From 47d3d8e470b8c1866c57d312840357915944314c Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Tue, 26 Mar 2024 20:48:42 +0100
Subject: Retire some CVEs

---
 active/CVE-2023-52626  | 16 ----------------
 active/CVE-2024-26649  | 16 ----------------
 active/CVE-2024-26650  | 16 ----------------
 retired/CVE-2023-52626 | 16 ++++++++++++++++
 retired/CVE-2024-26649 | 16 ++++++++++++++++
 retired/CVE-2024-26650 | 16 ++++++++++++++++
 6 files changed, 48 insertions(+), 48 deletions(-)
 delete mode 100644 active/CVE-2023-52626
 delete mode 100644 active/CVE-2024-26649
 delete mode 100644 active/CVE-2024-26650
 create mode 100644 retired/CVE-2023-52626
 create mode 100644 retired/CVE-2024-26649
 create mode 100644 retired/CVE-2024-26650

diff --git a/active/CVE-2023-52626 b/active/CVE-2023-52626
deleted file mode 100644
index df266106..00000000
--- a/active/CVE-2023-52626
+++ /dev/null
@@ -1,16 +0,0 @@
-Description: net/mlx5e: Fix operation precedence bug in port timestamping napi_poll context
-References:
-Notes:
- carnil> Introduced in 92214be5979c ("net/mlx5e: Update doorbell for port timestamping
- carnil> CQ before the software counter"). Vulnerable versions: 6.5.13 6.6.3 6.7-rc2.
-Bugs:
-upstream: released (6.8-rc2) [3876638b2c7ebb2c9d181de1191db0de8cac143a]
-6.7-upstream-stable: released (6.7.3) [33cdeae8c6fb58cc445f859b67c014dc9f60b4e0]
-6.6-upstream-stable: released (6.6.15) [40e0d0746390c5b0c31144f4f1688d72f3f8d790]
-6.1-upstream-stable: N/A "Vulnerable code not present"
-5.10-upstream-stable: N/A "Vulnerable code not present"
-4.19-upstream-stable: N/A "Vulnerable code not present"
-sid: released (6.6.15-1)
-6.1-bookworm-security: N/A "Vulnerable code not present"
-5.10-bullseye-security: N/A "Vulnerable code not present"
-4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26649 b/active/CVE-2024-26649
deleted file mode 100644
index d5f2f115..00000000
--- a/active/CVE-2024-26649
+++ /dev/null
@@ -1,16 +0,0 @@
-Description: drm/amdgpu: Fix the null pointer when load rlc firmware
-References:
-Notes:
- carnil> Introduced in 3da9b71563cb ("drm/amd: Use `amdgpu_ucode_*` helpers for GFX10").
- carnil> Vulnerable versions: 6.3-rc1.
-Bugs:
-upstream: released (6.8-rc1) [bc03c02cc1991a066b23e69bbcc0f66e8f1f7453]
-6.7-upstream-stable: released (6.7.3) [d3887448486caeef9687fb5dfebd4ff91e0f25aa]
-6.6-upstream-stable: released (6.6.15) [8b5bacce2d13dbe648f0bfd3f738ecce8db4978c]
-6.1-upstream-stable: N/A "Vulnerable code not present"
-5.10-upstream-stable: N/A "Vulnerable code not present"
-4.19-upstream-stable: N/A "Vulnerable code not present"
-sid: released (6.6.15-1)
-6.1-bookworm-security: N/A "Vulnerable code not present"
-5.10-bullseye-security: N/A "Vulnerable code not present"
-4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26650 b/active/CVE-2024-26650
deleted file mode 100644
index 403b2741..00000000
--- a/active/CVE-2024-26650
+++ /dev/null
@@ -1,16 +0,0 @@
-Description: platform/x86: p2sb: Allow p2sb_bar() calls during PCI device probe
-References:
-Notes:
- carnil> Introduced in 9745fb07474f ("platform/x86/intel: Add Primary to Sideband (P2SB)
- carnil> bridge support"). Vulnerable versions: 6.0-rc1.
-Bugs:
-upstream: released (6.8-rc2) [5913320eb0b3ec88158cfcb0fa5e996bf4ef681b]
-6.7-upstream-stable: released (6.7.3) [d281ac9a987c553d93211b90fd4fe97d8eca32cd]
-6.6-upstream-stable: released (6.6.15) [847e1eb30e269a094da046c08273abe3f3361cf2]
-6.1-upstream-stable: released (6.1.76) [2841631a03652f32b595c563695d0461072e0de4]
-5.10-upstream-stable: N/A "Vulnerable code not present"
-4.19-upstream-stable: N/A "Vulnerable code not present"
-sid: released (6.6.15-1)
-6.1-bookworm-security: released (6.1.76-1)
-5.10-bullseye-security: N/A "Vulnerable code not present"
-4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52626 b/retired/CVE-2023-52626
new file mode 100644
index 00000000..df266106
--- /dev/null
+++ b/retired/CVE-2023-52626
@@ -0,0 +1,16 @@
+Description: net/mlx5e: Fix operation precedence bug in port timestamping napi_poll context
+References:
+Notes:
+ carnil> Introduced in 92214be5979c ("net/mlx5e: Update doorbell for port timestamping
+ carnil> CQ before the software counter"). Vulnerable versions: 6.5.13 6.6.3 6.7-rc2.
+Bugs:
+upstream: released (6.8-rc2) [3876638b2c7ebb2c9d181de1191db0de8cac143a]
+6.7-upstream-stable: released (6.7.3) [33cdeae8c6fb58cc445f859b67c014dc9f60b4e0]
+6.6-upstream-stable: released (6.6.15) [40e0d0746390c5b0c31144f4f1688d72f3f8d790]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26649 b/retired/CVE-2024-26649
new file mode 100644
index 00000000..d5f2f115
--- /dev/null
+++ b/retired/CVE-2024-26649
@@ -0,0 +1,16 @@
+Description: drm/amdgpu: Fix the null pointer when load rlc firmware
+References:
+Notes:
+ carnil> Introduced in 3da9b71563cb ("drm/amd: Use `amdgpu_ucode_*` helpers for GFX10").
+ carnil> Vulnerable versions: 6.3-rc1.
+Bugs:
+upstream: released (6.8-rc1) [bc03c02cc1991a066b23e69bbcc0f66e8f1f7453]
+6.7-upstream-stable: released (6.7.3) [d3887448486caeef9687fb5dfebd4ff91e0f25aa]
+6.6-upstream-stable: released (6.6.15) [8b5bacce2d13dbe648f0bfd3f738ecce8db4978c]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26650 b/retired/CVE-2024-26650
new file mode 100644
index 00000000..403b2741
--- /dev/null
+++ b/retired/CVE-2024-26650
@@ -0,0 +1,16 @@
+Description: platform/x86: p2sb: Allow p2sb_bar() calls during PCI device probe
+References:
+Notes:
+ carnil> Introduced in 9745fb07474f ("platform/x86/intel: Add Primary to Sideband (P2SB)
+ carnil> bridge support"). Vulnerable versions: 6.0-rc1.
+Bugs:
+upstream: released (6.8-rc2) [5913320eb0b3ec88158cfcb0fa5e996bf4ef681b]
+6.7-upstream-stable: released (6.7.3) [d281ac9a987c553d93211b90fd4fe97d8eca32cd]
+6.6-upstream-stable: released (6.6.15) [847e1eb30e269a094da046c08273abe3f3361cf2]
+6.1-upstream-stable: released (6.1.76) [2841631a03652f32b595c563695d0461072e0de4]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
-- 
cgit v1.2.3