Retire some CVEs

author: Salvatore Bonaccorso <carnil@debian.org> 2024-03-19 21:18:52 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2024-03-19 21:18:52 +0100
commit: 403fda5be130ce093c1bfe4fbe82468d7fa030d4 (patch)
tree: b7db18c2f8ff5bbf815d19164d28cda6eb47c64a /retired/CVE-2024-26638
parent: b9e9e6d911be6ac1552d5d2fe051c3a1d960004c (diff)
1 files changed, 16 insertions, 0 deletions
diff --git a/retired/CVE-2024-26638 b/retired/CVE-2024-26638
new file mode 100644
index 00000000..f4c823c6
--- /dev/null
+++ b/retired/CVE-2024-26638
@@ -0,0 +1,16 @@
+Description: nbd: always initialize struct msghdr completely
+References:
+Notes:
+ carnil> Introduced in f94fd25cb0aa ("tcp: pass back data left in socket after
+ carnil> receive"). Vulnerable versions: 5.19-rc1.
+Bugs:
+upstream: released (6.8-rc1) [78fbb92af27d0982634116c7a31065f24d092826]
+6.7-upstream-stable: released (6.7.3) [b0028f333420a65a53a63978522db680b37379dd]
+6.6-upstream-stable: released (6.6.15) [1960f2b534da1e6c65fb96f9e98bda773495f406]
+6.1-upstream-stable: released (6.1.76) [d9c54763e5cdbbd3f81868597fe8aca3c96e6387]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
author	Salvatore Bonaccorso <carnil@debian.org>	2024-03-19 21:18:52 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2024-03-19 21:18:52 +0100
commit	403fda5be130ce093c1bfe4fbe82468d7fa030d4 (patch)
tree	b7db18c2f8ff5bbf815d19164d28cda6eb47c64a /retired/CVE-2024-26638
parent	b9e9e6d911be6ac1552d5d2fe051c3a1d960004c (diff)