diff options
| author | Salvatore Bonaccorso <carnil@debian.org> | 2023-11-28 20:35:10 +0100 |
|---|---|---|
| committer | Salvatore Bonaccorso <carnil@debian.org> | 2023-11-28 20:35:10 +0100 |
| commit | 66382c569c50ce55727ecc4606930f5c72c67bb8 (patch) | |
| tree | 2fe1b48de02762d67b75d95bbce44da51ce534d7 /retired | |
| parent | 6d86800d97cfa3534cbeea54b2667c66f6c5af70 (diff) | |
Document sort of unclear status for followup commit and CVE-2023-28464
Diffstat (limited to 'retired')
| -rw-r--r-- | retired/CVE-2023-28464 | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/retired/CVE-2023-28464 b/retired/CVE-2023-28464 index 18a72ca1..413e520a 100644 --- a/retired/CVE-2023-28464 +++ b/retired/CVE-2023-28464 @@ -8,6 +8,13 @@ Notes: bwh> potentially unfreed SCO connection" and backported to 6.1.25. bwh> Since the fix was also backported in 6.1.25, neither sid nor bwh> 6.1-upstream-stable was ever affected. + carnil> Upstream commit a85fb91e3d72 ("Bluetooth: Fix double free in + carnil> hci_conn_cleanup") in 6.7-rc1 and backported to 6.6.3, 6.5.13, + carnil> 6.1.64, 5.10.202 and 4.19.300 as well claim to fix the CVE. + carnil> Unclear if this is a followup fix needed to completely fix the + carnil> CVE, thus for now not considering it for tracking the fixed + carnil> version. The fix will be pulled in the next round of updates + carnil> anyway. Bugs: upstream: released (6.3-rc7) [5dc7d23e167e2882ef118456ceccd57873e876d8] 6.1-upstream-stable: released (6.1.25) [8c4b65f6c707bc07cbcd871667b5056821c5685d] |