Retire some CVEs

author: Salvatore Bonaccorso <carnil@debian.org> 2021-09-25 10:04:53 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2021-09-25 10:04:53 +0200
commit: 1551e196a8e81a3b331ab17423d27d631d1cb851 (patch)
tree: ce9f0833c4a00170114a8c4d0c354765d8338fae /retired/CVE-2021-3739
parent: eec038484cae567fc5d43f9502072a555ac272cd (diff)
1 files changed, 19 insertions, 0 deletions
diff --git a/retired/CVE-2021-3739 b/retired/CVE-2021-3739
new file mode 100644
index 00000000..5d63ffae
--- /dev/null
+++ b/retired/CVE-2021-3739
@@ -0,0 +1,19 @@
+Description: btrfs: fix NULL pointer dereference when deleting device by invalid id
+References:
+ https://www.openwall.com/lists/oss-security/2021/08/25/3
+ https://lore.kernel.org/linux-btrfs/CAFcO6XO5TC5sEo-C9JGC75JkNAzkOSSLA3a=bwQqXFFbRTZ7Gw@mail.gmail.com/T/#md4b850f33616b7364f86e6fed144abc925f3669c
+ https://lore.kernel.org/linux-btrfs/20210806102415.304717-1-wqu@suse.com/T/#u
+ https://bugzilla.redhat.com/show_bug.cgi?id=1997958
+Notes:
+ carnil> Commit fixes a27a94c2b0c7 ("btrfs: Make
+ carnil> btrfs_find_device_by_devspec return btrfs_device directly") in
+ carnil> 4.20-rc1.
+Bugs:
+upstream: released (5.15-rc1) [e4571b8c5e9ffa1e85c0c671995bd4dcc5c75091]
+5.10-upstream-stable: released (5.10.62) [c43add24dffdbac269d5610465ced70cfc1bad9e]
+4.19-upstream-stable: N/A "Vulnerable code introduced later"
+4.9-upstream-stable: N/A "Vulnerable code introduced later"
+sid: released (5.14.6-1)
+5.10-bullseye-security: released (5.10.46-5) [bugfix/all/btrfs-fix-NULL-pointer-dereference-when-deleting-dev.patch] 
+4.19-buster-security: N/A "Vulnerable code introduced later"
+4.9-stretch-security: N/A "Vulnerable code introduced later"
author	Salvatore Bonaccorso <carnil@debian.org>	2021-09-25 10:04:53 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2021-09-25 10:04:53 +0200
commit	1551e196a8e81a3b331ab17423d27d631d1cb851 (patch)
tree	ce9f0833c4a00170114a8c4d0c354765d8338fae /retired/CVE-2021-3739
parent	eec038484cae567fc5d43f9502072a555ac272cd (diff)