retire issues

author: Moritz Muehlenhoff <jmm@debian.org> 2022-12-14 15:33:27 +0100
committer: Moritz Muehlenhoff <jmm@debian.org> 2022-12-14 15:33:27 +0100
commit: fa9e50dfa2ecfe80ee04035b55d36bf33555cb2f (patch)
tree: ab78ba97383bc1e4c5bc0d2e3a9174ab97156406 /retired/CVE-2019-19039
parent: cfc5cef637a25d5c1d5c9b28932ff091f28754e5 (diff)
1 files changed, 20 insertions, 0 deletions
diff --git a/retired/CVE-2019-19039 b/retired/CVE-2019-19039
new file mode 100644
index 00000000..c5a144fc
--- /dev/null
+++ b/retired/CVE-2019-19039
@@ -0,0 +1,20 @@
+Description: btrfs: crafted image triggers WARN() in __btrfs_free_extent
+References:
+ https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19039
+Notes:
+ bwh> The reporter describes this as an information leak because a WARN()
+ bwh> causes register contents to be logged.  This is mitigated on stretch
+ bwh> onward because we restrict access to the kernel log by default.
+ bwh> However this can still be a denial-of-service if panic_on_warn is
+ bwh> enabled.  Apparently fixed along with CVE-2019-19377.
+Bugs:
+upstream: released (5.7-rc1) [b3ff8f1d380e65dddd772542aa9bff6c86bf715a]
+5.10-upstream-stable: N/A "Fixed before branch point"
+4.19-upstream-stable: released (4.19.156) [1527c0e0229d2dd1c8ae1e73b1579bd8d5866b5b]
+4.9-upstream-stable: needed
+3.16-upstream-stable: ignored "EOL"
+sid: released (5.6.7-1)
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.160-1)
+4.9-stretch-security: ignored "EOL"
+3.16-jessie-security: ignored "EOL"
author	Moritz Muehlenhoff <jmm@debian.org>	2022-12-14 15:33:27 +0100
committer	Moritz Muehlenhoff <jmm@debian.org>	2022-12-14 15:33:27 +0100
commit	fa9e50dfa2ecfe80ee04035b55d36bf33555cb2f (patch)
tree	ab78ba97383bc1e4c5bc0d2e3a9174ab97156406 /retired/CVE-2019-19039
parent	cfc5cef637a25d5c1d5c9b28932ff091f28754e5 (diff)