From d56fcca280daea7ccc4e7f0cd2f5e3237f6ac024 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Tue, 13 Oct 2020 19:48:56 +0200
Subject: Add CVE-2020-16119

---
 active/CVE-2020-16119 | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
 create mode 100644 active/CVE-2020-16119

diff --git a/active/CVE-2020-16119 b/active/CVE-2020-16119
new file mode 100644
index 00000000..daf316d1
--- /dev/null
+++ b/active/CVE-2020-16119
@@ -0,0 +1,15 @@
+Description: net: dccp: fix structure use-after-free
+References:
+ https://www.openwall.com/lists/oss-security/2020/10/13/7
+ https://lore.kernel.org/netdev/20201013171849.236025-1-kleber.souza@canonical.com/T/
+Notes:
+ carnil> Introduced with 2677d2067731 ("dccp: don't free
+ carnil> ccid2_hc_tx_sock struct in dccp_disconnect()") in 4.17-rc7 (and
+ carnil> backported as well to various stable series as e.g. 4.9.108).
+Bugs:
+upstream: needed
+4.19-upstream-stable: needed
+4.9-upstream-stable: needed
+sid: needed
+4.19-buster-security: needed
+4.9-stretch-security: needed
-- 
cgit v1.2.3