Retire some CVEs

author: Salvatore Bonaccorso <carnil@debian.org> 2023-09-18 22:12:26 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2023-09-18 22:12:26 +0200
commit: b98f46981ffa8710b6e0bc56f82f6e28e2169d69 (patch)
tree: a93332e7467456f19e2085b8b2f5e175efea12e2 /retired/CVE-2023-3866
parent: b91ae5548fb0d0f253c63350e4de6b4b7669aabc (diff)
1 files changed, 14 insertions, 0 deletions
diff --git a/retired/CVE-2023-3866 b/retired/CVE-2023-3866
new file mode 100644
index 00000000..2f180735
--- /dev/null
+++ b/retired/CVE-2023-3866
@@ -0,0 +1,14 @@
+Description: ksmbd: validate session id and tree id in the compound request
+References:
+ https://www.zerodayinitiative.com/advisories/ZDI-23-979/
+ https://lore.kernel.org/all/20230626180806.105257976@linuxfoundation.org/
+Notes:
+Bugs:
+upstream: released (6.4) [5005bcb4219156f1bf7587b185080ec1da08518e]
+6.1-upstream-stable: released (6.1.36) [854156d12caa9d36de1cf5f084591c7686cc8a9d]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.3.11-1)
+6.1-bookworm-security: released (6.1.37-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
author	Salvatore Bonaccorso <carnil@debian.org>	2023-09-18 22:12:26 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2023-09-18 22:12:26 +0200
commit	b98f46981ffa8710b6e0bc56f82f6e28e2169d69 (patch)
tree	a93332e7467456f19e2085b8b2f5e175efea12e2 /retired/CVE-2023-3866
parent	b91ae5548fb0d0f253c63350e4de6b4b7669aabc (diff)