From daeccae1e35ae6bbdc26361815a94b626ba51ece Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Mon, 6 Apr 2020 21:39:50 +0200
Subject: Retire three CVEs

---
 active/CVE-2019-19769  | 15 ---------------
 active/CVE-2020-8834   | 18 ------------------
 active/CVE-2020-9391   | 16 ----------------
 retired/CVE-2019-19769 | 15 +++++++++++++++
 retired/CVE-2020-8834  | 18 ++++++++++++++++++
 retired/CVE-2020-9391  | 16 ++++++++++++++++
 6 files changed, 49 insertions(+), 49 deletions(-)
 delete mode 100644 active/CVE-2019-19769
 delete mode 100644 active/CVE-2020-8834
 delete mode 100644 active/CVE-2020-9391
 create mode 100644 retired/CVE-2019-19769
 create mode 100644 retired/CVE-2020-8834
 create mode 100644 retired/CVE-2020-9391

diff --git a/active/CVE-2019-19769 b/active/CVE-2019-19769
deleted file mode 100644
index 5a5bc743..00000000
--- a/active/CVE-2019-19769
+++ /dev/null
@@ -1,15 +0,0 @@
-Description: perf_trace_lock_acquire use-after-free
-References:
- https://bugzilla.kernel.org/show_bug.cgi?id=205705
-Notes:
- carnil> Introduced in 5.0-rc1 with 16306a61d3b7 ("fs/locks: always
- carnil> delete_block after waiting.")
-Bugs:
-upstream: released (5.6-rc5) [6d390e4b5d48ec03bb87e63cf0a2bff5f4e116da]
-4.19-upstream-stable: N/A "Vulnerable code not present"
-4.9-upstream-stable: N/A "Vulnerable code not present"
-3.16-upstream-stable: N/A "Vulnerable code not present"
-sid: released (5.5.13-1)
-4.19-buster-security: N/A "Vulnerable code not present"
-4.9-stretch-security: N/A "Vulnerable code not present"
-3.16-jessie-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2020-8834 b/active/CVE-2020-8834
deleted file mode 100644
index 88266bcd..00000000
--- a/active/CVE-2020-8834
+++ /dev/null
@@ -1,18 +0,0 @@
-Description: Linux kernel Power8 conflicting use of HSTATE_HOST_R1 vulnerability
-References:
- https://www.openwall.com/lists/oss-security/2020/04/06/2
- https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1867717
-Notes:
- carnil> Introduced by f024ee098476 ("KVM: PPC: Book3S HV: Pull out TM
- carnil> state save/restore into separate procedures") in 4.8-rc1 and
- carnil> 87a11bb6a7f7 ("KVM: PPC: Book3S HV: Work around XER[SO] bug in
- carnil> fake suspend mode") in 4.17-rc1.
-Bugs:
-upstream: released (4.18-rc1) [6f597c6b63b6f3675914b5ec8fcd008a58678650, 7b0e827c6970e8ca77c60ae87592204c39e41245, 009c872a8bc4d38f487a9bd62423d019e4322517]
-4.19-upstream-stable: N/A "Fixed before branching point"
-4.9-upstream-stable: N/A "Vulnerable code not present"
-3.16-upstream-stable: N/A "Vulnerable code not present"
-sid: released (4.18.6-1)
-4.19-buster-security: N/A "Vulnerable code not present"
-4.9-stretch-security: N/A "Vulnerable code not present"
-3.16-jessie-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2020-9391 b/active/CVE-2020-9391
deleted file mode 100644
index 500666ce..00000000
--- a/active/CVE-2020-9391
+++ /dev/null
@@ -1,16 +0,0 @@
-Description: mm: Avoid creating virtual address aliases in brk()/mmap()/mremap()
-References:
- https://bugzilla.redhat.com/show_bug.cgi?id=1797052
- https://www.openwall.com/lists/oss-security/2020/02/25/6
-Notes:
- carnil> Introduced in ce18d171cb73 ("mm: untag user pointers in
- carnil> mmap/munmap/mremap/brk") in 5.4-rc1.
-Bugs:
-upstream: released (5.6-rc3) [dcde237319e626d1ec3c9d8b7613032f0fd4663a]
-4.19-upstream-stable: N/A "Vulnerable code not present"
-4.9-upstream-stable: N/A "Vulnerable code not present"
-3.16-upstream-stable: N/A "Vulnerable code not present"
-sid: released (5.5.13-1)
-4.19-buster-security: N/A "Vulnerable code not present"
-4.9-stretch-security: N/A "Vulnerable code not present"
-3.16-jessie-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2019-19769 b/retired/CVE-2019-19769
new file mode 100644
index 00000000..5a5bc743
--- /dev/null
+++ b/retired/CVE-2019-19769
@@ -0,0 +1,15 @@
+Description: perf_trace_lock_acquire use-after-free
+References:
+ https://bugzilla.kernel.org/show_bug.cgi?id=205705
+Notes:
+ carnil> Introduced in 5.0-rc1 with 16306a61d3b7 ("fs/locks: always
+ carnil> delete_block after waiting.")
+Bugs:
+upstream: released (5.6-rc5) [6d390e4b5d48ec03bb87e63cf0a2bff5f4e116da]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+4.9-upstream-stable: N/A "Vulnerable code not present"
+3.16-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.5.13-1)
+4.19-buster-security: N/A "Vulnerable code not present"
+4.9-stretch-security: N/A "Vulnerable code not present"
+3.16-jessie-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2020-8834 b/retired/CVE-2020-8834
new file mode 100644
index 00000000..88266bcd
--- /dev/null
+++ b/retired/CVE-2020-8834
@@ -0,0 +1,18 @@
+Description: Linux kernel Power8 conflicting use of HSTATE_HOST_R1 vulnerability
+References:
+ https://www.openwall.com/lists/oss-security/2020/04/06/2
+ https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1867717
+Notes:
+ carnil> Introduced by f024ee098476 ("KVM: PPC: Book3S HV: Pull out TM
+ carnil> state save/restore into separate procedures") in 4.8-rc1 and
+ carnil> 87a11bb6a7f7 ("KVM: PPC: Book3S HV: Work around XER[SO] bug in
+ carnil> fake suspend mode") in 4.17-rc1.
+Bugs:
+upstream: released (4.18-rc1) [6f597c6b63b6f3675914b5ec8fcd008a58678650, 7b0e827c6970e8ca77c60ae87592204c39e41245, 009c872a8bc4d38f487a9bd62423d019e4322517]
+4.19-upstream-stable: N/A "Fixed before branching point"
+4.9-upstream-stable: N/A "Vulnerable code not present"
+3.16-upstream-stable: N/A "Vulnerable code not present"
+sid: released (4.18.6-1)
+4.19-buster-security: N/A "Vulnerable code not present"
+4.9-stretch-security: N/A "Vulnerable code not present"
+3.16-jessie-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2020-9391 b/retired/CVE-2020-9391
new file mode 100644
index 00000000..500666ce
--- /dev/null
+++ b/retired/CVE-2020-9391
@@ -0,0 +1,16 @@
+Description: mm: Avoid creating virtual address aliases in brk()/mmap()/mremap()
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=1797052
+ https://www.openwall.com/lists/oss-security/2020/02/25/6
+Notes:
+ carnil> Introduced in ce18d171cb73 ("mm: untag user pointers in
+ carnil> mmap/munmap/mremap/brk") in 5.4-rc1.
+Bugs:
+upstream: released (5.6-rc3) [dcde237319e626d1ec3c9d8b7613032f0fd4663a]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+4.9-upstream-stable: N/A "Vulnerable code not present"
+3.16-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.5.13-1)
+4.19-buster-security: N/A "Vulnerable code not present"
+4.9-stretch-security: N/A "Vulnerable code not present"
+3.16-jessie-security: N/A "Vulnerable code not present"
-- 
cgit v1.2.3