Retire some CVEs

author: Salvatore Bonaccorso <carnil@debian.org> 2020-02-09 21:22:45 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2020-02-09 21:22:45 +0100
commit: 30e923c9029fa0f9ba1976670c8ee73cbf02169e (patch)
tree: 87b0fd686e9a24569aaaf32fc5792062600f7517 /retired/CVE-2019-19037
parent: 00d322afed3dc04e74ab0037716e96278c5b8ac6 (diff)
1 files changed, 18 insertions, 0 deletions
diff --git a/retired/CVE-2019-19037 b/retired/CVE-2019-19037
new file mode 100644
index 00000000..5bd5a171
--- /dev/null
+++ b/retired/CVE-2019-19037
@@ -0,0 +1,18 @@
+Description: ext4: Fix ext4_empty_dir() for directories with holes
+References:
+ https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19037
+ https://lore.kernel.org/stable/20191202170213.4761-2-jack@suse.cz/
+Notes:
+ carnil> commit fixes Fixes: 4e19d6b65fb4 ("ext4: allow directory
+ carnil> holes") which is in 5.3-rc1 but was backported to various other
+ carnil> stable trees in 5.2.4, 5.1.21, 4.19.62, 4.14.135 and 4.9.187
+ carnil> already.
+Bugs:
+upstream: released (5.5-rc3) [64d4ce892383b2ad6d782e080d25502f91bf2a38]
+4.19-upstream-stable: released (4.19.92) [1e62ac6b1307129c0f9ca68e9db4227239b4ab19]
+4.9-upstream-stable: released (4.9.208) [dfcbd407f81e645601bccef8912af79b3d1ca87b]
+3.16-upstream-stable: N/A "Vulnerability introduced later"
+sid: released (5.4.8-1)
+4.19-buster-security: released (4.19.98-1)
+4.9-stretch-security: released (4.9.210-1)
+3.16-jessie-security: N/A "Vulnerability introduced later"
author	Salvatore Bonaccorso <carnil@debian.org>	2020-02-09 21:22:45 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2020-02-09 21:22:45 +0100
commit	30e923c9029fa0f9ba1976670c8ee73cbf02169e (patch)
tree	87b0fd686e9a24569aaaf32fc5792062600f7517 /retired/CVE-2019-19037
parent	00d322afed3dc04e74ab0037716e96278c5b8ac6 (diff)