Add new assigned CVEs

Key issue remaining is yet to find the correct version in unstable due to branching for a release. Up to now the script will otherwise mark 5.10.40-1 as fixed in the bullseye branch, which is not correct as this was before the branching point and at same point mark an experimental version for the fix in sid. The rest seems to work reasonable now but will need a review later.
author: Salvatore Bonaccorso <carnil@debian.org> 2024-03-01 22:44:17 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2024-03-01 22:44:53 +0100
commit: 47b8f95b2c6a287f933ae7baac7b4c6be0d5951c (patch)
tree: a05d623ccfc194b9eb6ca82ed6b0986c2b310b46 /active/CVE-2021-47070
parent: 3a986a63a8120ce5be3821cd1cfacd8d3ea9f503 (diff)
1 files changed, 16 insertions, 0 deletions
diff --git a/active/CVE-2021-47070 b/active/CVE-2021-47070
new file mode 100644
index 000000000..f981d4f86
--- /dev/null
+++ b/active/CVE-2021-47070
@@ -0,0 +1,16 @@
+Description: uio_hv_generic: Fix another memory leak in error handling paths
+References:
+Notes:
+ carnil> Introduced in cdfa835c6e5e ("uio_hv_generic: defer opening vmbus until first
+ carnil> use"). Vulnerable versions: 4.20-rc1.
+Bugs:
+upstream: released (5.13-rc3) [0b0226be3a52dadd965644bc52a807961c2c26df]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: needed
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
author	Salvatore Bonaccorso <carnil@debian.org>	2024-03-01 22:44:17 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2024-03-01 22:44:53 +0100
commit	47b8f95b2c6a287f933ae7baac7b4c6be0d5951c (patch)
tree	a05d623ccfc194b9eb6ca82ed6b0986c2b310b46 /active/CVE-2021-47070
parent	3a986a63a8120ce5be3821cd1cfacd8d3ea9f503 (diff)