Retire some CVEs

author: Salvatore Bonaccorso <carnil@debian.org> 2020-09-26 10:52:26 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2020-09-26 10:52:26 +0200
commit: 8d6eac2346ca8fe2703170453cf5e22779a2fdec (patch)
tree: af074994b2f98973141e838d074ce1c52148afe5 /retired/CVE-2019-19072
parent: 7772a03900735b97ac9eabc3116b4adb186cd850 (diff)
1 files changed, 16 insertions, 0 deletions
diff --git a/retired/CVE-2019-19072 b/retired/CVE-2019-19072
new file mode 100644
index 00000000..19ca2ebd
--- /dev/null
+++ b/retired/CVE-2019-19072
@@ -0,0 +1,16 @@
+Description: tracing: Have error path in predicate_parse() free its allocated memory
+References:
+Notes:
+ carnil> Introduced in 80765597bc58 ("tracing: Rewrite filter logic to
+ carnil> be simpler and faster") in 4.17-rc1.
+ bwh> This doesn't seem to have a security impact since tracing is a
+ bwh> privileged operation.
+Bugs:
+upstream: released (5.4-rc1) [96c5c6e6a5b6db592acae039fed54b5c8844cd35]
+4.19-upstream-stable: released (4.19.137) [7deb2dcb8963812742ed08420cfa4e23bbeda074]
+4.9-upstream-stable: N/A "Vulnerable code not present"
+3.16-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.4.6-1)
+4.19-buster-security: released (4.19.146-1)
+4.9-stretch-security: N/A "Vulnerable code not present"
+3.16-jessie-security: N/A "Vulnerable code not present"
author	Salvatore Bonaccorso <carnil@debian.org>	2020-09-26 10:52:26 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2020-09-26 10:52:26 +0200
commit	8d6eac2346ca8fe2703170453cf5e22779a2fdec (patch)
tree	af074994b2f98973141e838d074ce1c52148afe5 /retired/CVE-2019-19072
parent	7772a03900735b97ac9eabc3116b4adb186cd850 (diff)