Update information on CVE-2023-1192

author: Salvatore Bonaccorso <carnil@debian.org> 2024-01-05 15:45:49 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2024-01-05 15:45:49 +0100
commit: 1571da26aabeaa9533187bb7fc001ba275fb43c2 (patch)
tree: 4be6236ed936c52895307f558d2550195b1653d6 /active/CVE-2023-1192
parent: a11718ea1fb193ba0a4dce15a6d024959000268f (diff)
1 files changed, 9 insertions, 4 deletions
diff --git a/active/CVE-2023-1192 b/active/CVE-2023-1192
index f64599535..2a4e0762e 100644
--- a/active/CVE-2023-1192
+++ b/active/CVE-2023-1192
@@ -6,12 +6,17 @@ References:
 Notes:
  bwh> Introduced in 5.10 by commit 8e670f77c4a5 "Handle STATUS_IO_TIMEOUT
  bwh> gracefully".  I posted my analysis and an untested patch on RHBZ.
+ carnil> Paulo Alcantara replied that this issue is supposed to be fixed
+ carnil> with d527f51331ca ("cifs: Fix UAF in
+ carnil> cifs_demultiplex_thread()") and that wile the commit mentions
+ carnil> an UAF in >is_network_name_deleted() it should work as well for
+ carnil> the smb2_is_status_io_timeout() case.
 Bugs:
-upstream: needed
-6.1-upstream-stable: needed
+upstream: released (6.6-rc3) [d527f51331cace562393a8038d870b3e9916686f]
+6.1-upstream-stable: released (6.1.56) [908b3b5e97d25e879de3d1f172a255665491c2c3]
 5.10-upstream-stable: needed
 4.19-upstream-stable: N/A "Vulnerable code not present"
-sid: needed
-6.1-bookworm-security: needed
+sid: released (6.5.6-1)
+6.1-bookworm-security: released (6.1.64-1)
 5.10-bullseye-security: needed
 4.19-buster-security: N/A "Vulnerable code not present"
author	Salvatore Bonaccorso <carnil@debian.org>	2024-01-05 15:45:49 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2024-01-05 15:45:49 +0100
commit	1571da26aabeaa9533187bb7fc001ba275fb43c2 (patch)
tree	4be6236ed936c52895307f558d2550195b1653d6 /active/CVE-2023-1192
parent	a11718ea1fb193ba0a4dce15a6d024959000268f (diff)