Retire two CVEs

author: Salvatore Bonaccorso <carnil@debian.org> 2023-04-25 11:49:44 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2023-04-25 11:49:44 +0200
commit: 17626e995b5f4c3c4daea487595b8da8e09faf46 (patch)
tree: e4194ae5668b9726129441637d68a0678f526d46 /retired/CVE-2023-2006
parent: bceafb38b33da577379539acef3ba47c74f26613 (diff)
1 files changed, 15 insertions, 0 deletions
diff --git a/retired/CVE-2023-2006 b/retired/CVE-2023-2006
new file mode 100644
index 00000000..a15c463c
--- /dev/null
+++ b/retired/CVE-2023-2006
@@ -0,0 +1,15 @@
+Description: rxrpc: Fix race between conn bundle lookup and bundle removal [ZDI-CAN-15975]
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2189112
+ https://www.zerodayinitiative.com/advisories/ZDI-23-439/
+Notes:
+ carnil> Commit fixes 245500d853e9 ("rxrpc: Rewrite the client
+ carnil> connection manager") 5.10-rc1.
+Bugs:
+upstream: released (6.1-rc7) [3bcd6c7eaa53b56c3f584da46a1f7652e759d0e5]
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.157) [3535c632e6d16c98f76e615da8dc0cb2750c66cc]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.0.12-1)
+5.10-bullseye-security: released (5.10.158-1)
+4.19-buster-security: N/A "Vulnerable code not present"
author	Salvatore Bonaccorso <carnil@debian.org>	2023-04-25 11:49:44 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2023-04-25 11:49:44 +0200
commit	17626e995b5f4c3c4daea487595b8da8e09faf46 (patch)
tree	e4194ae5668b9726129441637d68a0678f526d46 /retired/CVE-2023-2006
parent	bceafb38b33da577379539acef3ba47c74f26613 (diff)