diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2021-08-16 09:22:51 +0200 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2021-08-16 09:22:51 +0200 |
commit | 0bef0f2b5f3d8374dfaf8ecde8d9d2f2ad4167be (patch) | |
tree | e53be2103f7fc313f821989bcd9572997d204a99 /retired/CVE-2020-25673 | |
parent | 80c0982c89a641cbede8cfa2dd6e4a29b11c70ff (diff) |
Retire CVE-2020-25673
Diffstat (limited to 'retired/CVE-2020-25673')
-rw-r--r-- | retired/CVE-2020-25673 | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/retired/CVE-2020-25673 b/retired/CVE-2020-25673 new file mode 100644 index 00000000..ca2e3bac --- /dev/null +++ b/retired/CVE-2020-25673 @@ -0,0 +1,20 @@ +Description: list corruption and memory leak in llcp_sock_connect() for non-blocking socket +References: + https://www.openwall.com/lists/oss-security/2020/11/01/1 + https://lore.kernel.org/lkml/20210303061654.127666-5-nixiaoming@huawei.com/ +Notes: + bwh> Not sure how far back this goes, but 4.9 seems to have the issue + carnil> Possibly 4b5db93e7f2a ("nfc: Avoid endless loops caused by + carnil> repeated llcp_sock_connect()") is the only part of the problem + carnil> which can be properly fixed? That commit would then be in 5.12-rc7 + carnil> and was backported to 5.10.30, 4.19.187 and 4.9.267. Other seem to + carnil> have it classified as such and follow Ubuntu's tracking. +Bugs: +upstream: released (5.12-rc7) [4b5db93e7f2afbdfe3b78e37879a85290187e6f1] +5.10-upstream-stable: released (5.10.30) [a12a2fa9a129d3200065fde95f6eb0a98672a2c3] +4.19-upstream-stable: released (4.19.187) [eab391e0766ed88262160b14bb7131f331f6af1a] +4.9-upstream-stable: released (4.9.267) [7f6c9e4314aa7d90b6261b8ae571d14c454ba964] +sid: released (5.10.38-1) +5.10-bullseye-security: N/A "Fixed before branching point" +4.19-buster-security: released (4.19.194-1) +4.9-stretch-security: released (4.9.272-1) |