Retire some CVEs

9 files changed, 0 insertions, 141 deletions

diff --git a/active/CVE-2019-19319 b/active/CVE-2019-19319
deleted file mode 100644
index beb274a0e..000000000
--- a/active/CVE-2019-19319
+++ /dev/null
@@ -1,25 +0,0 @@
-Description: ext4: crafted image causes heap OOB write in ext4_xattr_set_entry
-References:
- https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19319
-Notes:
- carnil> Introduced in dec214d00e0d ("ext4: xattr inode deduplication")
- carnil> in 4.13-rc1? Cf.
- carnil> https://bugzilla.suse.com/show_bug.cgi?id=1158021#c2
- bwh> SUSE has backported the fix as far as 3.12. It turns out that
- bwh> they backported *part* of commit dec214d00e0d to fix CVE-2018-1094
- bwh> which I thought didn't affect older branches. See
- bwh> <https://github.com/openSUSE/kernel-source/blob/SLE12-SP4/patches.suse/ext4-make-metadata-csum-checks-safer.patch>
- bwh> and
- bwh> <https://github.com/openSUSE/kernel-source/blob/SLE12-SP4/patches.suse/ext4-protect-journal-inode-s-blocks-using-block_vali.patch>.
- bwh> So we should probably apply both of these to 3.16 and 4.9.
- bwh> Note the follow-up fixes: commits fbbbbd2f28aec, 170417c8c7bb,
- bwh> 0a944e8a6c66, af133ade9a40.
-Bugs:
-upstream: released (5.2-rc1) [345c0dbf3a30872d9b204db96b5857cd00808cae]
-4.19-upstream-stable: released (4.19.73) [2fd4629de51974002f4e9cf1a35a1926dd6c9d99]
-4.9-upstream-stable: released (4.9.221) [a9855260fe8d8680bf8c4f0d8303b696c861e99b]
-3.16-upstream-stable: released (3.16.85) [51890201da4d654f6ca131bc45a0e892bb10de1d]
-sid: released (5.2.6-1)
-4.19-buster-security: released (4.19.87-1)
-4.9-stretch-security: released (4.9.210-1+deb9u1) [bugfix/all/ext4-protect-journal-inode-s-blocks-using-block_vali.patch]
-3.16-jessie-security: released (3.16.84-1) [bugfix/all/ext4-protect-journal-inode-s-blocks-using-block_vali.patch]
diff --git a/active/CVE-2020-10732 b/active/CVE-2020-10732
deleted file mode 100644
index 0d197b09a..000000000
--- a/active/CVE-2020-10732
+++ /dev/null
@@ -1,26 +0,0 @@
-Description: uninitialized kernel data leak in userspace coredumps
-References:
- https://www.openwall.com/lists/oss-security/2020/05/06/1
- https://github.com/ruscur/linux/commit/a95cdec9fa0c08e6eeb410d461c03af8fd1fef0a
- https://lore.kernel.org/lkml/20200419100848.63472-1-glider@google.com/
- https://github.com/google/kmsan/issues/76
- https://twitter.com/grsecurity/status/1252558055629299712
- https://bugzilla.redhat.com/show_bug.cgi?id=1831399
-Notes:
- carnil> Proposed fix has been accepted in linux-next tree, as per
- carnil> https://bugzilla.redhat.com/show_bug.cgi?id=1831399#c15
- bwh> The leak appears to have been introduced for x86 in 4.8 by
- bwh> commit 91c3dba7dbc1 "x86/fpu/xstate: Fix PTRACE frames for
- bwh> XSAVES".  A comparison of register sections in core dump
- bwh> under different Debian kernels agrees with that, as does
- bwh> @grsecurity (further down the thread).  Some other
- bwh> architectures are affected though.
-Bugs:
-upstream: released (5.7) [1d605416fb7175e1adf094251466caa52093b413]
-4.19-upstream-stable: released (4.19.126) [61ce1733b30fdcf45e31308bc7795b6dc7f2ffba]
-4.9-upstream-stable: released (4.9.226) [d228bc4b19e0b1c35f3eb404acbf1d607c01e64c]
-3.16-upstream-stable: released (3.16.85) [d03daec2e50aa2a0b6de2c3572af5e1d61f9d132]
-sid: released (5.6.14-2) [bugfix/all/fs-binfmt_elf.c-allocate-initialized-memory-in-fill_.patch]
-4.19-buster-security: released (4.19.118-2+deb10u1) [bugfix/all/fs-binfmt_elf.c-allocate-initialized-memory-in-fill_.patch]
-4.9-stretch-security: released (4.9.210-1+deb9u1) [bugfix/all/fs-binfmt_elf.c-allocate-initialized-memory-in-fill_.patch]
-3.16-jessie-security: ignored "Does not affect supported architectures"
diff --git a/active/CVE-2020-10751 b/active/CVE-2020-10751
deleted file mode 100644
index 1d70536e8..000000000
--- a/active/CVE-2020-10751
+++ /dev/null
@@ -1,14 +0,0 @@
-Description: selinux: properly handle multiple messages in selinux_netlink_send()
-References:
- https://bugzilla.redhat.com/show_bug.cgi?id=1839634
-  https://www.openwall.com/lists/oss-security/2020/04/30/5
-Notes:
-Bugs:
-upstream: released (5.7-rc4) [fb73974172ffaaf57a7c42f35424d9aece1a5af6]
-4.19-upstream-stable: released (4.19.121) [23075857ad192731fd9edcce3b5cd5db93602c26]
-4.9-upstream-stable: released (4.9.222) [6affa87d168d91af6c8f303dc1fc7a7f59869818]
-3.16-upstream-stable: released (3.16.85) [9592b90cdc99f58e0674e64037c422ea7e9aa367]
-sid: released (5.6.14-1)
-4.19-buster-security: released (4.19.118-2+deb10u1) [bugfix/all/selinux-properly-handle-multiple-messages-in-selinux.patch]
-4.9-stretch-security: released (4.9.210-1+deb9u1) [bugfix/all/selinux-properly-handle-multiple-messages-in-selinux.patch]
-3.16-jessie-security: released (3.16.84-1) [bugfix/all/selinux-properly-handle-multiple-messages-in-selinux.patch]
diff --git a/active/CVE-2020-12464 b/active/CVE-2020-12464
deleted file mode 100644
index 9895d20a6..000000000
--- a/active/CVE-2020-12464
+++ /dev/null
@@ -1,14 +0,0 @@
-Description: USB: core: Fix free-while-in-use bug in the USB S-Glibrary
-References:
- https://lkml.org/lkml/2020/3/23/52
- https://patchwork.kernel.org/patch/11463781/
-Notes:
-Bugs:
-upstream: released (5.7-rc3) [056ad39ee9253873522f6469c3364964a322912b]
-4.19-upstream-stable: released (4.19.119) [45ea77b75a604da875186519fea94997175c38e3]
-4.9-upstream-stable: released (4.9.221) [ab20e851e49e75a9e653463853995076899a4e48]
-3.16-upstream-stable: released (3.16.85) [575f200adca1fe48df15063b1a5673a9b5f713bd]
-sid: released (5.6.14-1)
-4.19-buster-security: released (4.19.118-2+deb10u1) [bugfix/all/usb-core-fix-free-while-in-use-bug-in-the-usb-s-glib.patch]
-4.9-stretch-security: released (4.9.210-1+deb9u1) [bugfix/all/usb-core-fix-free-while-in-use-bug-in-the-usb-s-glib.patch]
-3.16-jessie-security: released (3.16.84-1) [bugfix/all/usb-core-fix-free-while-in-use-bug-in-the-usb-s-glib.patch]
diff --git a/active/CVE-2020-12652 b/active/CVE-2020-12652
deleted file mode 100644
index bad8f9f05..000000000
--- a/active/CVE-2020-12652
+++ /dev/null
@@ -1,12 +0,0 @@
-Description: scsi: mptfusion: Fix double fetch bug in ioctl
-References:
-Notes:
-Bugs:
-upstream: released (5.5-rc7) [28d76df18f0ad5bcf5fa48510b225f0ed262a99b]
-4.19-upstream-stable: released (4.19.98) [3dae5041c65545ac65d610375b4ac30b00f174a3]
-4.9-upstream-stable: released (4.9.211) [ddfa91a194d054fb765b919e593183794d6637d6]
-3.16-upstream-stable: released (3.16.85) [a226f907bd999713e9349bc35aa133cf519a864e]
-sid: released (5.4.19-1)
-4.19-buster-security: released (4.19.98-1)
-4.9-stretch-security: released (4.9.210-1+deb9u1) [bugfix/all/scsi-mptfusion-fix-double-fetch-bug-in-ioctl.patch]
-3.16-jessie-security: released (3.16.84-1) [bugfix/all/scsi-mptfusion-fix-double-fetch-bug-in-ioctl.patch]
diff --git a/active/CVE-2020-12653 b/active/CVE-2020-12653
deleted file mode 100644
index c2eab77a7..000000000
--- a/active/CVE-2020-12653
+++ /dev/null
@@ -1,12 +0,0 @@
-Description: mwifiex: Fix possible buffer overflows in mwifiex_cmd_append_vsie_tlv()
-References:
-Notes:
-Bugs:
-upstream: released (5.6-rc1) [b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d]
-4.19-upstream-stable: released (4.19.104) [48247f7e14911a4d18e9c774ba3a1d368f5d8a6f]
-4.9-upstream-stable: released (4.9.214) [7a4d6a45f2fad3ddc07f98cf85790344ea72cd69]
-3.16-upstream-stable: released (3.16.85) [f0c210c885dbc5000d3c3e27723beedda5988cee]
-sid: released (5.5.13-1)
-4.19-buster-security: released (4.19.118-1)
-4.9-stretch-security: released (4.9.210-1+deb9u1) [bugfix/all/mwifiex-fix-possible-buffer-overflows-in-mwifiex_cmd.patch]
-3.16-jessie-security: released (3.16.84-1) [bugfix/all/mwifiex-fix-possible-buffer-overflows-in-mwifiex_cmd.patch]
diff --git a/active/CVE-2020-12654 b/active/CVE-2020-12654
deleted file mode 100644
index cfc88e3a6..000000000
--- a/active/CVE-2020-12654
+++ /dev/null
@@ -1,12 +0,0 @@
-Description: mwifiex: Fix possible buffer overflows in mwifiex_ret_wmm_get_status()
-References:
-Notes:
-Bugs:
-upstream: released (5.6-rc1) [3a9b153c5591548612c3955c9600a98150c81875]
-4.19-upstream-stable: released (4.19.104) [fab5ca79960b7fbda4e9a79a4754c749fdea2bd0]
-4.9-upstream-stable: released (4.9.214) [0a996849d8042833860fd7c9ff3dcd24e61fd416]
-3.16-upstream-stable: released (3.16.85) [60a613dc22ee9932c3ba67eadb08de357e36f01f]
-sid: released (5.5.13-1)
-4.19-buster-security: released (4.19.118-1)
-4.9-stretch-security: released (4.9.210-1+deb9u1) [bugfix/all/mwifiex-fix-possible-buffer-overflows-in-mwifiex_ret.patch]
-3.16-jessie-security: released (3.16.84-1) [bugfix/all/mwifiex-fix-possible-buffer-overflows-in-mwifiex_ret.patch]
diff --git a/active/CVE-2020-12770 b/active/CVE-2020-12770
deleted file mode 100644
index 3a1801fe1..000000000
--- a/active/CVE-2020-12770
+++ /dev/null
@@ -1,13 +0,0 @@
-Description: scsi: sg: add sg_remove_request in sg_write
-References:
- https://lkml.org/lkml/2020/4/13/870
-Notes:
-Bugs:
-upstream: released (5.7-rc3) [83c6f2390040f188cc25b270b4befeb5628c1aee]
-4.19-upstream-stable: released (4.19.124) [34fcb4291e234468f9bf9d4b851c9f522f3bbb13]
-4.9-upstream-stable: released (4.9.224) [6950c2775e02e4be51b06901306ee641e8e5b3df]
-3.16-upstream-stable: released (3.16.85) [f5eb337df20a24a9f9c7f96181ace9d61b590def]
-sid: released (5.6.14-1)
-4.19-buster-security: released (4.19.118-2+deb10u1) [bugfix/all/scsi-sg-add-sg_remove_request-in-sg_write.patch]
-4.9-stretch-security: released (4.9.210-1+deb9u1) [bugfix/all/scsi-sg-add-sg_remove_request-in-sg_write.patch]
-3.16-jessie-security: released (3.16.84-1) [bugfix/all/sg/0027-scsi-sg-add-sg_remove_request-in-sg_write.patch]
diff --git a/active/CVE-2020-13143 b/active/CVE-2020-13143
deleted file mode 100644
index 64110f509..000000000
--- a/active/CVE-2020-13143
+++ /dev/null
@@ -1,13 +0,0 @@
-Description: USB: gadget: fix illegal array access in binding with UDC
-References:
- https://www.spinics.net/lists/linux-usb/msg194331.html
-Notes:
-Bugs:
-upstream: released (5.7-rc6) [15753588bcd4bbffae1cca33c8ced5722477fe1f]
-4.19-upstream-stable: released (4.19.124) [a105bb549252e3e8bd9db0bdd81cdd6a853e4238]
-4.9-upstream-stable: released (4.9.224) [2056c78ee8abacaf71c89c999483183203e8441d]
-3.16-upstream-stable: released (3.16.85) [d126cf46f829d146dde3e6a8963e095ac6cfcd1c]
-sid: released (5.6.14-1)
-4.19-buster-security: released (4.19.118-2+deb10u1) [bugfix/all/usb-gadget-fix-illegal-array-access-in-binding-with-.patch]
-4.9-stretch-security: released (4.9.210-1+deb9u1) [bugfix/all/usb-gadget-fix-illegal-array-access-in-binding-with-.patch]
-3.16-jessie-security: released (3.16.84-1) [bugfix/all/usb-gadget-fix-illegal-array-access-in-binding-with-.patch]