diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2020-10-17 11:22:42 +0200 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2020-10-17 11:22:42 +0200 |
commit | 48e6d00eca55e7746e061c501908e3aeb6c75cd2 (patch) | |
tree | 19fd880abd2ac37c8cf401207fc2c630f9fcb6f1 /retired/CVE-2020-24490 | |
parent | 037a6557d8cc11b421d4116c098a1ea4467b4b05 (diff) |
Track fixes in 4.9.240
Diffstat (limited to 'retired/CVE-2020-24490')
-rw-r--r-- | retired/CVE-2020-24490 | 30 |
1 files changed, 0 insertions, 30 deletions
diff --git a/retired/CVE-2020-24490 b/retired/CVE-2020-24490 deleted file mode 100644 index a638e6dc..00000000 --- a/retired/CVE-2020-24490 +++ /dev/null @@ -1,30 +0,0 @@ -Description: INTEL-SA-00435 -References: - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html - https://github.com/google/security-research/security/advisories/GHSA-ccx2-w2r4-x649 -Notes: - carnil> CVE-2020-12351, CVE-2020-12352 and CVE-2020-24490 are three - carnil> issues covered by a set of commits/patches sent upstream but - carnil> there is no clear association from the CVEs to the commits. So - carnil> duplicate this entry for now to all three CVEs. - carnil> The commits are: - carnil> https://lore.kernel.org/linux-bluetooth/20200806181714.3216076-1-luiz.dentz@gmail.com/ - carnil> https://lore.kernel.org/linux-bluetooth/20200806181714.3216076-2-luiz.dentz@gmail.com/ - carnil> https://lore.kernel.org/linux-bluetooth/20200806181714.3216076-3-luiz.dentz@gmail.com/ - carnil> https://lore.kernel.org/linux-bluetooth/20200806181714.3216076-4-luiz.dentz@gmail.com/ - carnil> which are not yet in mainline, and - carnil> a2ec905d1e16 ("Bluetooth: fix kernel oops in - carnil> store_pending_adv_report") which is in 5.8 (and which was - carnil> backported to 5.7.13, 5.4.56 and 4.19.137). This commit fixes - carnil> c215e9397b00 ("Bluetooth: Process extended ADV report event") - carnil> which is in 4.19-rc1 but not backported to other stable series. - carnil> The "fixed version" information in INTEL-SA-00435 is thus as - carnil> well contradictory as it mentions the issue to be fixed in 5.9 - carnil> or later. -Bugs: -upstream: released (5.8) [a2ec905d1e160a33b2e210e45ad30445ef26ce0e] -4.19-upstream-stable: released (4.19.137) [5df9e5613d1c51e16b1501a4c75e139fbbe0fb6c] -4.9-upstream-stable: N/A "Vulnerable code introduced later" -sid: released (5.7.17-1) -4.19-buster-security: released (4.19.146-1) -4.9-stretch-security: N/A "Vulnerable code introduced later" |