Add first batch of CVE descriptions for 6.1.37-1 update

author: Salvatore Bonaccorso <carnil@debian.org> 2023-07-05 16:10:40 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2023-07-05 16:10:40 +0200
commit: dfcc63ef606ad4a26ec81d2c2c751b498864b759 (patch)
tree: a79979646119c9af3b0fafa655dd95b7bd368bdd /dsa-texts
parent: b8344f0e9058eaa4ebc58f7b2bfbf2c250252112 (diff)
1 files changed, 15 insertions, 0 deletions
diff --git a/dsa-texts/6.1.37-1 b/dsa-texts/6.1.37-1
index 57e9d14e..53d0c1ca 100644
--- a/dsa-texts/6.1.37-1
+++ b/dsa-texts/6.1.37-1
@@ -6,8 +6,23 @@ may lead to a privilege escalation, denial of service or information
 leaks.
 
 CVE-2023-2124
+
+    Kyle Zeng, Akshay Ajayan and Fish Wang that missing metadata
+    validation may result in denial of service, or potentially privilege
+    escalation, if a corrupted XFS disk image is mounted.
+
 CVE-2023-2156
+
+    Max VA discovered that the IPv6 RPL protocol implementation in the
+    Linux kernel did not properly handled user-supplied data, resulting
+    in an assertion failure. An unauthenticated remote attacker can take
+    advantage of this flaw for denial of service.
+
 CVE-2023-2269
+
+    Zheng Zhang reported that improper handling of locking in the device-
+    mapper implementation may result in denial of service.
+
 CVE-2023-3090
 CVE-2023-31084
 CVE-2023-3141
author	Salvatore Bonaccorso <carnil@debian.org>	2023-07-05 16:10:40 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2023-07-05 16:10:40 +0200
commit	dfcc63ef606ad4a26ec81d2c2c751b498864b759 (patch)
tree	a79979646119c9af3b0fafa655dd95b7bd368bdd /dsa-texts
parent	b8344f0e9058eaa4ebc58f7b2bfbf2c250252112 (diff)