From 4fccb24643e5f149c5fd2669c98efaba1565bb0f Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Thu, 6 Jan 2022 06:27:52 +0100
Subject: Retire some CVEs

---
 active/CVE-2021-39633  | 15 ---------------
 active/CVE-2021-39634  | 13 -------------
 active/CVE-2021-45485  | 13 -------------
 active/CVE-2021-45486  | 13 -------------
 retired/CVE-2021-39633 | 15 +++++++++++++++
 retired/CVE-2021-39634 | 13 +++++++++++++
 retired/CVE-2021-45485 | 13 +++++++++++++
 retired/CVE-2021-45486 | 13 +++++++++++++
 8 files changed, 54 insertions(+), 54 deletions(-)
 delete mode 100644 active/CVE-2021-39633
 delete mode 100644 active/CVE-2021-39634
 delete mode 100644 active/CVE-2021-45485
 delete mode 100644 active/CVE-2021-45486
 create mode 100644 retired/CVE-2021-39633
 create mode 100644 retired/CVE-2021-39634
 create mode 100644 retired/CVE-2021-45485
 create mode 100644 retired/CVE-2021-45486

diff --git a/active/CVE-2021-39633 b/active/CVE-2021-39633
deleted file mode 100644
index 34e38240..00000000
--- a/active/CVE-2021-39633
+++ /dev/null
@@ -1,15 +0,0 @@
-Description: ip_gre: add validation for csum_start
-References:
- https://source.android.com/security/bulletin/2022-01-01
-Notes:
- carnil> Commit fixes c54419321455 ("GRE: Refactor GRE tunneling code.")
- carnil> in 3.10-rc1.
-Bugs:
-upstream: released (5.14) [1d011c4803c72f3907eccfc1ec63caefb852fcbf]
-5.10-upstream-stable: released (5.10.62) [fb45459d9ddb1edd4a8b087bafe875707753cb10]
-4.19-upstream-stable: released (4.19.206) [c33471daf2763c5aee2b7926202c74b75c365119]
-4.9-upstream-stable: released (4.9.282) [41d5dfa408130433cc5f037ad89bed854bf936f7]
-sid: released (5.14.6-1)
-5.10-bullseye-security: released (5.10.70-1)
-4.19-buster-security: released (4.19.208-1)
-4.9-stretch-security: released (4.9.290-1)
diff --git a/active/CVE-2021-39634 b/active/CVE-2021-39634
deleted file mode 100644
index f5913a7c..00000000
--- a/active/CVE-2021-39634
+++ /dev/null
@@ -1,13 +0,0 @@
-Description: epoll: do not insert into poll queues until all sanity checks are done
-References:
- https://source.android.com/security/bulletin/2022-01-01
-Notes:
-Bugs:
-upstream: released (5.9-rc8) [f8d4f44df056c5b504b0d49683fb7279218fd207]
-5.10-upstream-stable: N/A "Fixed before branching point"
-4.19-upstream-stable: released (4.19.150) [3e3bbc4d23eeb90bf282e98c7dfeca7702df3169]
-4.9-upstream-stable: released (4.9.239) [ea984dfe0e7978cd294eb6a640ac27fa1834ac8d]
-sid: released (5.8.14-1)
-5.10-bullseye-security: N/A "Fixed before branching point"
-4.19-buster-security: released (4.19.152-1)
-4.9-stretch-security: released (4.9.240-1)
diff --git a/active/CVE-2021-45485 b/active/CVE-2021-45485
deleted file mode 100644
index 9929d26d..00000000
--- a/active/CVE-2021-45485
+++ /dev/null
@@ -1,13 +0,0 @@
-Description: ipv6: use prandom_u32() for ID generation
-References:
- https://arxiv.org/pdf/2112.09604.pdf
-Notes:
-Bugs:
-upstream: released (5.14-rc1) [62f20e068ccc50d6ab66fdb72ba90da2b9418c99]
-5.10-upstream-stable: released (5.10.51) [8f939b79579715b195dc3ad36669707fce6853ee]
-4.19-upstream-stable: released (4.19.198) [f0be58ec9931907e980cf21737e51d369808eb95]
-4.9-upstream-stable: released (4.9.276) [3fc852e59c0a48094cc0f1b2e866604986bbcd31]
-sid: released (5.14.6-1)
-5.10-bullseye-security: released (5.10.70-1)
-4.19-buster-security: released (4.19.208-1)
-4.9-stretch-security: released (4.9.290-1)
diff --git a/active/CVE-2021-45486 b/active/CVE-2021-45486
deleted file mode 100644
index c18deb1f..00000000
--- a/active/CVE-2021-45486
+++ /dev/null
@@ -1,13 +0,0 @@
-Description: inet: use bigger hash table for IP ID generation
-References:
- https://arxiv.org/pdf/2112.09604.pdf
-Notes:
-Bugs:
-upstream: released (5.13-rc1) [aa6dd211e4b1dde9d5dc25d699d35f789ae7eeba]
-5.10-upstream-stable: released (5.10.37) [a273c27d7255fc527023edeb528386d1b64bedf5]
-4.19-upstream-stable: released (4.19.196) [7f7e23df8509e072593200400a4b094cc44376d2]
-4.9-upstream-stable: released (4.9.274) [0889f0a3bb2de535f48424491d8f9d5954a3cde8]
-sid: released (5.10.38-1)
-5.10-bullseye-security: N/A "Fixed before branching point"
-4.19-buster-security: released (4.19.208-1)
-4.9-stretch-security: released (4.9.290-1)
diff --git a/retired/CVE-2021-39633 b/retired/CVE-2021-39633
new file mode 100644
index 00000000..34e38240
--- /dev/null
+++ b/retired/CVE-2021-39633
@@ -0,0 +1,15 @@
+Description: ip_gre: add validation for csum_start
+References:
+ https://source.android.com/security/bulletin/2022-01-01
+Notes:
+ carnil> Commit fixes c54419321455 ("GRE: Refactor GRE tunneling code.")
+ carnil> in 3.10-rc1.
+Bugs:
+upstream: released (5.14) [1d011c4803c72f3907eccfc1ec63caefb852fcbf]
+5.10-upstream-stable: released (5.10.62) [fb45459d9ddb1edd4a8b087bafe875707753cb10]
+4.19-upstream-stable: released (4.19.206) [c33471daf2763c5aee2b7926202c74b75c365119]
+4.9-upstream-stable: released (4.9.282) [41d5dfa408130433cc5f037ad89bed854bf936f7]
+sid: released (5.14.6-1)
+5.10-bullseye-security: released (5.10.70-1)
+4.19-buster-security: released (4.19.208-1)
+4.9-stretch-security: released (4.9.290-1)
diff --git a/retired/CVE-2021-39634 b/retired/CVE-2021-39634
new file mode 100644
index 00000000..f5913a7c
--- /dev/null
+++ b/retired/CVE-2021-39634
@@ -0,0 +1,13 @@
+Description: epoll: do not insert into poll queues until all sanity checks are done
+References:
+ https://source.android.com/security/bulletin/2022-01-01
+Notes:
+Bugs:
+upstream: released (5.9-rc8) [f8d4f44df056c5b504b0d49683fb7279218fd207]
+5.10-upstream-stable: N/A "Fixed before branching point"
+4.19-upstream-stable: released (4.19.150) [3e3bbc4d23eeb90bf282e98c7dfeca7702df3169]
+4.9-upstream-stable: released (4.9.239) [ea984dfe0e7978cd294eb6a640ac27fa1834ac8d]
+sid: released (5.8.14-1)
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.152-1)
+4.9-stretch-security: released (4.9.240-1)
diff --git a/retired/CVE-2021-45485 b/retired/CVE-2021-45485
new file mode 100644
index 00000000..9929d26d
--- /dev/null
+++ b/retired/CVE-2021-45485
@@ -0,0 +1,13 @@
+Description: ipv6: use prandom_u32() for ID generation
+References:
+ https://arxiv.org/pdf/2112.09604.pdf
+Notes:
+Bugs:
+upstream: released (5.14-rc1) [62f20e068ccc50d6ab66fdb72ba90da2b9418c99]
+5.10-upstream-stable: released (5.10.51) [8f939b79579715b195dc3ad36669707fce6853ee]
+4.19-upstream-stable: released (4.19.198) [f0be58ec9931907e980cf21737e51d369808eb95]
+4.9-upstream-stable: released (4.9.276) [3fc852e59c0a48094cc0f1b2e866604986bbcd31]
+sid: released (5.14.6-1)
+5.10-bullseye-security: released (5.10.70-1)
+4.19-buster-security: released (4.19.208-1)
+4.9-stretch-security: released (4.9.290-1)
diff --git a/retired/CVE-2021-45486 b/retired/CVE-2021-45486
new file mode 100644
index 00000000..c18deb1f
--- /dev/null
+++ b/retired/CVE-2021-45486
@@ -0,0 +1,13 @@
+Description: inet: use bigger hash table for IP ID generation
+References:
+ https://arxiv.org/pdf/2112.09604.pdf
+Notes:
+Bugs:
+upstream: released (5.13-rc1) [aa6dd211e4b1dde9d5dc25d699d35f789ae7eeba]
+5.10-upstream-stable: released (5.10.37) [a273c27d7255fc527023edeb528386d1b64bedf5]
+4.19-upstream-stable: released (4.19.196) [7f7e23df8509e072593200400a4b094cc44376d2]
+4.9-upstream-stable: released (4.9.274) [0889f0a3bb2de535f48424491d8f9d5954a3cde8]
+sid: released (5.10.38-1)
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.208-1)
+4.9-stretch-security: released (4.9.290-1)
-- 
cgit v1.2.3