diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2020-01-29 06:06:25 +0100 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2020-01-29 06:06:25 +0100 |
commit | c3b06f9bc74e8b3283af2e0b54415913b0ed2d3a (patch) | |
tree | 435ab1e6cd2b05a4cb7a899b916170ddd08af86e /active/CVE-2020-8428 | |
parent | 232b15941400e61ad555a9934bd580863d909975 (diff) |
Update notes on CVE-2020-8428
Reference full commit ID for the upstream commit for earier tracking
while grepping trough the upstream git log. Not necessary but makes
things a bit easier.
The 30aba6656f61 ("namei: allow restricted O_CREAT of FIFOs and regular
files") change was as well backported to several stable releases
(4.4.166, 4.9.142 and 4.14.85) and is thus as issue as well present in
older upstream releases (and Debian releases).
Diffstat (limited to 'active/CVE-2020-8428')
-rw-r--r-- | active/CVE-2020-8428 | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/active/CVE-2020-8428 b/active/CVE-2020-8428 index 40a1c53c4..2c98b17fc 100644 --- a/active/CVE-2020-8428 +++ b/active/CVE-2020-8428 @@ -2,12 +2,15 @@ Description: user-triggerable read-after-free crash or 1-bit infoleak oracle in References: https://www.openwall.com/lists/oss-security/2020/01/28/2 Notes: + carnil> The issue go introduced with 30aba6656f61 ("namei: allow + carnil> restricted O_CREAT of FIFOs and regular files") in 4.19-rc1 + carnil> which got backported to 4.4.166, 4.9.142 and 4.14.85. Bugs: -upstream: released (5.5) [d0cb50185ae9] +upstream: released (5.5) [d0cb50185ae942b03c4327be322055d622dc79f6] 4.19-upstream-stable: needed -4.9-upstream-stable: N/A "Introduced in 4.19 with 30aba6656f61" +4.9-upstream-stable: needed 3.16-upstream-stable: N/A "Introduced in 4.19 with 30aba6656f61" sid: needed 4.19-buster-security: needed -4.9-stretch-security: N/A "Introduced in 4.19 with 30aba6656f61" +4.9-stretch-security: needed 3.16-jessie-security: N/A "Introduced in 4.19 with 30aba6656f61" |