From e39cb376b4032790d52ee14ad1bc003be785f182 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Wed, 17 Jan 2024 22:11:41 +0100
Subject: Retire two CVEs

---
 retired/CVE-2024-0639 | 13 +++++++++++++
 retired/CVE-2024-0641 | 15 +++++++++++++++
 2 files changed, 28 insertions(+)
 create mode 100644 retired/CVE-2024-0639
 create mode 100644 retired/CVE-2024-0641

(limited to 'retired')

diff --git a/retired/CVE-2024-0639 b/retired/CVE-2024-0639
new file mode 100644
index 00000000..56a3d794
--- /dev/null
+++ b/retired/CVE-2024-0639
@@ -0,0 +1,13 @@
+Description: sctp: fix potential deadlock on &net->sctp.addr_wq_lock
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2258754
+Notes:
+Bugs:
+upstream: released (6.5-rc1) [6feb37b3b06e9049e20dcf7e23998f92c9c5be9a]
+6.1-upstream-stable: released (6.1.39) [1aa5a6a6d28c77e364feaba35ff7f12d2d74fec1]
+5.10-upstream-stable: released (5.10.188) [6d2243ab783bf79d1d674ff0ca26229233c56508]
+4.19-upstream-stable: released (4.19.291) [0ad0e8b0cb0e28626ab6dffe3da883941b9cbc4b]
+sid: released (6.4.4-1)
+6.1-bookworm-security: released (6.1.52-1)
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2024-0641 b/retired/CVE-2024-0641
new file mode 100644
index 00000000..d34e3fe6
--- /dev/null
+++ b/retired/CVE-2024-0641
@@ -0,0 +1,15 @@
+Description: tipc: fix a potential deadlock on &tx->lock
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2258757
+Notes:
+ carnil> Commit fixes fc1b6d6de220 ("tipc: introduce TIPC encryption &
+ carnil> authentication") in 5.5-rc1.
+Bugs:
+upstream: released (6.6-rc5) [08e50cf071847323414df0835109b6f3560d44f5]
+6.1-upstream-stable: released (6.1.57) [143e72757a902abcecd5f487553f44dc19a56cfc]
+5.10-upstream-stable: released (5.10.198) [6a24d0661fa389c241d935da38e0f6a5ee8eb1ae]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.8-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: N/A "Vulnerable code not present"
-- 
cgit v1.2.3