diff options
Diffstat (limited to 'ignored')
-rw-r--r-- | ignored/CVE-2018-12929 | 19 | ||||
-rw-r--r-- | ignored/CVE-2018-12930 | 20 | ||||
-rw-r--r-- | ignored/CVE-2018-12931 | 20 | ||||
-rw-r--r-- | ignored/CVE-2022-41848 | 15 | ||||
-rw-r--r-- | ignored/CVE-2022-44032 | 16 | ||||
-rw-r--r-- | ignored/CVE-2022-44033 | 16 | ||||
-rw-r--r-- | ignored/CVE-2022-45884 | 16 | ||||
-rw-r--r-- | ignored/CVE-2022-45885 | 16 |
8 files changed, 138 insertions, 0 deletions
diff --git a/ignored/CVE-2018-12929 b/ignored/CVE-2018-12929 new file mode 100644 index 00000000..cf4d4f64 --- /dev/null +++ b/ignored/CVE-2018-12929 @@ -0,0 +1,19 @@ +Description: use-after-free in ntfs_read_locked_inode() +References: +Notes: + carnil> Upload for Debian disables NTFS_FS and marks it as BROKEN + jmm> Setting as ignored for upstream since dead/unmaintained and + jmm> ignored for all suites where it's marked as BROKEN +Bugs: +upstream: ignored +6.1-upstream-stable: ignored +5.10-upstream-stable: ignored +4.19-upstream-stable: ignored +4.9-upstream-stable: ignored "EOL" +3.16-upstream-stable: ignored "ntfs is not supportable" +sid: released (4.19.37-1) [debian/ntfs-mark-it-as-broken.patch] +6.1-bookworm-security: N/A "Fixed before branch point" +5.10-bullseye-security: N/A "Fixed before branching point" +4.19-buster-security: N/A "Fixed before branching point" +4.9-stretch-security: ignored "EOL" +3.16-jessie-security: ignored "ntfs is not supportable" diff --git a/ignored/CVE-2018-12930 b/ignored/CVE-2018-12930 new file mode 100644 index 00000000..46a79bab --- /dev/null +++ b/ignored/CVE-2018-12930 @@ -0,0 +1,20 @@ +Description: out-of-bounds-write in ntfs_end_buffer_async_read() +References: +Notes: + jmm> Red Hat fixed that in RHSA-2019:0641 + carnil> Upload for Debian disables NTFS_FS and marks it as BROKEN + jmm> Setting as ignored for upstream since dead/unmaintained and + jmm> ignored for all suites where it's marked as BROKEN +Bugs: +upstream: ignored +6.1-upstream-stable: ignored +5.10-upstream-stable: ignored +4.19-upstream-stable: ignored +4.9-upstream-stable: ignored "EOL" +3.16-upstream-stable: ignored "ntfs is not supportable" +sid: released (4.19.37-1) [debian/ntfs-mark-it-as-broken.patch] +6.1-bookworm-security: N/A "Fixed before branch point" +5.10-bullseye-security: N/A "Fixed before branching point" +4.19-buster-security: N/A "Fixed before branching point" +4.9-stretch-security: ignored "EOL" +3.16-jessie-security: ignored "ntfs is not supportable" diff --git a/ignored/CVE-2018-12931 b/ignored/CVE-2018-12931 new file mode 100644 index 00000000..73648271 --- /dev/null +++ b/ignored/CVE-2018-12931 @@ -0,0 +1,20 @@ +Description: out-of-bounds write in ntfs_attr_find() +References: +Notes: + jmm> Red Hat fixed that in RHSA-2019:0641 + carnil> Upload for Debian disables NTFS_FS and marks it as BROKEN + jmm> Setting as ignored for upstream since dead/unmaintained and + jmm> ignored for all suites where it's marked as BROKEN +Bugs: +upstream: ignored +6.1-upstream-stable: ignored +5.10-upstream-stable: ignored +4.19-upstream-stable: ignored +4.9-upstream-stable: ignored "EOL" +3.16-upstream-stable: ignored "ntfs is not supportable" +sid: released (4.19.37-1) [debian/ntfs-mark-it-as-broken.patch] +6.1-bookworm-security: N/A "Fixed before branch point" +5.10-bullseye-security: N/A "Fixed before branching point" +4.19-buster-security: N/A "Fixed before branching point" +4.9-stretch-security: ignored "EOL" +3.16-jessie-security: ignored "ntfs is not supportable" diff --git a/ignored/CVE-2022-41848 b/ignored/CVE-2022-41848 new file mode 100644 index 00000000..ecdb6a6c --- /dev/null +++ b/ignored/CVE-2022-41848 @@ -0,0 +1,15 @@ +Description: char: pcmcia: synclink_cs: Fix use-after-free in mgslpc_ops +References: + https://lore.kernel.org/lkml/20220919040251.GA302541@ubuntu/T/#rc85e751f467b3e6f9ccef92cfa7fb8a6cc50c270 +Notes: + carnil> Negligible security impact, would need physical access to + carnil> "exploit" +Bugs: +upstream: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway" +6.1-upstream-stable: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway" +5.10-upstream-stable: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway" +4.19-upstream-stable: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway" +sid: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway" +6.1-bookworm-security: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway" +5.10-bullseye-security: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway" +4.19-buster-security: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway" diff --git a/ignored/CVE-2022-44032 b/ignored/CVE-2022-44032 new file mode 100644 index 00000000..0a5b4ee8 --- /dev/null +++ b/ignored/CVE-2022-44032 @@ -0,0 +1,16 @@ +Description: char: pcmcia: cm4000_cs: Fix use-after-free in cm4000_fops +References: + https://lore.kernel.org/lkml/20220915020834.GA110086@ubuntu/ + https://lore.kernel.org/lkml/20220919040701.GA302806@ubuntu/ +Notes: + carnil> Negligible security impact, would need physical access to + carnil> "exploit" +Bugs: +upstream: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway" +6.1-upstream-stable: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway" +5.10-upstream-stable: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway" +4.19-upstream-stable: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway" +sid: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway" +6.1-bookworm-security: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway" +5.10-bullseye-security: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway" +4.19-buster-security: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway" diff --git a/ignored/CVE-2022-44033 b/ignored/CVE-2022-44033 new file mode 100644 index 00000000..fd8d99da --- /dev/null +++ b/ignored/CVE-2022-44033 @@ -0,0 +1,16 @@ +Description: char: pcmcia: cm4040_cs: Fix use-after-free in reader_fops +References: + https://lore.kernel.org/lkml/20220915020834.GA110086@ubuntu/ + https://lore.kernel.org/lkml/20220919040457.GA302681@ubuntu/ +Notes: + carnil> Negligible security impact, would need physical access to + carnil> "exploit" +Bugs: +upstream: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway" +6.1-upstream-stable: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway" +5.10-upstream-stable: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway" +4.19-upstream-stable: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway" +sid: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway" +6.1-bookworm-security: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway" +5.10-bullseye-security: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway" +4.19-buster-security: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway" diff --git a/ignored/CVE-2022-45884 b/ignored/CVE-2022-45884 new file mode 100644 index 00000000..ad9d2013 --- /dev/null +++ b/ignored/CVE-2022-45884 @@ -0,0 +1,16 @@ +Description: media: dvb-core: Fix use-after-free due to race condition occurring in dvb_register_device() +References: + https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel@gmail.com/ + https://lore.kernel.org/linux-media/20221115131822.6640-4-imv4bel@gmail.com/ +Notes: + carnil> Negligible security impact, would need physical access to + carnil> "exploit" +Bugs: +upstream: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway" +6.1-upstream-stable: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway" +5.10-upstream-stable: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway" +4.19-upstream-stable: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway" +sid: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway" +6.1-bookworm-security: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway" +5.10-bullseye-security: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway" +4.19-buster-security: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway" diff --git a/ignored/CVE-2022-45885 b/ignored/CVE-2022-45885 new file mode 100644 index 00000000..5980995f --- /dev/null +++ b/ignored/CVE-2022-45885 @@ -0,0 +1,16 @@ +Description: media: dvb-core: Fix use-after-free due to race condition occurring in dvb_frontend +References: + https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel@gmail.com/ + https://lore.kernel.org/linux-media/20221115131822.6640-2-imv4bel@gmail.com/ +Notes: + carnil> Negligible security impact, would need physical access to + carnil> "exploit" +Bugs: +upstream: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway" +6.1-upstream-stable: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway" +5.10-upstream-stable: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway" +4.19-upstream-stable: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway" +sid: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway" +6.1-bookworm-security: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway" +5.10-bullseye-security: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway" +4.19-buster-security: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway" |