Retire CVEs covered in all supported branches

4 files changed, 63 insertions, 0 deletions

diff --git a/retired/CVE-2019-25160 b/retired/CVE-2019-25160
new file mode 100644
index 00000000..8e7c7472
--- /dev/null
+++ b/retired/CVE-2019-25160
@@ -0,0 +1,17 @@
+Description: netlabel: fix out-of-bounds memory accesses
+References:
+Notes:
+ carnil> Introduced in 446fda4f2682 ("[NetLabel]: CIPSOv4 engine")
+ carnil> 3faa8f982f95 ("netlabel: Move bitmap manipulation functions to the NetLabel
+ carnil> core."). Vulnerable versions: 2.6.19-rc1.
+Bugs:
+upstream: released (5.0) [5578de4834fe0f2a34fedc7374be691443396d1f]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Fixed before branching point"
+4.19-upstream-stable: released (4.19.28) [e3713abc4248aa6bcc11173d754c418b02a62cbb]
+sid: released (4.19.28-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Fixed before branching point"
diff --git a/retired/CVE-2019-25161 b/retired/CVE-2019-25161
new file mode 100644
index 00000000..a8064906
--- /dev/null
+++ b/retired/CVE-2019-25161
@@ -0,0 +1,15 @@
+Description: drm/amd/display: prevent memory leak
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (5.4-rc1) [104c307147ad379617472dd91a5bcb368d72bd6d]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Fixed before branching point"
+4.19-upstream-stable: released (4.19.137) [60e1b411bf0fd9fda2d2de7f45dc3b1d9960b85e]
+sid: released (5.4.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.146-1)
diff --git a/retired/CVE-2019-25162 b/retired/CVE-2019-25162
new file mode 100644
index 00000000..ed62f2a3
--- /dev/null
+++ b/retired/CVE-2019-25162
@@ -0,0 +1,16 @@
+Description: i2c: Fix a potential use after free
+References:
+Notes:
+ carnil> Introduced in 611e12ea0f12 ("i2c: core: manage i2c bus device refcount in
+ carnil> i2c_[get|put]_adapter"). Vulnerable versions: 4.3-rc1.
+Bugs:
+upstream: released (6.0-rc1) [e4c72c06c367758a14f227c847f9d623f1994ecf]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.137) [81cb31756888bb062e92d2dca21cd629d77a46a9]
+4.19-upstream-stable: released (4.19.256) [23a191b132cd87f746c62f3dc27da33683d85829]
+sid: released (5.19.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.140-1)
+4.19-buster-security: released (4.19.260-1)
diff --git a/retired/CVE-2021-46906 b/retired/CVE-2021-46906
new file mode 100644
index 00000000..0a1a062a
--- /dev/null
+++ b/retired/CVE-2021-46906
@@ -0,0 +1,15 @@
+Description: HID: usbhid: fix info leak in hid_submit_ctrl
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (5.13-rc5) [6be388f4a35d2ce5ef7dbf635a8964a5da7f799f]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.45) [b1e3596416d74ce95cc0b7b38472329a3818f8a9]
+4.19-upstream-stable: released (4.19.196) [0e280502be1b003c3483ae03fc60dea554fcfa82]
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.46-1)
+4.19-buster-security: released (4.19.208-1)