Add CVE-2019-10220

author: Salvatore Bonaccorso <carnil@debian.org> 2019-11-27 21:17:22 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2019-11-27 21:17:22 +0100
commit: 9e9d9fe4f26730fbbe24bd84a8e0e6dc3ac074f0 (patch)
tree: 38bd0db8c865d0c09f63bdb8cd56142e79363319 /active/CVE-2019-10220
parent: 36d27121012e8859bf6b830b33bf07759d246f86 (diff)
1 files changed, 19 insertions, 0 deletions
diff --git a/active/CVE-2019-10220 b/active/CVE-2019-10220
new file mode 100644
index 000000000..93f1bdea1
--- /dev/null
+++ b/active/CVE-2019-10220
@@ -0,0 +1,19 @@
+Description: CIFS: Relative paths injection in directory entry lists
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=1741727
+ https://bugzilla.suse.com/show_bug.cgi?id=1144903
+ https://bugzilla.samba.org/show_bug.cgi?id=14072
+Notes:
+ carnil> Needed a followup c512c6918719 ("uaccess: implement a proper
+ carnil> unsafe_copy_to_user() and switch filldir over to it"), cf.
+ carnil> https://lore.kernel.org/linux-fsdevel/20191006222046.GA18027@roeck-us.net/
+ carnil> which landed in 5.4-rc3.
+Bugs:
+upstream: released (5.4-rc2) [9f79b78ef74436c7507bac6bfb7b8b989263bccb, 8a23eb804ca4f2be909e372cf5a9e7b30ae476cd
+4.19-upstream-stable:
+4.9-upstream-stable:
+3.16-upstream-stable:
+sid:
+4.19-buster-security:
+4.9-stretch-security:
+3.16-jessie-security:
author	Salvatore Bonaccorso <carnil@debian.org>	2019-11-27 21:17:22 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2019-11-27 21:17:22 +0100
commit	9e9d9fe4f26730fbbe24bd84a8e0e6dc3ac074f0 (patch)
tree	38bd0db8c865d0c09f63bdb8cd56142e79363319 /active/CVE-2019-10220
parent	36d27121012e8859bf6b830b33bf07759d246f86 (diff)