retire some issues

1 files changed, 25 insertions, 0 deletions

diff --git a/retired/CVE-2019-19036 b/retired/CVE-2019-19036
new file mode 100644
index 00000000..7ab73d15
--- /dev/null
+++ b/retired/CVE-2019-19036
@@ -0,0 +1,25 @@
+Description: btrfs: crafted image causes null deref in btrfs_root_node
+References:
+ https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19036
+ https://bugzilla.redhat.com/show_bug.cgi?id=1775187
+ https://bugzilla.suse.com/show_bug.cgi?id=1157692
+Notes:
+ jmm> Fixed by 62fdaa52a3d00a875da771719b6dc537ca79fce1 ?
+ carnil> This is a good candidate and is included in 5.4-rc1. It was
+ carnil> futhermore backported to 5.3.4, 5.2.19 and 4.19.129, where the
+ carnil> 5.3.4 fixing information would as well match what is available
+ carnil> from the Red Hat bugzilla.
+ bwh> I think this affects 4.9 but the fix depends on commits going back
+ bwh> to at least 581c1760415c "btrfs: Validate child tree block's level
+ bwh> and first key".
+Bugs:
+upstream: released (5.4-rc1) [62fdaa52a3d00a875da771719b6dc537ca79fce1]
+5.10-upstream-stable: N/A "Fixed before branch point"
+4.19-upstream-stable: released (4.19.129) [227af79e6cb0ee3faeb8c70be4bc0aec0b09ea25]
+4.9-upstream-stable: needed
+3.16-upstream-stable: ignored "EOL"
+sid: released (5.3.7-1)
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.131-1)
+4.9-stretch-security: ignored "EOL"
+3.16-jessie-security: ignored "EOL"