Add new batch of CVEs assigned from Linux kernel CNA

Manual fixup for the sid version not correctly detecting 6.6.15-1 as the right now and instead using 6.7.7-1 one.
author: Salvatore Bonaccorso <carnil@debian.org> 2024-04-02 10:56:31 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2024-04-02 10:56:31 +0200
commit: 394790af91161b751b9411f7737a4207ba5c0b55 (patch)
tree: e24f0764bf786f47a569956869194e71add754ec /active/CVE-2024-26668
parent: 612fa53fe5f7ec56deab8572d3abc0d9f345e3c0 (diff)
1 files changed, 16 insertions, 0 deletions
diff --git a/active/CVE-2024-26668 b/active/CVE-2024-26668
new file mode 100644
index 000000000..d19618e71
--- /dev/null
+++ b/active/CVE-2024-26668
@@ -0,0 +1,16 @@
+Description: netfilter: nft_limit: reject configurations that cause integer overflow
+References:
+Notes:
+ carnil> Introduced in d2168e849ebf ("netfilter: nft_limit: add per-byte limiting").
+ carnil> Vulnerable versions: 4.3-rc1.
+Bugs:
+upstream: released (6.8-rc2) [c9d9eb9c53d37cdebbad56b91e40baf42d5a97aa]
+6.7-upstream-stable: released (6.7.3) [00c2c29aa36d1d1827c51a3720e9f893a22c7c6a]
+6.6-upstream-stable: released (6.6.15) [9882495d02ecc490604f747437a40626dc9160d0]
+6.1-upstream-stable: released (6.1.76) [bc6e242bb74e2ae616bfd2b250682b738e781c9b]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
author	Salvatore Bonaccorso <carnil@debian.org>	2024-04-02 10:56:31 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2024-04-02 10:56:31 +0200
commit	394790af91161b751b9411f7737a4207ba5c0b55 (patch)
tree	e24f0764bf786f47a569956869194e71add754ec /active/CVE-2024-26668
parent	612fa53fe5f7ec56deab8572d3abc0d9f345e3c0 (diff)