Retire several CVEs

author: Salvatore Bonaccorso <carnil@debian.org> 2022-03-25 20:49:54 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2022-03-25 20:49:54 +0100
commit: 799d3c586b6df4d41fccd5fc2ff796a087c26329 (patch)
tree: 58859fea1691e870e5406a47cbb0c08c1e4582e6 /retired/CVE-2021-43389
parent: e3e90ffdadf6bb9b0e7ff277a38879d594f49edd (diff)
1 files changed, 17 insertions, 0 deletions
diff --git a/retired/CVE-2021-43389 b/retired/CVE-2021-43389
new file mode 100644
index 00000000..bd1b7e47
--- /dev/null
+++ b/retired/CVE-2021-43389
@@ -0,0 +1,17 @@
+Description: isdn: cpai: check ctr->cnr to avoid array index out of bound
+References:
+ https://www.openwall.com/lists/oss-security/2021/10/19/1
+ https://lore.kernel.org/netdev/CAFcO6XOvGQrRTaTkaJ0p3zR7y7nrAWD79r48=L_BbOyrK9X-vA@mail.gmail.com/
+Notes:
+ carnil> Fixed as well in 5.14.15 in 5.14.y.
+ bwh> This seems to really be a bug in the Bluetooth CMTP subsystem, which has
+ bwh> been present since that was added in Linux 2.6.2.
+Bugs:
+upstream: released (5.15-rc6) [1f3e2e97c003f80c4b087092b225c8787ff91e4d]
+5.10-upstream-stable: released (5.10.76) [7f221ccbee4ec662e2292d490a43ce6c314c4594]
+4.19-upstream-stable: released (4.19.214) [7d91adc0ccb060ce564103315189466eb822cc6a]
+4.9-upstream-stable: released (4.9.288) [24219a977bfe3d658687e45615c70998acdbac5a]
+sid: released (5.14.16-1)
+5.10-bullseye-security: released (5.10.84-1)
+4.19-buster-security: released (4.19.232-1)
+4.9-stretch-security: released (4.9.290-1)
author	Salvatore Bonaccorso <carnil@debian.org>	2022-03-25 20:49:54 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2022-03-25 20:49:54 +0100
commit	799d3c586b6df4d41fccd5fc2ff796a087c26329 (patch)
tree	58859fea1691e870e5406a47cbb0c08c1e4582e6 /retired/CVE-2021-43389
parent	e3e90ffdadf6bb9b0e7ff277a38879d594f49edd (diff)