diff options
author | Ben Hutchings <ben@decadent.org.uk> | 2019-04-25 16:36:00 +0100 |
---|---|---|
committer | Ben Hutchings <ben@decadent.org.uk> | 2019-04-25 20:41:22 +0100 |
commit | d98b5dfcad9328b959c258b480dec33c85c7e108 (patch) | |
tree | 4429fe0a08b471341c44180a80a42dbb25076925 /retired/CVE-2018-20449 | |
parent | 8540216243495fe412b2365d73066c546481cd05 (diff) |
Fill in status of CVE-2018-20449 and retire it
Diffstat (limited to 'retired/CVE-2018-20449')
-rw-r--r-- | retired/CVE-2018-20449 | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/retired/CVE-2018-20449 b/retired/CVE-2018-20449 new file mode 100644 index 00000000..9f0f8b53 --- /dev/null +++ b/retired/CVE-2018-20449 @@ -0,0 +1,21 @@ +Description: information leak by reading "callback=" lines in a debugfs file +References: + https://lists.debian.org/debian-security-tracker/2019/01/msg00029.html +Notes: + carnil> Not very convinced about the report as it only was throwed in + carnil> earlier this year on the debian security-tracker mailinglist. + carnil> Was it reported upstream? hidma_dbg.c introduced with + carnil> 570d0176296f0d17c4b5ab206ad4a4bc027b863b in 4.7-rc1. + canril> Issue mitigated with commit + canril> ad67b74d2469d9b82aaa572d76474c95bc484d57 ("printk: hash + canril> addresses printed with %p"). + bwh> I consider hashing pointers to be a complete fix. Additionally + bwh> debugfs is only accessible to root by default. +Bugs: +upstream: released (4.15-rc2) [ad67b74d2469d9b82aaa572d76474c95bc484d57] +4.19-upstream-stable: N/A "Fixed before branch point" +4.9-upstream-stable: ignored "Minor issue" +3.16-upstream-stable: N/A "Vulnerable code introduced later" +sid: released (4.15.4-1) +4.9-stretch-security: ignored "Minor issue" +3.16-jessie-security: N/A "Vulnerable code introduced later" |