diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2020-03-29 21:07:17 +0200 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2020-03-29 21:07:17 +0200 |
commit | 0c7be6e4fa8f6d7cd54584972154739f8ce6c15e (patch) | |
tree | 34a22106defd0dc5586a3e31e2142460d9fe14ee /retired | |
parent | 605c80b66fc4a0b876a06e4f38686a90098c48de (diff) |
Retire two CVEs
Diffstat (limited to 'retired')
-rw-r--r-- | retired/CVE-2019-19050 | 15 | ||||
-rw-r--r-- | retired/CVE-2019-19252 | 18 |
2 files changed, 33 insertions, 0 deletions
diff --git a/retired/CVE-2019-19050 b/retired/CVE-2019-19050 new file mode 100644 index 000000000..9bf250e60 --- /dev/null +++ b/retired/CVE-2019-19050 @@ -0,0 +1,15 @@ +Description: crypto: user - fix memory leak in crypto_reportstat +References: + https://github.com/torvalds/linux/commit/c03b04dcdba1da39903e23cc4d072abf8f68f2dd +Notes: + bwh> Introduced in 4.20 by commit cac5818c25d0 "crypto: user - Implement a + bwh> generic crypto statistics". +Bugs: +upstream: released (5.5-rc1) [c03b04dcdba1da39903e23cc4d072abf8f68f2dd] +4.19-upstream-stable: N/A "Vulnerable code not present" +4.9-upstream-stable: N/A "Vulnerable code not present" +3.16-upstream-stable: N/A "Vulnerable code not present" +sid: released (5.4.6-1) +4.19-buster-security: N/A "Vulnerable code not present" +4.9-stretch-security: N/A "Vulnerable code not present" +3.16-jessie-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2019-19252 b/retired/CVE-2019-19252 new file mode 100644 index 000000000..026090db8 --- /dev/null +++ b/retired/CVE-2019-19252 @@ -0,0 +1,18 @@ +Description: vt: heap OOB read/write in vcs_scr_readw +References: + https://lore.kernel.org/lkml/c30fc539-68a8-65d7-226c-6f8e6fd8bdfb@suse.com/ + https://lore.kernel.org/lkml/nycvar.YSQ.7.76.1911051030580.30289@knanqh.ubzr/ +Notes: + bwh> Fix appears to be commit 0c9acb1af77a "vcs: prevent write access to + bwh> vcsu devices", which blames commit d21b0be246bf "vt: introduce unicode + bwh> mode for /dev/vcs" from 4.19. + carnil> Fixed as well in 5.4.3, 5.3.16 already. +Bugs: +upstream: released (5.5-rc1) [0c9acb1af77a3cb8707e43f45b72c95266903cee] +4.19-upstream-stable: released (4.19.89) [627f3b9e4dd812dac9d93e578af80de751e704a4] +4.9-upstream-stable: N/A "Vulnerability introduced later" +3.16-upstream-stable: N/A "Vulnerability introduced later" +sid: released (5.4.6-1) +4.19-buster-security: released (4.19.98-1) +4.9-stretch-security: N/A "Vulnerability introduced later" +3.16-jessie-security: N/A "Vulnerability introduced later" |