Retire some CVEs

1 files changed, 23 insertions, 0 deletions

diff --git a/retired/CVE-2019-10220 b/retired/CVE-2019-10220
new file mode 100644
index 00000000..be260f16
--- /dev/null
+++ b/retired/CVE-2019-10220
@@ -0,0 +1,23 @@
+Description: CIFS: Relative paths injection in directory entry lists
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=1741727
+ https://bugzilla.suse.com/show_bug.cgi?id=1144903
+ https://bugzilla.samba.org/show_bug.cgi?id=14072
+Notes:
+ carnil> Needed a followup c512c6918719 ("uaccess: implement a proper
+ carnil> unsafe_copy_to_user() and switch filldir over to it"), cf.
+ carnil> https://lore.kernel.org/linux-fsdevel/20191006222046.GA18027@roeck-us.net/
+ carnil> which landed in 5.4-rc3.
+ bwh> Although this was reported against CIFS, it seems to be a general
+ bwh> vulnerability for all filesystems dealing with untrusted servers or
+ bwh> storage.  Thankfully the fix is also general.
+ bwh> The changes to uaccess in filldir are *not* required.
+Bugs:
+upstream: released (5.4-rc4) [8a23eb804ca4f2be909e372cf5a9e7b30ae476cd, b9959c7a347d6adbb558fba7e36e9fef3cba3b07]
+4.19-upstream-stable: released (4.19.93) [40696eb2bce798c4764886fbc576426bd5c4cc3c, 0643c3d694ad9f1e5cb0bc7a487bf9f86a5eaf75]
+4.9-upstream-stable: released (4.9.208) [89f58402e7088d38365f227a7943b1b3fed7489b, 1944687187713590a8722f3f1dfd1cd90e7cbde6]
+3.16-upstream-stable: released (3.16.81) [8b85eda7dac918a308e6e1d9137887930e80827a, 0ad70158f3c02e373e17377237b85e43f06d6752]
+sid: released (5.3.9-1)
+4.19-buster-security: released (4.19.98-1)
+4.9-stretch-security: released (4.9.210-1)
+3.16-jessie-security: released (3.16.81-1)