Retire several CVEs

author: Salvatore Bonaccorso <carnil@debian.org> 2019-04-27 10:35:38 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2019-04-27 10:35:38 +0200
commit: 50515be306d26f92c0642de9596d03122cc4f998 (patch)
tree: 0e5d9176291ecfd7635d2c9f1bd87ae57ebe02d4 /retired/CVE-2019-8980
parent: 6b4c46d0edfd7627200d062f594db50583bffd44 (diff)
1 files changed, 15 insertions, 0 deletions
diff --git a/retired/CVE-2019-8980 b/retired/CVE-2019-8980
new file mode 100644
index 00000000..dcd832d5
--- /dev/null
+++ b/retired/CVE-2019-8980
@@ -0,0 +1,15 @@
+Description: memory leak in the kernel_read_file function in fs/exec.c
+References:
+ https://lore.kernel.org/lkml/20190219021038.11340-1-yuehaibing@huawei.com/
+ https://lore.kernel.org/lkml/20190219022512.GW2217@ZenIV.linux.org.uk/
+Notes:
+ carnil> Commit Fixes: 39d637af5aa7 ("vfs: forbid write access when
+ carnil> reading a file into memory") which is in 4.7-rc1
+Bugs:
+upstream: released (5.1-rc1) [f612acfae86af7ecad754ae6a46019be9da05b8e]
+4.19-upstream-stable: released (4.19.28) [b60d90b2d3d14c426693a0a34041db11be66d29e]
+4.9-upstream-stable: released (4.9.163) [dd6734e17903f16a47c78d0418f02e06df080c54]
+3.16-upstream-stable: N/A "Vulnerable code not present"
+sid: released (4.19.28-1)
+4.9-stretch-security: released (4.9.168-1)
+3.16-jessie-security: N/A "Vulnerable code not present"
author	Salvatore Bonaccorso <carnil@debian.org>	2019-04-27 10:35:38 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2019-04-27 10:35:38 +0200
commit	50515be306d26f92c0642de9596d03122cc4f998 (patch)
tree	0e5d9176291ecfd7635d2c9f1bd87ae57ebe02d4 /retired/CVE-2019-8980
parent	6b4c46d0edfd7627200d062f594db50583bffd44 (diff)