Add new batch of CVEs

One source of problem for the automatic processing was the following
manual fixup:

- detection of N/A in case the version never affected a unstable
  released version and so the sid: field should be N/A "Vulnerable code
  not present"
- The second manual fixup is where 5.14.6-1 was placed as fixed version
  for sid, as it should have been 5.10.46-1 as this is before the
  branching point. There is no such support of tracking branching points
  yet so it seems to cause fallouts on the recent CVEs assigned by
  importing the issues from the GSD.

1 files changed, 18 insertions, 0 deletions

diff --git a/active/CVE-2021-47119 b/active/CVE-2021-47119
new file mode 100644
index 000000000..7095baffc
--- /dev/null
+++ b/active/CVE-2021-47119
@@ -0,0 +1,18 @@
+Description: ext4: fix memory leak in ext4_fill_super
+References:
+Notes:
+ carnil> Introduced in ce40733ce93d ("ext4: Check for return value from
+ carnil> sb_set_blocksize")
+ carnil> ac27a0ec112a ("ext4: initial copy of files from ext3"). Vulnerable versions:
+ carnil> 2.6.19-rc2 2.6.25-rc1.
+Bugs:
+upstream: released (5.13-rc5) [afd09b617db3786b6ef3dc43e28fe728cfea84df]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.43) [01d349a481f0591230300a9171330136f9159bcd]
+4.19-upstream-stable: needed
+sid: released (5.10.46-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: needed