Retire some CVEs

1 files changed, 20 insertions, 0 deletions

diff --git a/retired/CVE-2019-0136 b/retired/CVE-2019-0136
new file mode 100644
index 00000000..d8fa5a9e
--- /dev/null
+++ b/retired/CVE-2019-0136
@@ -0,0 +1,20 @@
+Description: Insufficient access control in the Intel(R) PROSet/Wireless WiFi Software driver before version 21.10 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
+References:
+ https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-0136.html
+Notes:
+ carnil> the second commit 79c92ca42b5a ("mac80211: handle
+ carnil> deauthentication/disassociation from TDLS peer") is not applied
+ carnil> to older branches and might need investigation if applicable.
+ bwh> I think commit 79c92ca42b5a is relevant to older branches and have
+ bwh> backported it to 3.16.
+ carnil> Backport request for 4.9: https://lore.kernel.org/stable/20190927115711.GA8961@eldamar.local/
+ bwh> stretch still only has the first commit.
+Bugs:
+upstream: released (v5.2-rc6) [588f7d39b3592a36fb7702ae3b8bdd9be4621e2f, 79c92ca42b5a3e0ea172ea2ce8df8e125af237da]
+4.19-upstream-stable: released (4.19.56) [0e879ef1cb5baddebe1f12a9a3940a87d8e61558, 1e1007ac47d85dacf6d45821a2870b6268499700]
+4.9-upstream-stable: released (4.9.195) [9f0f5ff93ed0205a90f11103e9937f3c0417cd4b, 7b1f4ffab73d9319b8132bbf5f4a0e2110a98bde]
+3.16-upstream-stable: released (3.16.74) [62909f7d0b1360ddb147bae8f546228dd93588e1, 8c2981482a9a1b8910dd0b4365b53db1a056ae66]
+sid: released (5.2.6-1)
+4.19-buster-security: released (4.19.67-1)
+4.9-stretch-security: released (4.9.210-1)
+3.16-jessie-security: released (3.16.74-1)