Retire several CVEs

author: Salvatore Bonaccorso <carnil@debian.org> 2019-09-24 07:39:58 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2019-09-24 07:39:58 +0200
commit: 00a337260d796a9baa1d154f947bc423a044a4ea (patch)
tree: ad8eb20cb2bb17b654c3c9949730939ea7eb78bf /retired/CVE-2019-15221
parent: 58648f90939c3adbea0b3be37aa2cc78628fadca (diff)
1 files changed, 18 insertions, 0 deletions
diff --git a/retired/CVE-2019-15221 b/retired/CVE-2019-15221
new file mode 100644
index 00000000..ebb22c7b
--- /dev/null
+++ b/retired/CVE-2019-15221
@@ -0,0 +1,18 @@
+Description: ALSA: line6: Fix write on zero-sized buffer
+References:
+ https://syzkaller.appspot.com/bug?id=240f09164db2c3d3af33a117c713dc7650dc29d6
+Notes:
+ bwh> The fix for this introduced a memory leak, fixed by upstream commit
+ bwh> 1bc8d18c75fe "ALSA: line6: Fix memory leak at line6_init_pcm() error
+ bwh> path".  I haven't backported that to 3.16 as it depends on earlier
+ bwh> refactoring of the driver, and a small memory leak is still better
+ bwh> than this issue.
+Bugs:
+upstream: released (5.2) [3450121997ce872eb7f1248417225827ea249710]
+4.19-upstream-stable: released (4.19.58) [7f52af5e9baa9c478edcecdd4058eeef2835b1c3]
+4.9-upstream-stable: released (4.9.185) [8b449e9dc215e47641c4737a199b7767ffd032a9]
+3.16-upstream-stable: released (3.16.74) [f1508f326a3b8f29beef9ca399bec516ecfd0b2a]
+sid: released (5.2.6-1)
+4.19-buster-security: released (4.19.67-1)
+4.9-stretch-security: released (4.9.185-1)
+3.16-jessie-security: released (3.16.74-1)
author	Salvatore Bonaccorso <carnil@debian.org>	2019-09-24 07:39:58 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2019-09-24 07:39:58 +0200
commit	00a337260d796a9baa1d154f947bc423a044a4ea (patch)
tree	ad8eb20cb2bb17b654c3c9949730939ea7eb78bf /retired/CVE-2019-15221
parent	58648f90939c3adbea0b3be37aa2cc78628fadca (diff)