diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2020-02-09 21:22:45 +0100 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2020-02-09 21:22:45 +0100 |
commit | 30e923c9029fa0f9ba1976670c8ee73cbf02169e (patch) | |
tree | 87b0fd686e9a24569aaaf32fc5792062600f7517 /active/CVE-2019-10220 | |
parent | 00d322afed3dc04e74ab0037716e96278c5b8ac6 (diff) |
Retire some CVEs
Diffstat (limited to 'active/CVE-2019-10220')
-rw-r--r-- | active/CVE-2019-10220 | 23 |
1 files changed, 0 insertions, 23 deletions
diff --git a/active/CVE-2019-10220 b/active/CVE-2019-10220 deleted file mode 100644 index be260f163..000000000 --- a/active/CVE-2019-10220 +++ /dev/null @@ -1,23 +0,0 @@ -Description: CIFS: Relative paths injection in directory entry lists -References: - https://bugzilla.redhat.com/show_bug.cgi?id=1741727 - https://bugzilla.suse.com/show_bug.cgi?id=1144903 - https://bugzilla.samba.org/show_bug.cgi?id=14072 -Notes: - carnil> Needed a followup c512c6918719 ("uaccess: implement a proper - carnil> unsafe_copy_to_user() and switch filldir over to it"), cf. - carnil> https://lore.kernel.org/linux-fsdevel/20191006222046.GA18027@roeck-us.net/ - carnil> which landed in 5.4-rc3. - bwh> Although this was reported against CIFS, it seems to be a general - bwh> vulnerability for all filesystems dealing with untrusted servers or - bwh> storage. Thankfully the fix is also general. - bwh> The changes to uaccess in filldir are *not* required. -Bugs: -upstream: released (5.4-rc4) [8a23eb804ca4f2be909e372cf5a9e7b30ae476cd, b9959c7a347d6adbb558fba7e36e9fef3cba3b07] -4.19-upstream-stable: released (4.19.93) [40696eb2bce798c4764886fbc576426bd5c4cc3c, 0643c3d694ad9f1e5cb0bc7a487bf9f86a5eaf75] -4.9-upstream-stable: released (4.9.208) [89f58402e7088d38365f227a7943b1b3fed7489b, 1944687187713590a8722f3f1dfd1cd90e7cbde6] -3.16-upstream-stable: released (3.16.81) [8b85eda7dac918a308e6e1d9137887930e80827a, 0ad70158f3c02e373e17377237b85e43f06d6752] -sid: released (5.3.9-1) -4.19-buster-security: released (4.19.98-1) -4.9-stretch-security: released (4.9.210-1) -3.16-jessie-security: released (3.16.81-1) |