Retire some CVEs

author: Salvatore Bonaccorso <carnil@debian.org> 2020-12-05 10:28:16 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2020-12-05 10:28:16 +0100
commit: ac7523c351ed0f60a490a2dce094c81d215d1ca2 (patch)
tree: 2d3405144fa19b18bd9a2068e6e820f8f573168b /retired/CVE-2020-0423
parent: ade36d788490df568a7ae2c5b83dc6382bfabb84 (diff)
1 files changed, 13 insertions, 0 deletions
diff --git a/retired/CVE-2020-0423 b/retired/CVE-2020-0423
new file mode 100644
index 00000000..e2122dba
--- /dev/null
+++ b/retired/CVE-2020-0423
@@ -0,0 +1,13 @@
+Description: binder: fix UAF when releasing todo list
+References:
+ https://lore.kernel.org/lkml/20201009232455.4054810-1-tkjos@google.com/
+Notes:
+ carnil> For v5.9.y fixed in 5.9.2.
+ bwh> Appears to have been introduced by locking changes around 4.14
+Bugs:
+upstream: released (5.10-rc1) [f3277cbfba763cd2826396521b9296de67cf1bbc]
+4.19-upstream-stable: released (4.19.153) [35cc2facc2a5ff52b9aa03f2dc81dcb000d97da3]
+4.9-upstream-stable: N/A "Vulnerability introduced later"
+sid: released (5.9.6-1)
+4.19-buster-security: released (4.19.160-1)
+4.9-stretch-security: N/A "Vulnerability introduced later"
author	Salvatore Bonaccorso <carnil@debian.org>	2020-12-05 10:28:16 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2020-12-05 10:28:16 +0100
commit	ac7523c351ed0f60a490a2dce094c81d215d1ca2 (patch)
tree	2d3405144fa19b18bd9a2068e6e820f8f573168b /retired/CVE-2020-0423
parent	ade36d788490df568a7ae2c5b83dc6382bfabb84 (diff)