Retire some CVEs

author: Salvatore Bonaccorso <carnil@debian.org> 2021-10-09 09:44:22 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2021-10-09 09:44:22 +0200
commit: ca55e0e9d4f83b79bf312005dc6da4447730da09 (patch)
tree: 81697cb53610a50dcc7abc220e7ef375c3ede22d /retired/CVE-2021-3743
parent: f938e2d3183e17467d915f4f68659da593a85017 (diff)
1 files changed, 16 insertions, 0 deletions
diff --git a/retired/CVE-2021-3743 b/retired/CVE-2021-3743
new file mode 100644
index 000000000..bd57394db
--- /dev/null
+++ b/retired/CVE-2021-3743
@@ -0,0 +1,16 @@
+Description: out-of-bound Read in qrtr_endpoint_post in net/qrtr/qrtr.c
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=1997961
+ https://lists.openwall.net/netdev/2021/08/17/124
+Notes:
+ bwh> Introduced in 4.15 by 194ccc88297a "net: qrtr: Support decoding
+ bwh> incoming v2 packets"
+Bugs:
+upstream: released (5.14) [7e78c597c3ebfd0cb329aa09a838734147e4f117]
+5.10-upstream-stable: released (5.10.62) [ad41706c771a038e9a334fa55216abd69b32bfdf]
+4.19-upstream-stable: released (4.19.206) [ce7d8be2eaa4cab3032e256d154d1c33843d2367]
+4.9-upstream-stable: N/A "Vulnerability introduced later"
+sid: released (5.14.6-1)
+5.10-bullseye-security: released (5.10.46-5) [bugfix/all/net-qrtr-fix-another-OOB-Read-in-qrtr_endpoint_post.patch]
+4.19-buster-security: released (4.19.208-1)
+4.9-stretch-security: N/A "Vulnerability introduced later"
author	Salvatore Bonaccorso <carnil@debian.org>	2021-10-09 09:44:22 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2021-10-09 09:44:22 +0200
commit	ca55e0e9d4f83b79bf312005dc6da4447730da09 (patch)
tree	81697cb53610a50dcc7abc220e7ef375c3ede22d /retired/CVE-2021-3743
parent	f938e2d3183e17467d915f4f68659da593a85017 (diff)