diff options
author | Ben Hutchings <ben@decadent.org.uk> | 2020-10-29 19:35:55 +0000 |
---|---|---|
committer | Ben Hutchings <ben@decadent.org.uk> | 2020-10-29 19:35:55 +0000 |
commit | 46596addb1df996f06637dd4bb06ddcf23ead940 (patch) | |
tree | 0ea8c74b965066f66ca447607545577cda165bfc /retired/CVE-2019-9445 | |
parent | 9cd8e88bbaf9b6711fc54bad1d8acd8ee940631a (diff) |
Retire inactive issues
Diffstat (limited to 'retired/CVE-2019-9445')
-rw-r--r-- | retired/CVE-2019-9445 | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/retired/CVE-2019-9445 b/retired/CVE-2019-9445 new file mode 100644 index 00000000..88654b76 --- /dev/null +++ b/retired/CVE-2019-9445 @@ -0,0 +1,21 @@ +Description: Out-of-bounds read in f2fs +References: + https://source.android.com/security/bulletin/pixel/2019-09-01 + https://android-review.googlesource.com/c/kernel/common/+/864649 +Notes: + carnil> Not fully clear (to me) which specific commit is meant. + bwh> The CVE description mentions an "out-of bounds read", so the most + bwh> likely fix seemed to be commit 64beba0558fc "f2fs: sanity check of + bwh> xattr entry size". However that addresses CVE-2019-9245. The + bwh> other candidate I could see was commit 720db068634c "f2fs: check + bwh> if file namelen exceeds max value". + bwh> Apparently introduced in 3.8 when f2fs was added. +Bugs: +upstream: released (5.1-rc1) [720db068634c91553a8e1d9a0fcd8c7050e06d2b] +4.19-upstream-stable: released (4.19.97) [4124927e36b7753efb6faf1a508e2bc6783343cf] +4.9-upstream-stable: released (4.9.233) [7745e3c67b80865bd0bc0812fda9f6292c8dc2fb] +3.16-upstream-stable: ignored "f2fs is not supportable" +sid: released (5.2.6-1) +4.19-buster-security: released (4.19.98-1) +4.9-stretch-security: released (4.9.240-1) +3.16-jessie-security: ignored "f2fs is not supportable" |