diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2023-08-17 14:05:02 +0200 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2023-08-17 14:05:02 +0200 |
commit | 7108b67fdb16ae22436d11a45d0541de42641e2c (patch) | |
tree | b8a89b296cec8bce62efef1364b44dca69c9d86a /retired/CVE-2023-2007 | |
parent | 828c92322780d598ea229eb47121eace48d3e71a (diff) |
Retire several more CVEs
While we have not yet released the 5.10.191-1 DSA it does not matter if
they are alredy retired. We have tagged 5.10.191-1 in git and working on
the DSA can be done indepently.
Diffstat (limited to 'retired/CVE-2023-2007')
-rw-r--r-- | retired/CVE-2023-2007 | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/retired/CVE-2023-2007 b/retired/CVE-2023-2007 new file mode 100644 index 00000000..fbe4ba4b --- /dev/null +++ b/retired/CVE-2023-2007 @@ -0,0 +1,17 @@ +Description: dpt_i2o: TOCTTOU in adpt_i2o_passthru() +References: + https://www.zerodayinitiative.com/advisories/ZDI-23-440/ + https://lore.kernel.org/stable/b1d71ba992d0adab2519dff17f6d241279c0f5f1.camel@debian.org/ +Notes: + carnil> Issue upstream fixed by removing the driver. + carnil> For other stable backports "scsi: dpt_i2o: Remove broken pass- + carnil> through ioctl (I2OUSERCMD)" fixes the issue. +Bugs: +upstream: released (6.0-rc1) [b04e75a4a8a81887386a0d2dbf605a48e779d2a0] +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.183) [a2cd7599b558d6c70c01880d470f6eedaf6a8f23] +4.19-upstream-stable: released (4.19.285) [1b88816a9499608c736e192e0f442e65d4b71de1] +sid: released (6.0.2-1) +6.1-bookworm-security: N/A "Fixed before branch point" +5.10-bullseye-security: released (5.10.191-1) +4.19-buster-security: released (4.19.289-1) |