From dd00de3cd86106ffb41991f336f5297af13115b7 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Wed, 15 Dec 2021 08:07:22 +0100
Subject: Retire several CVEs

---
 active/CVE-2020-16119  | 17 -----------------
 active/CVE-2020-3702   | 15 ---------------
 active/CVE-2021-0920   | 13 -------------
 active/CVE-2021-1048   | 13 -------------
 active/CVE-2021-3612   | 19 -------------------
 active/CVE-2021-3653   | 13 -------------
 active/CVE-2021-3655   | 14 --------------
 active/CVE-2021-3679   | 13 -------------
 active/CVE-2021-37159  | 25 -------------------------
 active/CVE-2021-3732   | 13 -------------
 active/CVE-2021-3753   | 13 -------------
 active/CVE-2021-38160  | 12 ------------
 active/CVE-2021-38204  | 13 -------------
 active/CVE-2021-38205  | 13 -------------
 active/CVE-2021-40490  | 14 --------------
 active/CVE-2021-4090   | 16 ----------------
 active/CVE-2021-4093   | 15 ---------------
 active/CVE-2021-42008  | 12 ------------
 retired/CVE-2020-16119 | 17 +++++++++++++++++
 retired/CVE-2020-3702  | 15 +++++++++++++++
 retired/CVE-2021-0920  | 13 +++++++++++++
 retired/CVE-2021-1048  | 13 +++++++++++++
 retired/CVE-2021-3612  | 19 +++++++++++++++++++
 retired/CVE-2021-3653  | 13 +++++++++++++
 retired/CVE-2021-3655  | 14 ++++++++++++++
 retired/CVE-2021-3679  | 13 +++++++++++++
 retired/CVE-2021-37159 | 25 +++++++++++++++++++++++++
 retired/CVE-2021-3732  | 13 +++++++++++++
 retired/CVE-2021-3753  | 13 +++++++++++++
 retired/CVE-2021-38160 | 12 ++++++++++++
 retired/CVE-2021-38204 | 13 +++++++++++++
 retired/CVE-2021-38205 | 13 +++++++++++++
 retired/CVE-2021-40490 | 14 ++++++++++++++
 retired/CVE-2021-4090  | 16 ++++++++++++++++
 retired/CVE-2021-4093  | 15 +++++++++++++++
 retired/CVE-2021-42008 | 12 ++++++++++++
 36 files changed, 263 insertions(+), 263 deletions(-)
 delete mode 100644 active/CVE-2020-16119
 delete mode 100644 active/CVE-2020-3702
 delete mode 100644 active/CVE-2021-0920
 delete mode 100644 active/CVE-2021-1048
 delete mode 100644 active/CVE-2021-3612
 delete mode 100644 active/CVE-2021-3653
 delete mode 100644 active/CVE-2021-3655
 delete mode 100644 active/CVE-2021-3679
 delete mode 100644 active/CVE-2021-37159
 delete mode 100644 active/CVE-2021-3732
 delete mode 100644 active/CVE-2021-3753
 delete mode 100644 active/CVE-2021-38160
 delete mode 100644 active/CVE-2021-38204
 delete mode 100644 active/CVE-2021-38205
 delete mode 100644 active/CVE-2021-40490
 delete mode 100644 active/CVE-2021-4090
 delete mode 100644 active/CVE-2021-4093
 delete mode 100644 active/CVE-2021-42008
 create mode 100644 retired/CVE-2020-16119
 create mode 100644 retired/CVE-2020-3702
 create mode 100644 retired/CVE-2021-0920
 create mode 100644 retired/CVE-2021-1048
 create mode 100644 retired/CVE-2021-3612
 create mode 100644 retired/CVE-2021-3653
 create mode 100644 retired/CVE-2021-3655
 create mode 100644 retired/CVE-2021-3679
 create mode 100644 retired/CVE-2021-37159
 create mode 100644 retired/CVE-2021-3732
 create mode 100644 retired/CVE-2021-3753
 create mode 100644 retired/CVE-2021-38160
 create mode 100644 retired/CVE-2021-38204
 create mode 100644 retired/CVE-2021-38205
 create mode 100644 retired/CVE-2021-40490
 create mode 100644 retired/CVE-2021-4090
 create mode 100644 retired/CVE-2021-4093
 create mode 100644 retired/CVE-2021-42008

diff --git a/active/CVE-2020-16119 b/active/CVE-2020-16119
deleted file mode 100644
index 2c5edbc8e..000000000
--- a/active/CVE-2020-16119
+++ /dev/null
@@ -1,17 +0,0 @@
-Description: net: dccp: fix structure use-after-free
-References:
- https://www.openwall.com/lists/oss-security/2020/10/13/7
- https://lore.kernel.org/netdev/20201013171849.236025-1-kleber.souza@canonical.com/T/
-Notes:
- carnil> Introduced with 2677d2067731 ("dccp: don't free
- carnil> ccid2_hc_tx_sock struct in dccp_disconnect()") in 4.17-rc7 (and
- carnil> backported as well to various stable series as e.g. 4.9.108).
-Bugs:
-upstream: released (5.15-rc2) [d9ea761fdd197351890418acd462c51f241014a7]
-5.10-upstream-stable: released (5.10.68) [6c3cb65d561e76fd0398026c023e587fec70e188]
-4.19-upstream-stable: released (4.19.207) [dfec82f3e5b8bd93ab65b7417a64886ec8c42f14]
-4.9-upstream-stable: released (4.9.283) [40ea36ffa7207456c3f155bbab76754d3f37ce04]
-sid: released (5.14.6-1) [bugfix/all/dccp-don-t-duplicate-ccid-when-cloning-dccp-sock.patch]
-5.10-bullseye-security: released (5.10.46-5) [bugfix/all/dccp-don-t-duplicate-ccid-when-cloning-dccp-sock.patch]
-4.19-buster-security: released (4.19.208-1)
-4.9-stretch-security: released (4.9.290-1)
diff --git a/active/CVE-2020-3702 b/active/CVE-2020-3702
deleted file mode 100644
index 1180a0382..000000000
--- a/active/CVE-2020-3702
+++ /dev/null
@@ -1,15 +0,0 @@
-Description: Qualcomm/Atheros WiFi may transmit unencrypted frames after disassociation
-References:
- https://lore.kernel.org/linux-wireless/CABvG-CVvPF++0vuGzCrBj8+s=Bcx1GwWfiW1_Somu_GVncTAcQ@mail.gmail.com/
- https://lore.kernel.org/stable/20210818084859.vcs4vs3yd6zetmyt@pali/t/#mf8b430d4f19f1b939a29b6c5098fdc514fd1a928
- https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin#_cve-2020-3702
-Notes:
-Bugs:
-upstream: released (5.12-rc1) [56c5485c9e444c2e85e11694b6c44f1338fc20fd, 73488cb2fa3bb1ef9f6cf0d757f76958bd4deaca, d2d3e36498dd8e0c83ea99861fac5cf9e8671226, 144cd24dbc36650a51f7fe3bf1424a1432f1f480, ca2848022c12789685d3fab3227df02b863f9696]
-5.10-upstream-stable: released (5.10.61) [8f05076983ddeaae1165457b6aa4eca9fe0e5498, 6566c207e5767deb37d283ed9f77b98439a1de4e, 2925a8385ec746bf09c11dcadb9af13c26091a4d, 609c0cfd07f0ae6c444e064a59b46c5f3090b705, e2036bc3fc7daa03c15fda27e1818192da817cea]
-4.19-upstream-stable: released (4.19.205) [dd5815f023b89c9a28325d8a2a5f0779b57b7190, d2fd9d34210f34cd0ff5b33fa94e9fcc2a513cea, fb924bfcecc90ca63ca76b5a10f192bd0e1bb35d, 7c5a966edd3c6eec4a9bdf698c1f27712d1781f0, 08c613a2cb06c68ef4e7733e052af067b21e5dbb]
-4.9-upstream-stable: released (4.9.283) [ea3f7df20fc8e0b82ec0e065b0b0d38e55fd7775, 74adc24d162e67d8862edaf701de620f36f98215, d7d4c3c60342deba706fd76ef09d8af68b9a64d8, 13c51682b07a5db4d9efb514e700407c6da22ff9, 7afed8faf42d8358a165ba554891085e10b1f7a0]
-sid: released (5.14.6-1)
-5.10-bullseye-security: released (5.10.46-5) [bugfix/all/ath-Use-safer-key-clearing-with-key-cache-entries.patch, bugfix/all/ath9k-Clear-key-cache-explicitly-on-disabling-hardwa.patch, bugfix/all/ath-Export-ath_hw_keysetmac.patch, bugfix/ath-Modify-ath_key_delete-to-not-need-full-key-entry.patch, bugfix/all/ath9k-Postpone-key-cache-entry-deletion-for-TXQ-fram.patch]
-4.19-buster-security: released (4.19.208-1)
-4.9-stretch-security: released (4.9.290-1)
diff --git a/active/CVE-2021-0920 b/active/CVE-2021-0920
deleted file mode 100644
index 7016aec45..000000000
--- a/active/CVE-2021-0920
+++ /dev/null
@@ -1,13 +0,0 @@
-Description: af_unix: fix garbage collect vs MSG_PEEK
-References:
- https://source.android.com/security/bulletin/2021-11-01
-Notes:
-Bugs:
-upstream: released (5.14-rc4) [cbcf01128d0a92e131bd09f1688fe032480b65ca]
-5.10-upstream-stable: released (5.10.55) [93c5951e0ce137e994237c19cd75a7caa1f80543]
-4.19-upstream-stable: released (4.19.200) [1dabafa9f61118b1377fde424d9a94bf8dbf2813]
-4.9-upstream-stable: released (4.9.278) [a805a7bd94644207d762d9c287078fecfcf52b3e]
-sid: released (5.14.6-1)
-5.10-bullseye-security: released (5.10.70-1)
-4.19-buster-security: released (4.19.208-1)
-4.9-stretch-security: released (4.9.290-1)
diff --git a/active/CVE-2021-1048 b/active/CVE-2021-1048
deleted file mode 100644
index 2df1af2de..000000000
--- a/active/CVE-2021-1048
+++ /dev/null
@@ -1,13 +0,0 @@
-Description: fix regression in "epoll: Keep a reference on files added to the check list"
-References:
- https://bugzilla.redhat.com/show_bug.cgi?id=2031928
-Notes:
-Bugs:
-upstream: released (5.9-rc4) [77f4689de17c0887775bb77896f4cc11a39bf848]
-5.10-upstream-stable: N/A "Fixed before branching point"
-4.19-upstream-stable: released (4.19.144) [37d933e8b41b83bb8278815e366aec5a542b7e31]
-4.9-upstream-stable: released (4.9.236) [8238ee93a30a5ff6fc75751e122a28e0d92f3e12]
-sid: released (5.8.10-1)
-5.10-bullseye-security: N/A "Fixed before branching point"
-4.19-buster-security: released (4.19.146-1)
-4.9-stretch-security: released (4.9.240-1)
diff --git a/active/CVE-2021-3612 b/active/CVE-2021-3612
deleted file mode 100644
index a08f3b42a..000000000
--- a/active/CVE-2021-3612
+++ /dev/null
@@ -1,19 +0,0 @@
-Description: joydev: zero size passed to joydev_handle_JSIOCSBTNMAP()
-References:
- https://bugzilla.redhat.com/show_bug.cgi?id=1974079
- https://lore.kernel.org/linux-input/20210219083215.GS2087@kadam/
- https://lore.kernel.org/linux-input/20210620120030.1513655-1-avlarkin82@gmail.com/T/#u
-Notes:
- carnil> Introduced by 182d679b2298 ("Input: joydev - prevent potential
- carnil> read overflow in ioctl") in 5.12-rc1 which was backported to
- carnil> various stable series, in 4.9.259, 4.19.178, 5.10.20 relevant
- carnil> for Debian.
-Bugs:
-upstream: released (5.14-rc1) [f8f84af5da9ee04ef1d271528656dac42a090d00]
-5.10-upstream-stable: released (5.10.50) [b4c35e9e8061b2386da1aa0d708e991204e76c45]
-4.19-upstream-stable: released (4.19.198) [b62ce8e3f7fbd81ea7c9341ac5e0d445f685f6af]
-4.9-upstream-stable: released (4.9.276) [f3673f6f63db2aa08c35e707a2fdcbcc6590c391]
-sid: released (5.10.46-3) [bugfix/all/Input-joydev-prevent-use-of-not-validated-data-in-JS.patch]
-5.10-bullseye-security: N/A "Fixed before branching point"
-4.19-buster-security: released (4.19.208-1)
-4.9-stretch-security: released (4.9.290-1)
diff --git a/active/CVE-2021-3653 b/active/CVE-2021-3653
deleted file mode 100644
index e673fa363..000000000
--- a/active/CVE-2021-3653
+++ /dev/null
@@ -1,13 +0,0 @@
-Description: KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl
-References:
- https://git.kernel.org/pub/scm/virt/kvm/kvm.git/commit/?id=0f923e07124df069ba68d8bb12324398f4b6b709
-Notes:
-Bugs:
-upstream: released (5.14-rc7) [0f923e07124df069ba68d8bb12324398f4b6b709]
-5.10-upstream-stable: released (5.10.60) [c0883f693187c646c0972d73e525523f9486c2e3]
-4.19-upstream-stable: released (4.19.205) [42f4312c0e8a225b5f1e3ed029509ef514f2157a]
-4.9-upstream-stable: released (4.9.281) [29c4f674715ba8fe7a391473313e8c71f98799c4]
-sid: released (5.14.6-1)
-5.10-bullseye-security: released (5.10.46-5) [bugfix/x86/KVM-nSVM-avoid-picking-up-unsupported-bits-from-L2-i.patch]
-4.19-buster-security: released (4.19.208-1)
-4.9-stretch-security: released (4.9.290-1)
diff --git a/active/CVE-2021-3655 b/active/CVE-2021-3655
deleted file mode 100644
index 6da8f0dcb..000000000
--- a/active/CVE-2021-3655
+++ /dev/null
@@ -1,14 +0,0 @@
-Description: missing size validations on inbound SCTP packets
-References:
-Notes:
- carnil> Additional bugfix "sctp: fix return value check in
- carnil> __sctp_rcv_asconf_lookup" required.
-Bugs:
-upstream: released (5.14-rc1) [0c5dc070ff3d6246d22ddd931f23a6266249e3db, 50619dbf8db77e98d821d615af4f634d08e22698, b6ffe7671b24689c09faa5675dd58f93758a97ae, ef6c8d6ccf0c1dccdda092ebe8782777cd7803c9]
-5.10-upstream-stable: released (5.10.51) [d4dbef7046e24669278eba4455e9e8053ead6ba0, 6ef81a5c0e22233e13c748e813c54d3bf0145782], released (5.10.69) [ffca46766850d4b96a26ad511a7997f74da2df8c, ccb79116c37242c07c34c991868acded87509e4c]
-4.19-upstream-stable: released (4.19.198) [c7a03ebace4f9cd40d9cd9dd5fb2af558025583c, dd16e38e1531258d332b0fc7c247367f60c6c381], released (4.19.208) [194d21f10ef6a2e1109c31d775fb23ffdb41657f, 6c4a5606951cf2be8cbed4d4aefbbeaedb4cb24f]
-4.9-upstream-stable: released (4.9.276) [c7da1d1ed43a6c2bece0d287e2415adf2868697e], released (4.9.284) [92e7bca98452aa760713016a434aa7edfc09fb13, 6b5361868870e9a097745446798aa10ee92c159c, 4d2de0d232ee386fceacf7cdb20a6398c3c0854b]
-sid: released (5.10.46-3) [bugfix/all/sctp-validate-from_addr_param-return.patch, bugfix/all/sctp-add-size-validation-when-walking-chunks.patch]
-5.10-bullseye-security: N/A "Fixed before branching point"
-4.19-buster-security: released (4.19.208-1)
-4.9-stretch-security: released (4.9.290-1)
diff --git a/active/CVE-2021-3679 b/active/CVE-2021-3679
deleted file mode 100644
index 2c5e1c4a3..000000000
--- a/active/CVE-2021-3679
+++ /dev/null
@@ -1,13 +0,0 @@
-Description: tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop.
-References:
-Notes:
- carnil> Commit fixes bf41a158cacba ("ring-buffer: make reentrant").
-Bugs:
-upstream: released (5.14-rc3) [67f0d6d9883c13174669f88adac4f0ee656cc16a]
-5.10-upstream-stable: released (5.10.54) [757bdba8026be19b4f447487695cd0349a648d9e]
-4.19-upstream-stable: released (4.19.199) [6a99bfee7f5625d2577a5c3b09a2bd2a845feb8a]
-4.9-upstream-stable: released (4.9.277) [7db12bae1a239d872d17e128fd5271da789bf99c]
-sid: released (5.14.6-1)
-5.10-bullseye-security: released (5.10.46-5) [bugfix/all/tracing-Fix-bug-in-rb_per_cpu_empty-that-might-cause.patch]
-4.19-buster-security: released (4.19.208-1)
-4.9-stretch-security: released (4.9.290-1)
diff --git a/active/CVE-2021-37159 b/active/CVE-2021-37159
deleted file mode 100644
index 4469c7dc5..000000000
--- a/active/CVE-2021-37159
+++ /dev/null
@@ -1,25 +0,0 @@
-Description: net: hso: do not call unregister if not registered
-References:
- https://www.spinics.net/lists/linux-usb/msg202228.html
- https://lore.kernel.org/stable/20210928151544.270412-1-ovidiu.panait@windriver.com/
- https://lore.kernel.org/stable/20210928143001.202223-1-ovidiu.panait@windriver.com/
- https://lore.kernel.org/stable/20210928131523.2314252-1-ovidiu.panait@windriver.com/
- https://ubuntu.com/security/CVE-2021-37159
- https://bugzilla.suse.com/show_bug.cgi?id=1188601
-Notes:
- carnil> The original patch was not accepted:
- carnil> https://www.spinics.net/lists/linux-usb/msg202313.html
- carnil> and a fix probably never applied. Needs closer investigation.
- carnil> The last commit is just a cleanup and not strictly necessary for the fix.
- carnil> 5fcfb6d0bfcd ("hso: fix bailout in error case of probe") can be considered
- carnil> a pre-requisite. This would be consistent with e.g. Ubuntu's triaging for
- carnil> CVE-2021-37159 and SUSEs.
-Bugs:
-upstream: released (5.14-rc3) [a6ecfb39ba9d7316057cea823b196b734f6b18ca]
-5.10-upstream-stable: released (5.10.54) [115e4f5b64ae8d9dd933167cafe2070aaac45849]
-4.19-upstream-stable: released (4.19.209) [f6cf22a1ef49f8e131f99c3f5fd80ab6b23a2d21]
-4.9-upstream-stable: released (4.9.290) [88b912e02d75bacbb957d817db70e6a54ea3a21c]
-sid: released (5.14.6-1)
-5.10-bullseye-security: released (5.10.70-1)
-4.19-buster-security: released (4.19.208-1) [bugfix/all/usb-hso-fix-error-handling-code-of-hso_create_net_de.patch]
-4.9-stretch-security: released (4.9.290-1)
diff --git a/active/CVE-2021-3732 b/active/CVE-2021-3732
deleted file mode 100644
index 0e2eac14f..000000000
--- a/active/CVE-2021-3732
+++ /dev/null
@@ -1,13 +0,0 @@
-Description: ovl: prevent private clone if bind mount is not allowed
-References:
- https://bugzilla.redhat.com/show_bug.cgi?id=1995249
-Notes:
-Bugs:
-upstream: released (5.14-rc6) [427215d85e8d1476da1a86b8d67aceb485eb3631]
-5.10-upstream-stable: released (5.10.59) [6a002d48a66076524f67098132538bef17e8445e]
-4.19-upstream-stable: released (4.19.204) [963d85d630dabe75a3cfde44a006fec3304d07b8]
-4.9-upstream-stable: released (4.9.280) [e3eee87c846dc47f6d8eb6d85e7271f24122a279]
-sid: released (5.14.6-1)
-5.10-bullseye-security: released (5.10.46-5) [bugfix/all/ovl-prevent-private-clone-if-bind-mount-is-not-allow.patch]
-4.19-buster-security: released (4.19.208-1)
-4.9-stretch-security: released (4.9.290-1)
diff --git a/active/CVE-2021-3753 b/active/CVE-2021-3753
deleted file mode 100644
index b045608cf..000000000
--- a/active/CVE-2021-3753
+++ /dev/null
@@ -1,13 +0,0 @@
-Description: vt_kdsetmode: extend console locking
-References:
- https://www.openwall.com/lists/oss-security/2021/09/01/4
-Notes:
-Bugs:
-upstream: released (5.15-rc1) [2287a51ba822384834dafc1c798453375d1107c7]
-5.10-upstream-stable: released (5.10.62) [60d69cb4e60de0067e5d8aecacd86dfe92a5384a]
-4.19-upstream-stable: released (4.19.206) [0776c1a20babb4ad0b7ce7f2f4e0806a97663187]
-4.9-upstream-stable: released (4.9.282) [755a2f40dda2d6b2e3b8624cb052e68947ee4d1f]
-sid: released (5.14.6-1)
-5.10-bullseye-security: released (5.10.46-5) [bugfix/all/vt_kdsetmode-extend-console-locking.patch]
-4.19-buster-security: released (4.19.208-1)
-4.9-stretch-security: released (4.9.290-1)
diff --git a/active/CVE-2021-38160 b/active/CVE-2021-38160
deleted file mode 100644
index a988ef0de..000000000
--- a/active/CVE-2021-38160
+++ /dev/null
@@ -1,12 +0,0 @@
-Description: virtio_console: Assure used length from device is limited
-References:
-Notes:
-Bugs:
-upstream: released (5.14-rc1) [d00d8da5869a2608e97cfede094dfc5e11462a46]
-5.10-upstream-stable: released (5.10.52) [f6ec306b93dc600a0ab3bb2693568ef1cc5f7f7a]
-4.19-upstream-stable: released (4.19.198) [b5fba782ccd3d12a14f884cd20f255fc9c0eec0c]
-4.9-upstream-stable: released (4.9.276) [9e2b8368b2079437c6840f3303cb0b7bc9b896ee]
-sid: released (5.14.6-1)
-5.10-bullseye-security: released (5.10.46-5) [bugfix/all/virtio_console-Assure-used-length-from-device-is-lim.patch]
-4.19-buster-security: released (4.19.208-1)
-4.9-stretch-security: released (4.9.290-1)
diff --git a/active/CVE-2021-38204 b/active/CVE-2021-38204
deleted file mode 100644
index 8464c95d6..000000000
--- a/active/CVE-2021-38204
+++ /dev/null
@@ -1,13 +0,0 @@
-Description: usb: max-3421: Prevent corruption of freed memory
-References:
-Notes:
- carnil> USB_MAX3421_HCD not enabled in Debian binary packages.
-Bugs:
-upstream: released (5.14-rc3) [b5fdf5c6e6bee35837e160c00ac89327bdad031b]
-5.10-upstream-stable: released (5.10.54) [7af54a4e221e5619a87714567e2258445dc35435]
-4.19-upstream-stable: released (4.19.199) [51fc12f4d37622fa0c481604833f98f11b1cac4f]
-4.9-upstream-stable: released (4.9.277) [ae3209b9fb086661ec1de4d8f4f0b951b272bbcd]
-sid: released (5.14.6-1)
-5.10-bullseye-security: released (5.10.70-1)
-4.19-buster-security: released (4.19.208-1)
-4.9-stretch-security: released (4.9.290-1)
diff --git a/active/CVE-2021-38205 b/active/CVE-2021-38205
deleted file mode 100644
index 4bdb73997..000000000
--- a/active/CVE-2021-38205
+++ /dev/null
@@ -1,13 +0,0 @@
-Description: net: xilinx_emaclite: Do not print real IOMEM pointer
-References:
-Notes:
- carnil> xilinx_emaclite (XILINX_EMACLITE) not enabled in Debian builds.
-Bugs:
-upstream: released (5.14-rc1) [d0d62baa7f505bd4c59cd169692ff07ec49dde37]
-5.10-upstream-stable: released (5.10.59) [25cff25ec60690247db8138cd1af8b867df2c489]
-4.19-upstream-stable: released (4.19.204) [9322401477a6d1f9de8f18e5d6eb43a68e0b113a]
-4.9-upstream-stable: released (4.9.280) [ffdc1e312e2074875147c1df90764a9bae56f11f]
-sid: released (5.14.6-1)
-5.10-bullseye-security: released (5.10.70-1)
-4.19-buster-security: released (4.19.208-1)
-4.9-stretch-security: released (4.9.290-1)
diff --git a/active/CVE-2021-40490 b/active/CVE-2021-40490
deleted file mode 100644
index 2bafb6cce..000000000
--- a/active/CVE-2021-40490
+++ /dev/null
@@ -1,14 +0,0 @@
-Description: ext4: fix race writing to an inline_data file while its xattrs are changing
-References:
- https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=9e445093e523f3277081314c864f708fd4bd34aa
- https://lore.kernel.org/linux-ext4/000000000000e5080305c9e51453@google.com/
-Notes:
-Bugs:
-upstream: released (5.15-rc1) [a54c4613dac1500b40e4ab55199f7c51f028e848]
-5.10-upstream-stable: released (5.10.63) [09a379549620f122de3aa4e65df9329976e4cdf5]
-4.19-upstream-stable: released (4.19.207) [c481607ba522e31e6ed01efefc19cc1d0e0a46fa]
-4.9-upstream-stable: released (4.9.283) [7067b09fe587cbd47544a3047a40c64e4d636fff]
-sid: released (5.14.6-1)
-5.10-bullseye-security: released (5.10.46-5) [bugfix/all/ext4-fix-race-writing-to-an-inline_data-file-while-i.patch]
-4.19-buster-security: released (4.19.208-1)
-4.9-stretch-security: released (4.9.290-1)
diff --git a/active/CVE-2021-4090 b/active/CVE-2021-4090
deleted file mode 100644
index 5cc0e80b1..000000000
--- a/active/CVE-2021-4090
+++ /dev/null
@@ -1,16 +0,0 @@
-Description:
-References:
- https://lore.kernel.org/linux-nfs/97860.1636837122@crash.local/
- https://lore.kernel.org/linux-nfs/163692036074.16710.5678362976688977923.stgit@klimt.1015granger.net/
-Notes:
- carnil> Commit fixes d1c263a031e8 ("NFSD: Replace READ* macros in
- carnil> nfsd4_decode_fattr()") 5.15-rc1.
-Bugs:
-upstream: released (5.16-rc2) [c0019b7db1d7ac62c711cda6b357a659d46428fe]
-5.10-upstream-stable: N/A "Vulnerable code not present"
-4.19-upstream-stable: N/A "Vulnerable code not present"
-4.9-upstream-stable: N/A "Vulnerable code not present"
-sid: released (5.15.5-1)
-5.10-bullseye-security: N/A "Vulnerable code not present"
-4.19-buster-security: N/A "Vulnerable code not present"
-4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2021-4093 b/active/CVE-2021-4093
deleted file mode 100644
index a1fb22034..000000000
--- a/active/CVE-2021-4093
+++ /dev/null
@@ -1,15 +0,0 @@
-Description: KVM: SVM: out-of-bounds read/write in sev_es_string_io
-References:
- https://bugzilla.redhat.com/show_bug.cgi?id=2028584
-Notes:
- carnil> Introduced in 5.11-rc1 by 7ed9abfe8e9f ("KVM: SVM: Support
- carnil> string IO operations for an SEV-ES guest").
-Bugs:
-upstream: released (5.15-rc7) [95e16b4792b0429f1933872f743410f00e590c55]
-5.10-upstream-stable: N/A "Vulnerable code not present"
-4.19-upstream-stable: N/A "Vulnerable code not present"
-4.9-upstream-stable: N/A "Vulnerable code not present"
-sid: released (5.14.16-1)
-5.10-bullseye-security: N/A "Vulnerable code not present"
-4.19-buster-security: N/A "Vulnerable code not present"
-4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2021-42008 b/active/CVE-2021-42008
deleted file mode 100644
index adb85fa1f..000000000
--- a/active/CVE-2021-42008
+++ /dev/null
@@ -1,12 +0,0 @@
-Description: net: 6pack: fix slab-out-of-bounds in decode_data 
-References:
-Notes:
-Bugs:
-upstream: released (5.14-rc7) [19d1532a187669ce86d5a2696eb7275310070793]
-5.10-upstream-stable: released (5.10.61) [85e0518f181a0ff060f5543d2655fb841a83d653]
-4.19-upstream-stable: released (4.19.205) [4e370cc081a78ee23528311ca58fd98a06768ec7]
-4.9-upstream-stable: released (4.9.281) [de9171c1d9a5c2c4c5ec5e64f420681f178152fa]
-sid: released (5.14.6-1) 
-5.10-bullseye-security: released (5.10.70-1)
-4.19-buster-security: released (4.19.208-1)
-4.9-stretch-security: released (4.9.290-1)
diff --git a/retired/CVE-2020-16119 b/retired/CVE-2020-16119
new file mode 100644
index 000000000..2c5edbc8e
--- /dev/null
+++ b/retired/CVE-2020-16119
@@ -0,0 +1,17 @@
+Description: net: dccp: fix structure use-after-free
+References:
+ https://www.openwall.com/lists/oss-security/2020/10/13/7
+ https://lore.kernel.org/netdev/20201013171849.236025-1-kleber.souza@canonical.com/T/
+Notes:
+ carnil> Introduced with 2677d2067731 ("dccp: don't free
+ carnil> ccid2_hc_tx_sock struct in dccp_disconnect()") in 4.17-rc7 (and
+ carnil> backported as well to various stable series as e.g. 4.9.108).
+Bugs:
+upstream: released (5.15-rc2) [d9ea761fdd197351890418acd462c51f241014a7]
+5.10-upstream-stable: released (5.10.68) [6c3cb65d561e76fd0398026c023e587fec70e188]
+4.19-upstream-stable: released (4.19.207) [dfec82f3e5b8bd93ab65b7417a64886ec8c42f14]
+4.9-upstream-stable: released (4.9.283) [40ea36ffa7207456c3f155bbab76754d3f37ce04]
+sid: released (5.14.6-1) [bugfix/all/dccp-don-t-duplicate-ccid-when-cloning-dccp-sock.patch]
+5.10-bullseye-security: released (5.10.46-5) [bugfix/all/dccp-don-t-duplicate-ccid-when-cloning-dccp-sock.patch]
+4.19-buster-security: released (4.19.208-1)
+4.9-stretch-security: released (4.9.290-1)
diff --git a/retired/CVE-2020-3702 b/retired/CVE-2020-3702
new file mode 100644
index 000000000..1180a0382
--- /dev/null
+++ b/retired/CVE-2020-3702
@@ -0,0 +1,15 @@
+Description: Qualcomm/Atheros WiFi may transmit unencrypted frames after disassociation
+References:
+ https://lore.kernel.org/linux-wireless/CABvG-CVvPF++0vuGzCrBj8+s=Bcx1GwWfiW1_Somu_GVncTAcQ@mail.gmail.com/
+ https://lore.kernel.org/stable/20210818084859.vcs4vs3yd6zetmyt@pali/t/#mf8b430d4f19f1b939a29b6c5098fdc514fd1a928
+ https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin#_cve-2020-3702
+Notes:
+Bugs:
+upstream: released (5.12-rc1) [56c5485c9e444c2e85e11694b6c44f1338fc20fd, 73488cb2fa3bb1ef9f6cf0d757f76958bd4deaca, d2d3e36498dd8e0c83ea99861fac5cf9e8671226, 144cd24dbc36650a51f7fe3bf1424a1432f1f480, ca2848022c12789685d3fab3227df02b863f9696]
+5.10-upstream-stable: released (5.10.61) [8f05076983ddeaae1165457b6aa4eca9fe0e5498, 6566c207e5767deb37d283ed9f77b98439a1de4e, 2925a8385ec746bf09c11dcadb9af13c26091a4d, 609c0cfd07f0ae6c444e064a59b46c5f3090b705, e2036bc3fc7daa03c15fda27e1818192da817cea]
+4.19-upstream-stable: released (4.19.205) [dd5815f023b89c9a28325d8a2a5f0779b57b7190, d2fd9d34210f34cd0ff5b33fa94e9fcc2a513cea, fb924bfcecc90ca63ca76b5a10f192bd0e1bb35d, 7c5a966edd3c6eec4a9bdf698c1f27712d1781f0, 08c613a2cb06c68ef4e7733e052af067b21e5dbb]
+4.9-upstream-stable: released (4.9.283) [ea3f7df20fc8e0b82ec0e065b0b0d38e55fd7775, 74adc24d162e67d8862edaf701de620f36f98215, d7d4c3c60342deba706fd76ef09d8af68b9a64d8, 13c51682b07a5db4d9efb514e700407c6da22ff9, 7afed8faf42d8358a165ba554891085e10b1f7a0]
+sid: released (5.14.6-1)
+5.10-bullseye-security: released (5.10.46-5) [bugfix/all/ath-Use-safer-key-clearing-with-key-cache-entries.patch, bugfix/all/ath9k-Clear-key-cache-explicitly-on-disabling-hardwa.patch, bugfix/all/ath-Export-ath_hw_keysetmac.patch, bugfix/ath-Modify-ath_key_delete-to-not-need-full-key-entry.patch, bugfix/all/ath9k-Postpone-key-cache-entry-deletion-for-TXQ-fram.patch]
+4.19-buster-security: released (4.19.208-1)
+4.9-stretch-security: released (4.9.290-1)
diff --git a/retired/CVE-2021-0920 b/retired/CVE-2021-0920
new file mode 100644
index 000000000..7016aec45
--- /dev/null
+++ b/retired/CVE-2021-0920
@@ -0,0 +1,13 @@
+Description: af_unix: fix garbage collect vs MSG_PEEK
+References:
+ https://source.android.com/security/bulletin/2021-11-01
+Notes:
+Bugs:
+upstream: released (5.14-rc4) [cbcf01128d0a92e131bd09f1688fe032480b65ca]
+5.10-upstream-stable: released (5.10.55) [93c5951e0ce137e994237c19cd75a7caa1f80543]
+4.19-upstream-stable: released (4.19.200) [1dabafa9f61118b1377fde424d9a94bf8dbf2813]
+4.9-upstream-stable: released (4.9.278) [a805a7bd94644207d762d9c287078fecfcf52b3e]
+sid: released (5.14.6-1)
+5.10-bullseye-security: released (5.10.70-1)
+4.19-buster-security: released (4.19.208-1)
+4.9-stretch-security: released (4.9.290-1)
diff --git a/retired/CVE-2021-1048 b/retired/CVE-2021-1048
new file mode 100644
index 000000000..2df1af2de
--- /dev/null
+++ b/retired/CVE-2021-1048
@@ -0,0 +1,13 @@
+Description: fix regression in "epoll: Keep a reference on files added to the check list"
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2031928
+Notes:
+Bugs:
+upstream: released (5.9-rc4) [77f4689de17c0887775bb77896f4cc11a39bf848]
+5.10-upstream-stable: N/A "Fixed before branching point"
+4.19-upstream-stable: released (4.19.144) [37d933e8b41b83bb8278815e366aec5a542b7e31]
+4.9-upstream-stable: released (4.9.236) [8238ee93a30a5ff6fc75751e122a28e0d92f3e12]
+sid: released (5.8.10-1)
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.146-1)
+4.9-stretch-security: released (4.9.240-1)
diff --git a/retired/CVE-2021-3612 b/retired/CVE-2021-3612
new file mode 100644
index 000000000..a08f3b42a
--- /dev/null
+++ b/retired/CVE-2021-3612
@@ -0,0 +1,19 @@
+Description: joydev: zero size passed to joydev_handle_JSIOCSBTNMAP()
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=1974079
+ https://lore.kernel.org/linux-input/20210219083215.GS2087@kadam/
+ https://lore.kernel.org/linux-input/20210620120030.1513655-1-avlarkin82@gmail.com/T/#u
+Notes:
+ carnil> Introduced by 182d679b2298 ("Input: joydev - prevent potential
+ carnil> read overflow in ioctl") in 5.12-rc1 which was backported to
+ carnil> various stable series, in 4.9.259, 4.19.178, 5.10.20 relevant
+ carnil> for Debian.
+Bugs:
+upstream: released (5.14-rc1) [f8f84af5da9ee04ef1d271528656dac42a090d00]
+5.10-upstream-stable: released (5.10.50) [b4c35e9e8061b2386da1aa0d708e991204e76c45]
+4.19-upstream-stable: released (4.19.198) [b62ce8e3f7fbd81ea7c9341ac5e0d445f685f6af]
+4.9-upstream-stable: released (4.9.276) [f3673f6f63db2aa08c35e707a2fdcbcc6590c391]
+sid: released (5.10.46-3) [bugfix/all/Input-joydev-prevent-use-of-not-validated-data-in-JS.patch]
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.208-1)
+4.9-stretch-security: released (4.9.290-1)
diff --git a/retired/CVE-2021-3653 b/retired/CVE-2021-3653
new file mode 100644
index 000000000..e673fa363
--- /dev/null
+++ b/retired/CVE-2021-3653
@@ -0,0 +1,13 @@
+Description: KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl
+References:
+ https://git.kernel.org/pub/scm/virt/kvm/kvm.git/commit/?id=0f923e07124df069ba68d8bb12324398f4b6b709
+Notes:
+Bugs:
+upstream: released (5.14-rc7) [0f923e07124df069ba68d8bb12324398f4b6b709]
+5.10-upstream-stable: released (5.10.60) [c0883f693187c646c0972d73e525523f9486c2e3]
+4.19-upstream-stable: released (4.19.205) [42f4312c0e8a225b5f1e3ed029509ef514f2157a]
+4.9-upstream-stable: released (4.9.281) [29c4f674715ba8fe7a391473313e8c71f98799c4]
+sid: released (5.14.6-1)
+5.10-bullseye-security: released (5.10.46-5) [bugfix/x86/KVM-nSVM-avoid-picking-up-unsupported-bits-from-L2-i.patch]
+4.19-buster-security: released (4.19.208-1)
+4.9-stretch-security: released (4.9.290-1)
diff --git a/retired/CVE-2021-3655 b/retired/CVE-2021-3655
new file mode 100644
index 000000000..6da8f0dcb
--- /dev/null
+++ b/retired/CVE-2021-3655
@@ -0,0 +1,14 @@
+Description: missing size validations on inbound SCTP packets
+References:
+Notes:
+ carnil> Additional bugfix "sctp: fix return value check in
+ carnil> __sctp_rcv_asconf_lookup" required.
+Bugs:
+upstream: released (5.14-rc1) [0c5dc070ff3d6246d22ddd931f23a6266249e3db, 50619dbf8db77e98d821d615af4f634d08e22698, b6ffe7671b24689c09faa5675dd58f93758a97ae, ef6c8d6ccf0c1dccdda092ebe8782777cd7803c9]
+5.10-upstream-stable: released (5.10.51) [d4dbef7046e24669278eba4455e9e8053ead6ba0, 6ef81a5c0e22233e13c748e813c54d3bf0145782], released (5.10.69) [ffca46766850d4b96a26ad511a7997f74da2df8c, ccb79116c37242c07c34c991868acded87509e4c]
+4.19-upstream-stable: released (4.19.198) [c7a03ebace4f9cd40d9cd9dd5fb2af558025583c, dd16e38e1531258d332b0fc7c247367f60c6c381], released (4.19.208) [194d21f10ef6a2e1109c31d775fb23ffdb41657f, 6c4a5606951cf2be8cbed4d4aefbbeaedb4cb24f]
+4.9-upstream-stable: released (4.9.276) [c7da1d1ed43a6c2bece0d287e2415adf2868697e], released (4.9.284) [92e7bca98452aa760713016a434aa7edfc09fb13, 6b5361868870e9a097745446798aa10ee92c159c, 4d2de0d232ee386fceacf7cdb20a6398c3c0854b]
+sid: released (5.10.46-3) [bugfix/all/sctp-validate-from_addr_param-return.patch, bugfix/all/sctp-add-size-validation-when-walking-chunks.patch]
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.208-1)
+4.9-stretch-security: released (4.9.290-1)
diff --git a/retired/CVE-2021-3679 b/retired/CVE-2021-3679
new file mode 100644
index 000000000..2c5e1c4a3
--- /dev/null
+++ b/retired/CVE-2021-3679
@@ -0,0 +1,13 @@
+Description: tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop.
+References:
+Notes:
+ carnil> Commit fixes bf41a158cacba ("ring-buffer: make reentrant").
+Bugs:
+upstream: released (5.14-rc3) [67f0d6d9883c13174669f88adac4f0ee656cc16a]
+5.10-upstream-stable: released (5.10.54) [757bdba8026be19b4f447487695cd0349a648d9e]
+4.19-upstream-stable: released (4.19.199) [6a99bfee7f5625d2577a5c3b09a2bd2a845feb8a]
+4.9-upstream-stable: released (4.9.277) [7db12bae1a239d872d17e128fd5271da789bf99c]
+sid: released (5.14.6-1)
+5.10-bullseye-security: released (5.10.46-5) [bugfix/all/tracing-Fix-bug-in-rb_per_cpu_empty-that-might-cause.patch]
+4.19-buster-security: released (4.19.208-1)
+4.9-stretch-security: released (4.9.290-1)
diff --git a/retired/CVE-2021-37159 b/retired/CVE-2021-37159
new file mode 100644
index 000000000..4469c7dc5
--- /dev/null
+++ b/retired/CVE-2021-37159
@@ -0,0 +1,25 @@
+Description: net: hso: do not call unregister if not registered
+References:
+ https://www.spinics.net/lists/linux-usb/msg202228.html
+ https://lore.kernel.org/stable/20210928151544.270412-1-ovidiu.panait@windriver.com/
+ https://lore.kernel.org/stable/20210928143001.202223-1-ovidiu.panait@windriver.com/
+ https://lore.kernel.org/stable/20210928131523.2314252-1-ovidiu.panait@windriver.com/
+ https://ubuntu.com/security/CVE-2021-37159
+ https://bugzilla.suse.com/show_bug.cgi?id=1188601
+Notes:
+ carnil> The original patch was not accepted:
+ carnil> https://www.spinics.net/lists/linux-usb/msg202313.html
+ carnil> and a fix probably never applied. Needs closer investigation.
+ carnil> The last commit is just a cleanup and not strictly necessary for the fix.
+ carnil> 5fcfb6d0bfcd ("hso: fix bailout in error case of probe") can be considered
+ carnil> a pre-requisite. This would be consistent with e.g. Ubuntu's triaging for
+ carnil> CVE-2021-37159 and SUSEs.
+Bugs:
+upstream: released (5.14-rc3) [a6ecfb39ba9d7316057cea823b196b734f6b18ca]
+5.10-upstream-stable: released (5.10.54) [115e4f5b64ae8d9dd933167cafe2070aaac45849]
+4.19-upstream-stable: released (4.19.209) [f6cf22a1ef49f8e131f99c3f5fd80ab6b23a2d21]
+4.9-upstream-stable: released (4.9.290) [88b912e02d75bacbb957d817db70e6a54ea3a21c]
+sid: released (5.14.6-1)
+5.10-bullseye-security: released (5.10.70-1)
+4.19-buster-security: released (4.19.208-1) [bugfix/all/usb-hso-fix-error-handling-code-of-hso_create_net_de.patch]
+4.9-stretch-security: released (4.9.290-1)
diff --git a/retired/CVE-2021-3732 b/retired/CVE-2021-3732
new file mode 100644
index 000000000..0e2eac14f
--- /dev/null
+++ b/retired/CVE-2021-3732
@@ -0,0 +1,13 @@
+Description: ovl: prevent private clone if bind mount is not allowed
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=1995249
+Notes:
+Bugs:
+upstream: released (5.14-rc6) [427215d85e8d1476da1a86b8d67aceb485eb3631]
+5.10-upstream-stable: released (5.10.59) [6a002d48a66076524f67098132538bef17e8445e]
+4.19-upstream-stable: released (4.19.204) [963d85d630dabe75a3cfde44a006fec3304d07b8]
+4.9-upstream-stable: released (4.9.280) [e3eee87c846dc47f6d8eb6d85e7271f24122a279]
+sid: released (5.14.6-1)
+5.10-bullseye-security: released (5.10.46-5) [bugfix/all/ovl-prevent-private-clone-if-bind-mount-is-not-allow.patch]
+4.19-buster-security: released (4.19.208-1)
+4.9-stretch-security: released (4.9.290-1)
diff --git a/retired/CVE-2021-3753 b/retired/CVE-2021-3753
new file mode 100644
index 000000000..b045608cf
--- /dev/null
+++ b/retired/CVE-2021-3753
@@ -0,0 +1,13 @@
+Description: vt_kdsetmode: extend console locking
+References:
+ https://www.openwall.com/lists/oss-security/2021/09/01/4
+Notes:
+Bugs:
+upstream: released (5.15-rc1) [2287a51ba822384834dafc1c798453375d1107c7]
+5.10-upstream-stable: released (5.10.62) [60d69cb4e60de0067e5d8aecacd86dfe92a5384a]
+4.19-upstream-stable: released (4.19.206) [0776c1a20babb4ad0b7ce7f2f4e0806a97663187]
+4.9-upstream-stable: released (4.9.282) [755a2f40dda2d6b2e3b8624cb052e68947ee4d1f]
+sid: released (5.14.6-1)
+5.10-bullseye-security: released (5.10.46-5) [bugfix/all/vt_kdsetmode-extend-console-locking.patch]
+4.19-buster-security: released (4.19.208-1)
+4.9-stretch-security: released (4.9.290-1)
diff --git a/retired/CVE-2021-38160 b/retired/CVE-2021-38160
new file mode 100644
index 000000000..a988ef0de
--- /dev/null
+++ b/retired/CVE-2021-38160
@@ -0,0 +1,12 @@
+Description: virtio_console: Assure used length from device is limited
+References:
+Notes:
+Bugs:
+upstream: released (5.14-rc1) [d00d8da5869a2608e97cfede094dfc5e11462a46]
+5.10-upstream-stable: released (5.10.52) [f6ec306b93dc600a0ab3bb2693568ef1cc5f7f7a]
+4.19-upstream-stable: released (4.19.198) [b5fba782ccd3d12a14f884cd20f255fc9c0eec0c]
+4.9-upstream-stable: released (4.9.276) [9e2b8368b2079437c6840f3303cb0b7bc9b896ee]
+sid: released (5.14.6-1)
+5.10-bullseye-security: released (5.10.46-5) [bugfix/all/virtio_console-Assure-used-length-from-device-is-lim.patch]
+4.19-buster-security: released (4.19.208-1)
+4.9-stretch-security: released (4.9.290-1)
diff --git a/retired/CVE-2021-38204 b/retired/CVE-2021-38204
new file mode 100644
index 000000000..8464c95d6
--- /dev/null
+++ b/retired/CVE-2021-38204
@@ -0,0 +1,13 @@
+Description: usb: max-3421: Prevent corruption of freed memory
+References:
+Notes:
+ carnil> USB_MAX3421_HCD not enabled in Debian binary packages.
+Bugs:
+upstream: released (5.14-rc3) [b5fdf5c6e6bee35837e160c00ac89327bdad031b]
+5.10-upstream-stable: released (5.10.54) [7af54a4e221e5619a87714567e2258445dc35435]
+4.19-upstream-stable: released (4.19.199) [51fc12f4d37622fa0c481604833f98f11b1cac4f]
+4.9-upstream-stable: released (4.9.277) [ae3209b9fb086661ec1de4d8f4f0b951b272bbcd]
+sid: released (5.14.6-1)
+5.10-bullseye-security: released (5.10.70-1)
+4.19-buster-security: released (4.19.208-1)
+4.9-stretch-security: released (4.9.290-1)
diff --git a/retired/CVE-2021-38205 b/retired/CVE-2021-38205
new file mode 100644
index 000000000..4bdb73997
--- /dev/null
+++ b/retired/CVE-2021-38205
@@ -0,0 +1,13 @@
+Description: net: xilinx_emaclite: Do not print real IOMEM pointer
+References:
+Notes:
+ carnil> xilinx_emaclite (XILINX_EMACLITE) not enabled in Debian builds.
+Bugs:
+upstream: released (5.14-rc1) [d0d62baa7f505bd4c59cd169692ff07ec49dde37]
+5.10-upstream-stable: released (5.10.59) [25cff25ec60690247db8138cd1af8b867df2c489]
+4.19-upstream-stable: released (4.19.204) [9322401477a6d1f9de8f18e5d6eb43a68e0b113a]
+4.9-upstream-stable: released (4.9.280) [ffdc1e312e2074875147c1df90764a9bae56f11f]
+sid: released (5.14.6-1)
+5.10-bullseye-security: released (5.10.70-1)
+4.19-buster-security: released (4.19.208-1)
+4.9-stretch-security: released (4.9.290-1)
diff --git a/retired/CVE-2021-40490 b/retired/CVE-2021-40490
new file mode 100644
index 000000000..2bafb6cce
--- /dev/null
+++ b/retired/CVE-2021-40490
@@ -0,0 +1,14 @@
+Description: ext4: fix race writing to an inline_data file while its xattrs are changing
+References:
+ https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=9e445093e523f3277081314c864f708fd4bd34aa
+ https://lore.kernel.org/linux-ext4/000000000000e5080305c9e51453@google.com/
+Notes:
+Bugs:
+upstream: released (5.15-rc1) [a54c4613dac1500b40e4ab55199f7c51f028e848]
+5.10-upstream-stable: released (5.10.63) [09a379549620f122de3aa4e65df9329976e4cdf5]
+4.19-upstream-stable: released (4.19.207) [c481607ba522e31e6ed01efefc19cc1d0e0a46fa]
+4.9-upstream-stable: released (4.9.283) [7067b09fe587cbd47544a3047a40c64e4d636fff]
+sid: released (5.14.6-1)
+5.10-bullseye-security: released (5.10.46-5) [bugfix/all/ext4-fix-race-writing-to-an-inline_data-file-while-i.patch]
+4.19-buster-security: released (4.19.208-1)
+4.9-stretch-security: released (4.9.290-1)
diff --git a/retired/CVE-2021-4090 b/retired/CVE-2021-4090
new file mode 100644
index 000000000..5cc0e80b1
--- /dev/null
+++ b/retired/CVE-2021-4090
@@ -0,0 +1,16 @@
+Description:
+References:
+ https://lore.kernel.org/linux-nfs/97860.1636837122@crash.local/
+ https://lore.kernel.org/linux-nfs/163692036074.16710.5678362976688977923.stgit@klimt.1015granger.net/
+Notes:
+ carnil> Commit fixes d1c263a031e8 ("NFSD: Replace READ* macros in
+ carnil> nfsd4_decode_fattr()") 5.15-rc1.
+Bugs:
+upstream: released (5.16-rc2) [c0019b7db1d7ac62c711cda6b357a659d46428fe]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.5-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
+4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-4093 b/retired/CVE-2021-4093
new file mode 100644
index 000000000..a1fb22034
--- /dev/null
+++ b/retired/CVE-2021-4093
@@ -0,0 +1,15 @@
+Description: KVM: SVM: out-of-bounds read/write in sev_es_string_io
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2028584
+Notes:
+ carnil> Introduced in 5.11-rc1 by 7ed9abfe8e9f ("KVM: SVM: Support
+ carnil> string IO operations for an SEV-ES guest").
+Bugs:
+upstream: released (5.15-rc7) [95e16b4792b0429f1933872f743410f00e590c55]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.16-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
+4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-42008 b/retired/CVE-2021-42008
new file mode 100644
index 000000000..adb85fa1f
--- /dev/null
+++ b/retired/CVE-2021-42008
@@ -0,0 +1,12 @@
+Description: net: 6pack: fix slab-out-of-bounds in decode_data 
+References:
+Notes:
+Bugs:
+upstream: released (5.14-rc7) [19d1532a187669ce86d5a2696eb7275310070793]
+5.10-upstream-stable: released (5.10.61) [85e0518f181a0ff060f5543d2655fb841a83d653]
+4.19-upstream-stable: released (4.19.205) [4e370cc081a78ee23528311ca58fd98a06768ec7]
+4.9-upstream-stable: released (4.9.281) [de9171c1d9a5c2c4c5ec5e64f420681f178152fa]
+sid: released (5.14.6-1) 
+5.10-bullseye-security: released (5.10.70-1)
+4.19-buster-security: released (4.19.208-1)
+4.9-stretch-security: released (4.9.290-1)
-- 
cgit v1.2.3