From 9cd139b64b8458e7934cf2d43a83d81e9a076e0f Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Thu, 11 Jun 2020 09:46:30 +0200
Subject: Retire several CVEs

---
 retired/CVE-2018-14610 | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 retired/CVE-2018-14610

(limited to 'retired/CVE-2018-14610')

diff --git a/retired/CVE-2018-14610 b/retired/CVE-2018-14610
new file mode 100644
index 00000000..a601af7d
--- /dev/null
+++ b/retired/CVE-2018-14610
@@ -0,0 +1,16 @@
+Description: out-of-bound access in write_extent_buffer() when mounting and operating a crafted btrfs image
+References:
+ https://bugzilla.kernel.org/show_bug.cgi?id=199837
+ https://patchwork.kernel.org/patch/10503415/
+Notes:
+ bwh> Upstream fix depends on (at least) commit fce466eab7ac
+ bwh> "btrfs: tree-checker: Verify block_group_item".
+Bugs:
+upstream: released (4.19-rc1) [514c7dca85a0bf40be984dab0b477403a6db901f]
+4.19-upstream-stable: N/A "Fixed before branch point"
+4.9-upstream-stable: released (4.9.144) [7a72f918825ddece7a4ed79583836f6f1e06e478]
+3.16-upstream-stable: released (3.16.83) [5203a4d55c2c6a0c86a0ab21bfd071d407ca95a1]
+sid: released (4.19.9-1)
+4.19-buster-security: N/A "Fixed before branching point"
+4.9-stretch-security: released (4.9.144-1)
+3.16-jessie-security: released (3.16.84-1)
-- 
cgit v1.2.3