugs: +upstream: released (3.17-rc1) [06ebb06d49486676272a3c030bfeef4bd969a8e6] +4.19-upstream-stable: N/A "Fixed before branch point" +4.9-upstream-stable: N/A "Fixed before branch point" +3.16-upstream-stable: released (3.16.1) [874c613a476d6a283ce418290c4472a07dadadf6] +sid: released (3.16.2-1) +4.9-stretch-security: N/A "Fixed before branch point" +3.16-jessie-security: N/A "Fixed before branch point" |