Retire some CVEs

author: Salvatore Bonaccorso <carnil@debian.org> 2020-02-09 21:22:45 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2020-02-09 21:22:45 +0100
commit: 30e923c9029fa0f9ba1976670c8ee73cbf02169e (patch)
tree: 87b0fd686e9a24569aaaf32fc5792062600f7517 /retired/CVE-2019-14895
parent: 00d322afed3dc04e74ab0037716e96278c5b8ac6 (diff)
1 files changed, 18 insertions, 0 deletions
diff --git a/retired/CVE-2019-14895 b/retired/CVE-2019-14895
new file mode 100644
index 00000000..ddcce639
--- /dev/null
+++ b/retired/CVE-2019-14895
@@ -0,0 +1,18 @@
+Description: Heap overflow in mwifiex_process_country_ie() function of Marvell Wifi driver
+References:
+ https://www.openwall.com/lists/oss-security/2019/11/22/1
+ https://patchwork.kernel.org/patch/11256477/
+Notes:
+ bwh> Introduced in 3.7 by commit e89e2da29b7e "mwifiex: use country ie of
+ bwh> requested AP while associating".  Fixed by commit 3d94a4a8373b
+ bwh> "mwifiex: fix possible heap overflow in mwifiex_process_country_ie()".
+ carnil> Fixed as well in 5.4.12.
+Bugs:
+upstream: released (5.5-rc3) [3d94a4a8373bf5f45cf5f939e88b8354dbf2311b]
+4.19-upstream-stable: released (4.19.96) [0aa8632c57930243bea6fa4ebcbff8fac089e664]
+4.9-upstream-stable: released (4.9.210) [efa99b6f3844bd20d46c8afd78f92a0161a4718e]
+3.16-upstream-stable: released (3.16.81) [3b2f9bd867e1a288b470da440992a908c5972644]
+sid: released (5.4.13-1)
+4.19-buster-security: released (4.19.98-1)
+4.9-stretch-security: released (4.9.210-1)
+3.16-jessie-security: released (3.16.81-1)
author	Salvatore Bonaccorso <carnil@debian.org>	2020-02-09 21:22:45 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2020-02-09 21:22:45 +0100
commit	30e923c9029fa0f9ba1976670c8ee73cbf02169e (patch)
tree	87b0fd686e9a24569aaaf32fc5792062600f7517 /retired/CVE-2019-14895
parent	00d322afed3dc04e74ab0037716e96278c5b8ac6 (diff)