Retire inactive issues

25 files changed, 402 insertions, 0 deletions

diff --git a/retired/CVE-2015-8553 b/retired/CVE-2015-8553
new file mode 100644
index 00000000..8924ab19
--- /dev/null
+++ b/retired/CVE-2015-8553
@@ -0,0 +1,29 @@
+Description: Incomplete fix for CVE-2015-2150
+References:
+ http://xenbits.xen.org/xsa/advisory-120.html
+ http://thread.gmane.org/gmane.comp.emulators.xen.devel/140440/focus=140441
+ http://thread.gmane.org/gmane.linux.kernel/1924087/focus=1924088
+Notes:
+ bwh> Upstream fix is not clearly correct; see discussions in the references.
+ jmm> I've gotten in touch with the subsystems maintainers; the patch breaks
+ jmm> qemu (as used by xen). While this was fixed upstream in qemu, the patch
+ jmm> hasn't been merged yet since it would break with older versions of qemu
+ jmm> I'm trying to find out which version is fine, so maybe we can carry that
+ jmm> the xsa120-addendum.patch as a Debian-specific patch it's merged at some
+ jmm> point
+ carnil> qemu fix is in
+ carnil> https://git.qemu.org/?p=qemu.git;a=commitdiff;h=2e87512eccf3c5e40f3142ff5a763f4f850839f4
+ carnil> which is at least in qemu v2.5.0-rc0 onwards.
+ bwh> The kernel fix will be applied to 4.9, so we will need to add a
+ bwh> Breaks against old qemu and revert the fix for the jessie backport.
+Bugs:
+upstream: released (5.1-rc1) [7681f31ec9cdacab4fd10570be924f2cef6669ba]
+4.19-upstream-stable: released (4.19.48) [99dcf4a4dd2e102aa843ef2cf9ab65c89e9d56df]
+4.9-upstream-stable: released (4.9.181) [19474aa3d81ad5ae8692f7a45ff8ea12fbfd7ede]
+3.16-upstream-stable: ignored "breaks qemu versions likely to be used with this kernel version"
+3.2-upstream-stable: ignored "EOL"
+sid: released (4.19.37-1) [bugfix/all/xen-pciback-Don-t-disable-PCI_COMMAND-on-PCI-device-.patch]
+4.19-buster-security: N/A "Fixed before branching point"
+4.9-stretch-security: released (4.9.168-1+deb9u5) [bugfix/all/xen-pciback-don-t-disable-pci_command-on-pci-device-.patch]
+3.16-jessie-security: ignored "breaks qemu as used in jessie"
+3.2-wheezy-security: ignored "breaks qemu as used in jessie"
diff --git a/retired/CVE-2016-10907 b/retired/CVE-2016-10907
new file mode 100644
index 00000000..ed200c53
--- /dev/null
+++ b/retired/CVE-2016-10907
@@ -0,0 +1,14 @@
+Description: iio: ad5755: fix off-by-one on devnr limit check
+References:
+Notes:
+ bwh> Introduced in 4.8 by commit c947459979c6 "iio: ad5755: add support
+ bwh> for dt bindings".
+Bugs:
+upstream: released (4.9-rc1) [9d47964bfd471f0dd4c89f28556aec68bffa0020]
+4.19-upstream-stable: N/A "Fixed before branching point"
+4.9-upstream-stable: N/A "Fixed before branching point"
+3.16-upstream-stable: N/A "Vulnerable code not present"
+sid: released (4.9.2-1)
+4.19-buster-security: N/A "Fixed before branching point"
+4.9-stretch-security: N/A "Fixed before branching point"
+3.16-jessie-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2017-18509 b/retired/CVE-2017-18509
new file mode 100644
index 00000000..abd095c3
--- /dev/null
+++ b/retired/CVE-2017-18509
@@ -0,0 +1,14 @@
+Description: IPv6 mroute missing type check
+References:
+ https://lists.openwall.net/netdev/2017/12/04/40
+ https://pulsesecurity.co.nz/advisories/linux-kernel-4.9-inetcsklistenstop-gpf
+Notes:
+Bugs:
+upstream: released (4.11-rc1) [99253eb750fda6a644d5188fb26c43bad8d5a745]
+4.19-upstream-stable: N/A "Fixed before branch point"
+4.9-upstream-stable: released (4.9.187) [1e531ad4316cb47c6c2b42f3257d1841a6e837e7]
+3.16-upstream-stable: released (3.16.72) [2b8d63b97d78835d3cd75b0ee344d21489df4edc]
+sid: released (4.11.6-1)
+4.19-buster-security: N/A "Fixed before branch point"
+4.9-stretch-security: released (4.9.168-1+deb9u5) [bugfix/all/ipv6-check-sk-sk_type-and-protocol-early-in-ip_mrout.patch]
+3.16-jessie-security: released (3.16.72-1)
diff --git a/retired/CVE-2017-18549 b/retired/CVE-2017-18549
new file mode 100644
index 00000000..38304b29
--- /dev/null
+++ b/retired/CVE-2017-18549
@@ -0,0 +1,14 @@
+Description: scsi: aacraid: Don't copy uninitialized stack memory to userspace
+References:
+Notes:
+ bwh> Introduced in 4.11 by commit 423400e64d377 "scsi: aacraid: Include HBA
+ bwh> direct interface".
+Bugs:
+upstream: released (4.13-rc1) [342ffc26693b528648bdc9377e51e4f2450b4860]
+4.19-upstream-stable: N/A "Fixed before branching point"
+4.9-upstream-stable: N/A "Vulnerable code not present"
+3.16-upstream-stable: N/A "Vulnerable code not present"
+sid: released (4.13.4-1)
+4.19-buster-security: N/A "Fixed before branching point"
+4.9-stretch-security: N/A "Vulnerable code not present"
+3.16-jessie-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2017-18550 b/retired/CVE-2017-18550
new file mode 100644
index 00000000..6e932adf
--- /dev/null
+++ b/retired/CVE-2017-18550
@@ -0,0 +1,14 @@
+Description: scsi: aacraid: Don't copy uninitialized stack memory to userspace
+References:
+Notes:
+ bwh> Introduced in 4.11 by commit c799d519bf088 "scsi: aacraid: Retrieve HBA
+ bwh> host information ioctl"
+Bugs:
+upstream: released (4.13-rc1) [342ffc26693b528648bdc9377e51e4f2450b4860]
+4.19-upstream-stable: N/A "Fixed before branching point"
+4.9-upstream-stable: N/A "Vulnerable code not present"
+3.16-upstream-stable: N/A "Vulnerable code not present"
+sid: released (4.13.4-1)
+4.19-buster-security: N/A "Fixed before branching point"
+4.9-stretch-security: N/A "Vulnerable code not present"
+3.16-jessie-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2017-18552 b/retired/CVE-2017-18552
new file mode 100644
index 00000000..b90ec74c
--- /dev/null
+++ b/retired/CVE-2017-18552
@@ -0,0 +1,14 @@
+Description: RDS: validate the requested traces user input against max supported
+References:
+Notes:
+ bwh> Introduced in 4.11 by commit 3289025aedc0 "RDS: add receive message
+ bwh> trace used by application".
+Bugs:
+upstream: released (4.11-rc1) [780e982905bef61d13496d9af5310bf4af3a64d3]]
+4.19-upstream-stable: N/A "Fixed before branching point"
+4.9-upstream-stable: N/A "Vulnerable code not present"
+3.16-upstream-stable: N/A "Vulnerable code not present"
+sid: released (4.11.6-1)
+4.19-buster-security: N/A "Fixed before branching point"
+4.9-stretch-security: N/A "Vulnerable code not present"
+3.16-jessie-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2018-1108 b/retired/CVE-2018-1108
new file mode 100644
index 00000000..dbe962e9
--- /dev/null
+++ b/retired/CVE-2018-1108
@@ -0,0 +1,21 @@
+Description: random: fix crng_ready() test
+References:
+ https://bugs.chromium.org/p/project-zero/issues/detail?id=1559
+Notes:
+ carnil> Commit message mentions as fixing commit for CVE-2018-1108
+ carnil> 43838a23a05fbd13e47d750d3dfd77001536dd33, and related commits
+ carnil> dc12baacb95f205948f64dc936a47d89ee110117 (needed for 4.13+)
+ carnil> and 8ef35c866f8862df074a49a93b0309725812dea8 (needed for 4.8+)
+ carnil> CVE-2018-1108 itself has "Cc: stable@kernel.org # 4.8+"
+ carnil> 4.9.88-1+deb9u1 reverts the fix due to various reported regressions.
+Bugs:
+upstream: released (4.17-rc2) [43838a23a05fbd13e47d750d3dfd77001536dd33]
+4.19-upstream-stable: N/A "Fixed before branch point"
+4.9-upstream-stable: released (4.9.96) [4dfb3442bb7e1fb80515df4a199ca5a7a8edf900]
+3.16-upstream-stable: N/A "Vulnerable code not present"
+3.2-upstream-stable: N/A "Vulnerable code not present"
+sid: released (4.16.5-1)
+4.19-buster-security: N/A "Fixed before branching point"
+4.9-stretch-security: ignored "Can't be fixed without many user-space changes"
+3.16-jessie-security: N/A "Vulnerable code not present"
+3.2-wheezy-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2018-20510 b/retired/CVE-2018-20510
new file mode 100644
index 00000000..32c888ea
--- /dev/null
+++ b/retired/CVE-2018-20510
@@ -0,0 +1,14 @@
+Description: binder: replace "%p" with "%pK"
+References:
+ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20510
+ https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20510.html
+Notes:
+Bugs:
+upstream: released (4.16-rc3) [8ca86f1639ec5890d400fff9211aca22d0a392eb)
+4.19-upstream-stable: N/A "Fixed before branching point"
+4.9-upstream-stable: released (4.9.181) [6f3433c47e8223c97746ad227d1e6f5531e0758a]
+3.16-upstream-stable: released (3.16.57) [c2c37cd0a0f45dd883fc03b38b04a7f0a269a1ca]
+sid: released (4.16.5-1)
+4.19-buster-security: N/A "Fixed before branching point"
+4.9-stretch-security: ignored "Vulnerable code is not enabled"
+3.16-jessie-security: released (3.16.57-1)
diff --git a/retired/CVE-2018-20836 b/retired/CVE-2018-20836
new file mode 100644
index 00000000..8bf2734e
--- /dev/null
+++ b/retired/CVE-2018-20836
@@ -0,0 +1,12 @@
+Description: scsi: libsas: fix a race condition when smp task timeout
+References:
+Notes:
+Bugs:
+upstream: released (4.20-rc1) [b90cd6f2b905905fb42671009dc0e27c310a16ae]
+4.19-upstream-stable: released (4.19.42) [0f18e433b97bf74bb62e0caa95c61e8631967fb9]
+4.9-upstream-stable: released (4.9.175) [41b5d3eee4af6a4ea488a1735ed82e4e593eec0d]
+3.16-upstream-stable: released (3.16.72) [d5534b2998f7c7009e600d57f27f68ed45779da2]
+sid: released (5.2.6-1)
+4.19-buster-security: released (4.19.37-5+deb10u2) [bugfix/all/scsi-libsas-fix-a-race-condition-when-smp-task-timeout.patch]
+4.9-stretch-security: released (4.9.168-1+deb9u5) [bugfix/all/scsi-libsas-fix-a-race-condition-when-smp-task-timeo.patch]
+3.16-jessie-security: released (3.16.72-1)
diff --git a/retired/CVE-2018-20856 b/retired/CVE-2018-20856
new file mode 100644
index 00000000..a33161b0
--- /dev/null
+++ b/retired/CVE-2018-20856
@@ -0,0 +1,14 @@
+Description: block: blk_init_allocated_queue() set q->fq as NULL in the fail case
+References:
+Notes:
+ bwh> Introduced in Linux 3.18 by commit 7c94e1c157a2 "block: introduce
+ bwh> blk_flush_queue to drive flush machinery".
+Bugs:
+upstream: released (4.19-rc1) [54648cf1ec2d7f4b6a71767799c45676a138ca24]
+4.19-upstream-stable: N/A "Fixed before branching point"
+4.9-upstream-stable: released (4.9.189) [c19199167c87841006350cc7c0a59881416e8748]
+3.16-upstream-stable: N/A "Vulnerability introduced later"
+sid: released (4.18.8-1)
+4.19-buster-security: N/A "Fixed before branching point"
+4.9-stretch-security: released (4.9.168-1+deb9u5) [bugfix/all/block-blk_init_allocated_queue-set-q-fq-as-null-in-t.patch]
+3.16-jessie-security: N/A "Vulnerability introduced later"
diff --git a/retired/CVE-2018-20961 b/retired/CVE-2018-20961
new file mode 100644
index 00000000..987884f8
--- /dev/null
+++ b/retired/CVE-2018-20961
@@ -0,0 +1,14 @@
+Description: USB: gadget: f_midi: fixing a possible double-free in f_midi
+References:
+Notes:
+ carnil> Issue fixes ad0d1a058eac ("usb: gadget: f_midi: fix leak on
+ carnil> failed to enqueue out requests") which is in 4.4-rc5.
+Bugs:
+upstream: released (4.17-rc1) [7fafcfdf6377b18b2a726ea554d6e593ba44349f]
+4.19-upstream-stable: N/A "Fixed before branching point"
+4.9-upstream-stable: released (4.9.96) [b3b0809ac25c3ffedc58e7f83bc01a03193e7834]
+3.16-upstream-stable: N/A "Vulnerability introduced later"
+sid: released (4.16.5-1)
+4.19-buster-security: N/A "Fixed before branching point"
+4.9-stretch-security: released (4.9.107-1)
+3.16-jessie-security: N/A "Vulnerability introduced later"
diff --git a/retired/CVE-2018-5995 b/retired/CVE-2018-5995
new file mode 100644
index 00000000..66f6fa15
--- /dev/null
+++ b/retired/CVE-2018-5995
@@ -0,0 +1,22 @@
+Description: local information disclosure
+References:
+ https://github.com/johnsonwangqize/cve-linux/blob/master/CVE-2018-5995.md
+Notes:
+ bwh> The upstream fix was to obscure formatted pointer values by
+ bwh> default.  This carries a high risk of regression so I don't
+ bwh> think it should be backported.  A more targetted fix should
+ bwh> be possible.
+ carnil> 4.9 stretch-security marked as ignored for tracking given the
+ carnil> kernel log is restricted to root by default. But as 4.9.171
+ carnil> includes the fix the fix will land in a stretch point release
+ carnil> as well. So not retiring it yet to mark the fixed version
+ carnil> later on.
+Bugs:
+upstream: released (4.15-rc2) [ad67b74d2469d9b82aaa572d76474c95bc484d57]
+4.19-upstream-stable: N/A "Fixed before branch point"
+4.9-upstream-stable: released (4.9.171) [2c4ae3a694fabfc19b0fc6e65d530a7cdb542bda]
+3.16-upstream-stable: released (3.16.67) [14c2d9209a135872def8508e3f19c74f0f3fee52]
+sid: released (4.15.4-1)
+4.19-buster-security: N/A "Fixed before branching point"
+4.9-stretch-security: released (4.9.168-1+deb9u5) [bugfix/all/percpu-stop-printing-kernel-addresses.patch]
+3.16-jessie-security: released (3.16.68-1)
diff --git a/retired/CVE-2019-10207 b/retired/CVE-2019-10207
new file mode 100644
index 00000000..9ce031ae
--- /dev/null
+++ b/retired/CVE-2019-10207
@@ -0,0 +1,19 @@
+Description: bluetooth: hci_uart: 0x0 address  execution as nonprivileged user
+References:
+ https://www.openwall.com/lists/oss-security/2019/07/25/1
+ https://lore.kernel.org/linux-bluetooth/20190725120909.31235-1-vdronov@redhat.com/T/#u
+Notes:
+ bwh> For hci_ath, this was introduced in Linux 2.6.36 by commit
+ bwh> b3190df62861 "Bluetooth: Support for Atheros AR300x serial chip".
+ bwh> For hci_uart, this was introduced in Linux 4.2 by commit
+ bwh> 2a973dfada2b "Bluetooth: hci_uart: Add new line discipline
+ bwh> enhancements".
+Bugs:
+upstream: released (5.3-rc3) [b36a1552d7319bbfd5cf7f08726c23c5c66d4f73]
+4.19-upstream-stable: released (4.19.64) [56966212e23f82ced10831f7cca02f7339147428]
+4.9-upstream-stable: released (4.9.187) [58a01b0bd8ea5fddb51d4d854bb149a1a7312c12]
+3.16-upstream-stable: released (3.16.72) [ebb8302ce770e8c455d9209cb598f4cd03021e42]
+sid: released (5.2.6-1)
+4.19-buster-security: released (4.19.37-5+deb10u2) [bugfix/all/Bluetooth-hci_uart-check-for-missing-tty-operations.patch]
+4.9-stretch-security: released (4.9.168-1+deb9u5) [bugfix/all/bluetooth-hci_uart-check-for-missing-tty-operations.patch]
+3.16-jessie-security: released (3.16.72-1)
diff --git a/retired/CVE-2019-10639 b/retired/CVE-2019-10639
new file mode 100644
index 00000000..55b2d35b
--- /dev/null
+++ b/retired/CVE-2019-10639
@@ -0,0 +1,18 @@
+Description: netns: provide pure entropy for net_hash_mix()
+References:
+ https://arxiv.org/pdf/1906.10478.pdf
+Notes:
+ bwh> This is a leak of net namespace addresses, which also leaks the KASLR
+ bwh> base address since init_net is static.  It was specifically found to
+ bwh> leak through IPv4 IDs since commit b6a7719aedd7 "ipv4: hash net ptr
+ bwh> into fragmentation bucket selection" in Linux 4.1.  However, other
+ bwh> uses may also leak the address in 3.16.
+Bugs:
+upstream: released (5.1-rc4) [355b98553789b646ed97ad801a619ff898471b92]
+4.19-upstream-stable: released (4.19.35) [a1c2f3229734a4bb8d5ac008c0a67e025aa11547]
+4.9-upstream-stable: released (4.9.169) [6996763856e1fb27ccae260e41fd73a3fff56678]
+3.16-upstream-stable: released (3.16.70) [188da790e1f4d164bcfdea486e91fd47e1ba59c5]
+sid: released (4.19.37-1)
+4.19-buster-security: N/A "Fixed before branching point"
+4.9-stretch-security: released (4.9.168-1+deb9u5) [bugfix/all/inet-switch-ip-id-generator-to-siphash.patch]
+3.16-jessie-security: released (3.16.70-1)
diff --git a/retired/CVE-2019-1125 b/retired/CVE-2019-1125
new file mode 100644
index 00000000..7637b3f7
--- /dev/null
+++ b/retired/CVE-2019-1125
@@ -0,0 +1,14 @@
+Description: Spectre v1 SWAPGS, aka Grand Schemozzle
+References:
+ https://access.redhat.com/articles/4329821
+Notes:
+ bwh> Variant on Spectre v1, attacking conditional SWAPGS.
+Bugs:
+upstream: released (5.3-rc4) [18ec54fdd6d18d92025af097cd042a75cf0ea24c, a2059825986a1c8143fd6698774fa9d83733bb11, 64dbc122b20f75183d8822618c24f85144a5a94d, f36cf386e3fec258a341d446915862eded3e13d8, 4c92057661a3412f547ede95715641d7ee16ddac]
+4.19-upstream-stable: released (4.19.65) [befb822c062b4c3d93380a58d5fd479395e8b267, 23e7a7b3a75f6dd24c161bf7d1399f251bf5c109, 931b6bfe8af1069fd1a494ef6ab14509ffeacdc3, b88241aef6f1654417bb281546da316ffab57807, 7634b9cd27e8f867dd3438d262c78d4b9262497f]
+4.9-upstream-stable: released (4.9.189) [7092a21c757c35d1f924da06092dbed7c113f79a, e90ec5e2b679fd882a0f59eb1bf155d96b34b29c, 90d45f0856f3479a742ae29d5150c59116d3f34a, 6583ecced632cf7f92ff8313d9a6d168df291124, 2224e89446b6095988606ffee3c040e6a7a2c049]
+3.16-upstream-stable: released (3.16.72) [79969c78fd8622fa7e7f925acd483eb01714efa4, bba3308d5fe2c8c4605db3ea868ba57ad990d27d, e191f5119eba311b3585492174825db763eeb3b9, 822ef687a0a8e92fab6c12e3c2b5e1a5f1a97d54]
+sid: released (5.2.7-1)
+4.19-buster-security: released (4.19.37-5+deb10u2) [bugfix/x86/x86-speculation-Prepare-entry-code-for-Spectre-v1-sw.patch, bugfix/x86/x86-speculation-Enable-Spectre-v1-swapgs-mitigations.patch, bugfix/x86/x86-entry-64-Use-JMP-instead-of-JMPQ.patch, bugfix/x86/x86-speculation-swapgs-Exclude-ATOMs-from-speculatio.patch, bugfix/all/Documentation-Add-swapgs-description-to-the-Spectre-.patch]
+4.9-stretch-security: released (4.9.168-1+deb9u5) [bugfix/x86/x86-speculation-prepare-entry-code-for-spectre-v1-sw.patch, bugfix/x86/x86-speculation-enable-spectre-v1-swapgs-mitigations.patch, bugfix/x86/x86-entry-64-use-jmp-instead-of-jmpq.patch, bugfix/x86/x86-speculation-swapgs-exclude-atoms-from-speculatio.patch]
+3.16-jessie-security: released (3.16.72-1)
diff --git a/retired/CVE-2019-11599 b/retired/CVE-2019-11599
new file mode 100644
index 00000000..767f6402
--- /dev/null
+++ b/retired/CVE-2019-11599
@@ -0,0 +1,20 @@
+Description: race condition between mmget_not_zero()/get_task_mm() and core dumping
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=1696015
+ https://marc.info/?l=linux-mm&m=155355419911404&w=2
+ https://bugs.chromium.org/p/project-zero/issues/detail?id=1790
+Notes:
+ carnil> Effect of the race condition should be reproducible since
+ carnil> before commit 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, cf.
+ carnil> https://marc.info/?l=linux-mm&m=155355419911404&w=2 .
+ bwh> The backports to 4.4 and 4.9 are still under discussion.
+ bwh> The backport to 3.16 might need to be revised based on this.
+Bugs:
+upstream: released (5.1-rc6) [04f5866e41fb70690e28397487d8bd8eea7d712a]
+4.19-upstream-stable: released (4.19.37) [6ff17bc5936e5fab33de8064dc0690f6c8c789ca]
+4.9-upstream-stable: released (4.9.188) [16903f1a5ba7707c051edfdfa457620bba45e2c9]
+3.16-upstream-stable: released (3.16.66) [a301e6a651037c11d2d9932a35fb56a04eedba8c]
+sid: released (4.19.37-1)
+4.19-buster-security: N/A "Fixed before branching point"
+4.9-stretch-security: released (4.9.168-1+deb9u3) [bugfix/all/coredump-fix-race-condition-between-mmget_not_zero-get_task_mm-and-core-dumping.patch]
+3.16-jessie-security: released (3.16.68-1)
diff --git a/retired/CVE-2019-12817 b/retired/CVE-2019-12817
new file mode 100644
index 00000000..68624a94
--- /dev/null
+++ b/retired/CVE-2019-12817
@@ -0,0 +1,15 @@
+Description: powerpc: Unrelated processes may be able to read/write to each other's virtual memory
+References:
+ https://lore.kernel.org/lkml/87lfxr82ls.fsf@concordia.ellerman.id.au/
+Notes:
+ carnil> bug introduced with f384796c40dc ("powerpc/mm: Add support for
+ carnil> handling > 512TB address in SLB miss") (4.17-rc1).
+Bugs:
+upstream: released (5.2-rc7) [ca72d88378b2f2444d3ec145dd442d449d3fefbc]
+4.19-upstream-stable: released (4.19.56) [cd3e49394cb0f45c8dbf3c17c0818cd3d30b1332]
+4.9-upstream-stable: N/A "Vulnerable code introduced later"
+3.16-upstream-stable: N/A "Vulnerable code introduced later"
+sid: released (5.2.6-1)
+4.19-buster-security: released (4.19.37-5+deb10u2) [bugfix/powerpc/powerpc-mm-64s-hash-Reallocate-context-ids-on-fork.patch]
+4.9-stretch-security: N/A "Vulnerable code not present"
+3.16-jessie-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2019-13233 b/retired/CVE-2019-13233
new file mode 100644
index 00000000..31393757
--- /dev/null
+++ b/retired/CVE-2019-13233
@@ -0,0 +1,15 @@
+Description: x86/insn-eval: Fix use-after-free access to LDT entry
+References:
+ https://bugs.chromium.org/p/project-zero/issues/detail?id=1879
+Notes:
+ carnil> Introduced in 670f928ba09b ("x86/insn-eval: Add utility
+ carnil> function to get segment descriptor") first included in 4.15-rc1
+Bugs:
+upstream: released (5.2-rc4) [de9f869616dd95e95c00bdd6b0fcd3421e8a4323]
+4.19-upstream-stable: released (4.19.50) [b598ddc7b9fc87b09bdadb63abf92b4ba46cd385]
+4.9-upstream-stable: N/A "Vulnerable code introduced later"
+3.16-upstream-stable: N/A "Vulnerable code introduced later"
+sid: released (5.2.6-1)
+4.19-buster-security: released (4.19.37-5+deb10u2) [bugfix/x86/x86-insn-eval-Fix-use-after-free-access-to-LDT-entry.patch]
+4.9-stretch-security: N/A "Vulnerable code introduced later"
+3.16-jessie-security: N/A "Vulnerable code introduced later"
diff --git a/retired/CVE-2019-13631 b/retired/CVE-2019-13631
new file mode 100644
index 00000000..aa48226d
--- /dev/null
+++ b/retired/CVE-2019-13631
@@ -0,0 +1,13 @@
+Description: Input: gtco - bounds check collection indent level
+References:
+ https://patchwork.kernel.org/patch/11040813/
+Notes:
+Bugs:
+upstream: released (5.3-rc1) [2a017fd82c5402b3c8df5e3d6e5165d9e6147dc1]
+4.19-upstream-stable: released (4.19.61) [d657077eda7b5572d86f2f618391bb016b5d9a64]
+4.9-upstream-stable: released (4.9.187) [2628fa1a6d824ee1f3fe67a272a3d00ba33d23fa]
+3.16-upstream-stable: released (3.16.72) [754d0ca82fed0ad682e875bea824c348d597ca28]
+sid: released (5.2.6-1)
+4.19-buster-security: released (4.19.37-5+deb10u2) [bugfix/all/input-gtco-bounds-check-collection-indent-level.patch]
+4.9-stretch-security: released (4.9.168-1+deb9u5) [bugfix/all/input-gtco-bounds-check-collection-indent-level.patch]
+3.16-jessie-security: released (3.16.72-1)
diff --git a/retired/CVE-2019-13648 b/retired/CVE-2019-13648
new file mode 100644
index 00000000..fc9932d2
--- /dev/null
+++ b/retired/CVE-2019-13648
@@ -0,0 +1,16 @@
+Description: powerpc/tm: Fix oops on sigreturn on systems without TM
+References:
+ https://patchwork.ozlabs.org/patch/1133904/
+ https://www.openwall.com/lists/oss-security/2019/07/30/1
+Notes:
+ bwh> We have disabled CONFIG_PPC_TRANSACTIONAL_MEM in 4.9.184-1 for
+ bwh> other reasons, which I think will also fix this.
+Bugs:
+upstream: released (5.3-rc2) [f16d80b75a096c52354c6e0a574993f3b0dfbdfe]
+4.19-upstream-stable: released (4.19.63) [b993a66d8ddc1c26da0d9aa3471789cc170b28ee]
+4.9-upstream-stable: released (4.9.187) [08ee34d86c9c6a9b93c0986d7fc6e272690e8d24]
+3.16-upstream-stable: released (3.16.72) [929606ae749185c940a5476d3a0e8d8e7c9c1db6]
+sid: released (5.2.6-1)
+4.19-buster-security: released (4.19.37-5+deb10u2) [bugfix/powerpc/powerpc-tm-Fix-oops-on-sigreturn-on-systems-without-TM.patch]
+4.9-stretch-security: released (4.9.168-1+deb9u5) [bugfix/powerpc/powerpc-tm-fix-oops-on-sigreturn-on-systems-without-.patch]
+3.16-jessie-security: ignored "powerpc not supported in LTS"
diff --git a/retired/CVE-2019-14283 b/retired/CVE-2019-14283
new file mode 100644
index 00000000..882512b2
--- /dev/null
+++ b/retired/CVE-2019-14283
@@ -0,0 +1,12 @@
+Description: floppy: fix out-of-bounds read in copy_buffer
+References:
+Notes:
+Bugs:
+upstream: released (5.3-rc1) [da99466ac243f15fbba65bd261bfc75ffa1532b6]
+4.19-upstream-stable: released (4.19.61) [ff54c44f103825a426e46d08b5d3d76e44791a87]
+4.9-upstream-stable: released (4.9.187) [1fdefbb5bc70ff20ea49083c6984aae86e3ecf93]
+3.16-upstream-stable: released (3.16.72) [05429983fa0fa3bfa1b8436beb63913d9d4aad1a]
+sid: released (5.2.6-1)
+4.19-buster-security: released (4.19.37-5+deb10u2) [bugfix/all/floppy-fix-out-of-bounds-read-in-copy_buffer.patch]
+4.9-stretch-security: released (4.9.168-1+deb9u5) [bugfix/all/floppy-fix-out-of-bounds-read-in-copy_buffer.patch]
+3.16-jessie-security: released (3.16.72-1)
diff --git a/retired/CVE-2019-14284 b/retired/CVE-2019-14284
new file mode 100644
index 00000000..17cd0987
--- /dev/null
+++ b/retired/CVE-2019-14284
@@ -0,0 +1,12 @@
+Description: floppy: fix div-by-zero in setup_format_params
+References:
+Notes:
+Bugs:
+upstream: released (5.3-rc1) [f3554aeb991214cbfafd17d55e2bfddb50282e32]
+4.19-upstream-stable: released (4.19.61) [6e34fd07484a0622a17b40e0ca89ed451260ef45]
+4.9-upstream-stable: released (4.9.187) [604206cde7a6c1907f6f03d90c37505a45ef1b62]
+3.16-upstream-stable: released (3.16.72) [a36b6459cbff32a0ef228241c99d6586ca7e944c]
+sid: released (5.2.6-1)
+4.19-buster-security: released (4.19.37-5+deb10u2) [bugfix/all/floppy-fix-div-by-zero-in-setup_format_params.patch]
+4.9-stretch-security: released (4.9.168-1+deb9u5) [bugfix/all/floppy-fix-div-by-zero-in-setup_format_params.patch]
+3.16-jessie-security: released (3.16.72-1)
diff --git a/retired/CVE-2019-14763 b/retired/CVE-2019-14763
new file mode 100644
index 00000000..af0765be
--- /dev/null
+++ b/retired/CVE-2019-14763
@@ -0,0 +1,21 @@
+Description: double-locking error in drivers/usb/dwc3/gadget.c may potentially cause a deadlock with f_hid
+References:
+Notes:
+ carnil> The issue (as the CVE is bound the drivers/usb/dwc3/gadget.c)
+ carnil> might be considered as fixed already solely by c91815b59624
+ carnil> ("usb: dwc3: gadget: never call ->complete() from ->ep_queue()").
+ carnil> There is a related commit 072684e8c58d ("USB: gadget: f_hid:
+ carnil> fix deadlock in f_hidg_write()") only present in 5.1-rc3 and
+ carnil> potential backports. The assignment seems though specific to
+ carnil> c91815b59624.
+ benh> Introduced in 4.10 by commit 15b8d9332b92 "usb: dwc3: gadget:
+ benh> giveback request if we can't kick it"
+Bugs:
+upstream: released (4.17-rc1) [c91815b596245fd7da349ecc43c8def670d2269e]
+4.19-upstream-stable: N/A "Fixed before branching point"
+4.9-upstream-stable: N/A "Vulnerability introduced later"
+3.16-upstream-stable: N/A "Vulnerability introduced later"
+sid: released (4.16.5-1)
+4.19-buster-security: N/A "Fixed before branching point"
+4.9-stretch-security: N/A "Vulnerability introduced later"
+3.16-jessie-security: N/A "Vulnerability introduced later"
diff --git a/retired/CVE-2019-1999 b/retired/CVE-2019-1999
new file mode 100644
index 00000000..cde03f75
--- /dev/null
+++ b/retired/CVE-2019-1999
@@ -0,0 +1,16 @@
+Description: binder: fix race between munmap() and direct reclaim
+References:
+ https://source.android.com/security/bulletin/2019-02-01
+Notes:
+ bwh> Introduced in 4.14 by f2517eb76f1f "android: binder: Add global lru
+ bwh> shrinker to binder".  Backports of the fix to stable have incorrect
+ bwh> metadata.
+Bugs:
+upstream: released (v5.1-rc3) [5cec2d2e5839f9c0fec319c523a911e0a7fd299f]
+4.19-upstream-stable: released (4.19.38) [6bf7d3c5c0c5dad650bfc4345ed553c18b69d59e]
+4.9-upstream-stable: N/A "Vulnerable code introduced later"
+3.16-upstream-stable: N/A "Vulnerable code introduced later"
+sid: released (5.2.6-1)
+4.19-buster-security: released (4.19.37-5+deb10u2) [bugfix/all/binder-fix-race-between-munmap-and-direct-reclaim.patch]
+4.9-stretch-security: N/A "Vulnerable code introduced later"
+3.16-jessie-security: N/A "Vulnerable code introduced later"
diff --git a/retired/CVE-2019-3882 b/retired/CVE-2019-3882
new file mode 100644
index 00000000..a5f1fba9
--- /dev/null
+++ b/retired/CVE-2019-3882
@@ -0,0 +1,15 @@
+Description: DoS through vfio/type1 DMA mappings
+References:
+ https://www.openwall.com/lists/oss-security/2019/04/03/1
+ https://lore.kernel.org/lkml/155414977872.12780.13728555131525362206.stgit@gimli.home/T/#u
+ https://bugzilla.redhat.com/show_bug.cgi?id=1689426
+Notes:
+Bugs:
+upstream: released (5.1-rc4) [492855939bdb59c6f947b0b5b44af9ad82b7e38c]
+4.19-upstream-stable: released (4.19.38) [f7b467ad1be0478f0341afa8a9ac112732def088]
+4.9-upstream-stable: released (4.9.173) [4f97abd571ec3d56c50a2edfe0932059f4549afa]
+3.16-upstream-stable: released (3.16.66) [d3334471c34797ab1729cbadddd411118d51c584]
+sid: released (4.19.37-1) [bugfix/all/vfio-type1-Limit-DMA-mappings-per-container.patch]
+4.19-buster-security: N/A "Fixed before branching point"
+4.9-stretch-security: released (4.9.168-1+deb9u5) [bugfix/all/vfio-type1-limit-dma-mappings-per-container.patch]
+3.16-jessie-security: released (3.16.68-1)