Retire two CVEs

author: Salvatore Bonaccorso <carnil@debian.org> 2023-12-21 21:40:42 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2023-12-21 21:40:42 +0100
commit: 4af43a1614baf0a366468dab9a8127f3fc9b6c6a (patch)
tree: 5d05235bb64e86e4e6bbcc636f7899e904e94249 /retired/CVE-2023-4273
parent: 6f0b49bfd0276bf17d7da1c4b4feaa972c0692ff (diff)
1 files changed, 15 insertions, 0 deletions
diff --git a/retired/CVE-2023-4273 b/retired/CVE-2023-4273
new file mode 100644
index 00000000..e5ce8c22
--- /dev/null
+++ b/retired/CVE-2023-4273
@@ -0,0 +1,15 @@
+Description: exfat: check if filename entries exceeds max filename length
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2221609
+ https://dfir.ru/2023/08/23/cve-2023-4273-a-vulnerability-in-the-linux-exfat-driver/
+Notes:
+ carnil> For 6.4.y fixed as well in 6.4.10.
+Bugs:
+upstream: released (6.5-rc5) [d42334578eba1390859012ebb91e1e556d51db49]
+6.1-upstream-stable: released (6.1.45) [c2fdf827f8fc6a571e1b7cc38a61041f0321adf5]
+5.10-upstream-stable: released (5.10.190) [381f7df0f3c3bd7dceb3e2b2b64c2f6247e2ac19]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.4.11-1)
+6.1-bookworm-security: released (6.1.52-1)
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: N/A "Vulnerable code not present"
author	Salvatore Bonaccorso <carnil@debian.org>	2023-12-21 21:40:42 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2023-12-21 21:40:42 +0100
commit	4af43a1614baf0a366468dab9a8127f3fc9b6c6a (patch)
tree	5d05235bb64e86e4e6bbcc636f7899e904e94249 /retired/CVE-2023-4273
parent	6f0b49bfd0276bf17d7da1c4b4feaa972c0692ff (diff)