From 0c7be6e4fa8f6d7cd54584972154739f8ce6c15e Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Sun, 29 Mar 2020 21:07:17 +0200 Subject: Retire two CVEs --- active/CVE-2019-19050 | 15 --------------- active/CVE-2019-19252 | 18 ------------------ retired/CVE-2019-19050 | 15 +++++++++++++++ retired/CVE-2019-19252 | 18 ++++++++++++++++++ 4 files changed, 33 insertions(+), 33 deletions(-) delete mode 100644 active/CVE-2019-19050 delete mode 100644 active/CVE-2019-19252 create mode 100644 retired/CVE-2019-19050 create mode 100644 retired/CVE-2019-19252 diff --git a/active/CVE-2019-19050 b/active/CVE-2019-19050 deleted file mode 100644 index 9bf250e6..00000000 --- a/active/CVE-2019-19050 +++ /dev/null @@ -1,15 +0,0 @@ -Description: crypto: user - fix memory leak in crypto_reportstat -References: - https://github.com/torvalds/linux/commit/c03b04dcdba1da39903e23cc4d072abf8f68f2dd -Notes: - bwh> Introduced in 4.20 by commit cac5818c25d0 "crypto: user - Implement a - bwh> generic crypto statistics". -Bugs: -upstream: released (5.5-rc1) [c03b04dcdba1da39903e23cc4d072abf8f68f2dd] -4.19-upstream-stable: N/A "Vulnerable code not present" -4.9-upstream-stable: N/A "Vulnerable code not present" -3.16-upstream-stable: N/A "Vulnerable code not present" -sid: released (5.4.6-1) -4.19-buster-security: N/A "Vulnerable code not present" -4.9-stretch-security: N/A "Vulnerable code not present" -3.16-jessie-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2019-19252 b/active/CVE-2019-19252 deleted file mode 100644 index 026090db..00000000 --- a/active/CVE-2019-19252 +++ /dev/null @@ -1,18 +0,0 @@ -Description: vt: heap OOB read/write in vcs_scr_readw -References: - https://lore.kernel.org/lkml/c30fc539-68a8-65d7-226c-6f8e6fd8bdfb@suse.com/ - https://lore.kernel.org/lkml/nycvar.YSQ.7.76.1911051030580.30289@knanqh.ubzr/ -Notes: - bwh> Fix appears to be commit 0c9acb1af77a "vcs: prevent write access to - bwh> vcsu devices", which blames commit d21b0be246bf "vt: introduce unicode - bwh> mode for /dev/vcs" from 4.19. - carnil> Fixed as well in 5.4.3, 5.3.16 already. -Bugs: -upstream: released (5.5-rc1) [0c9acb1af77a3cb8707e43f45b72c95266903cee] -4.19-upstream-stable: released (4.19.89) [627f3b9e4dd812dac9d93e578af80de751e704a4] -4.9-upstream-stable: N/A "Vulnerability introduced later" -3.16-upstream-stable: N/A "Vulnerability introduced later" -sid: released (5.4.6-1) -4.19-buster-security: released (4.19.98-1) -4.9-stretch-security: N/A "Vulnerability introduced later" -3.16-jessie-security: N/A "Vulnerability introduced later" diff --git a/retired/CVE-2019-19050 b/retired/CVE-2019-19050 new file mode 100644 index 00000000..9bf250e6 --- /dev/null +++ b/retired/CVE-2019-19050 @@ -0,0 +1,15 @@ +Description: crypto: user - fix memory leak in crypto_reportstat +References: + https://github.com/torvalds/linux/commit/c03b04dcdba1da39903e23cc4d072abf8f68f2dd +Notes: + bwh> Introduced in 4.20 by commit cac5818c25d0 "crypto: user - Implement a + bwh> generic crypto statistics". +Bugs: +upstream: released (5.5-rc1) [c03b04dcdba1da39903e23cc4d072abf8f68f2dd] +4.19-upstream-stable: N/A "Vulnerable code not present" +4.9-upstream-stable: N/A "Vulnerable code not present" +3.16-upstream-stable: N/A "Vulnerable code not present" +sid: released (5.4.6-1) +4.19-buster-security: N/A "Vulnerable code not present" +4.9-stretch-security: N/A "Vulnerable code not present" +3.16-jessie-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2019-19252 b/retired/CVE-2019-19252 new file mode 100644 index 00000000..026090db --- /dev/null +++ b/retired/CVE-2019-19252 @@ -0,0 +1,18 @@ +Description: vt: heap OOB read/write in vcs_scr_readw +References: + https://lore.kernel.org/lkml/c30fc539-68a8-65d7-226c-6f8e6fd8bdfb@suse.com/ + https://lore.kernel.org/lkml/nycvar.YSQ.7.76.1911051030580.30289@knanqh.ubzr/ +Notes: + bwh> Fix appears to be commit 0c9acb1af77a "vcs: prevent write access to + bwh> vcsu devices", which blames commit d21b0be246bf "vt: introduce unicode + bwh> mode for /dev/vcs" from 4.19. + carnil> Fixed as well in 5.4.3, 5.3.16 already. +Bugs: +upstream: released (5.5-rc1) [0c9acb1af77a3cb8707e43f45b72c95266903cee] +4.19-upstream-stable: released (4.19.89) [627f3b9e4dd812dac9d93e578af80de751e704a4] +4.9-upstream-stable: N/A "Vulnerability introduced later" +3.16-upstream-stable: N/A "Vulnerability introduced later" +sid: released (5.4.6-1) +4.19-buster-security: released (4.19.98-1) +4.9-stretch-security: N/A "Vulnerability introduced later" +3.16-jessie-security: N/A "Vulnerability introduced later" -- cgit v1.2.3