Retire some CVEs

author: Salvatore Bonaccorso <carnil@debian.org> 2020-02-09 21:22:45 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2020-02-09 21:22:45 +0100
commit: 30e923c9029fa0f9ba1976670c8ee73cbf02169e (patch)
tree: 87b0fd686e9a24569aaaf32fc5792062600f7517 /retired/CVE-2019-18809
parent: 00d322afed3dc04e74ab0037716e96278c5b8ac6 (diff)
1 files changed, 17 insertions, 0 deletions
diff --git a/retired/CVE-2019-18809 b/retired/CVE-2019-18809
new file mode 100644
index 00000000..c7168ce4
--- /dev/null
+++ b/retired/CVE-2019-18809
@@ -0,0 +1,17 @@
+Description: media: usb: fix memory leak in af9005_identify_state 
+References:
+ https://github.com/torvalds/linux/commit/2289adbfa559050d2a38bcd9caac1c18b800e928
+Notes:
+ carnil> Fix not yet in Linus' tree.
+ bwh> Introduced in 4.9 by commit c58b84ee467b "[media] af9005: don't do DMA
+ bwh> on stack".  Doesn't seem to have any security impact.
+ carnil> Fixed as well in 5.4.9.
+Bugs:
+upstream: released (5.5-rc1) [2289adbfa559050d2a38bcd9caac1c18b800e928]
+4.19-upstream-stable: released (4.19.94) [d933de8115f3263fd50cf3b1f1dac2faff02fd89]
+4.9-upstream-stable: released (4.9.209) [129139a26325d2274a226407d1e7b6f1eb40b456]
+3.16-upstream-stable: N/A "Bug introduced later"
+sid: released (5.4.13-1)
+4.19-buster-security: released (4.19.98-1)
+4.9-stretch-security: released (4.9.210-1)
+3.16-jessie-security: N/A "Bug introduced later"
author	Salvatore Bonaccorso <carnil@debian.org>	2020-02-09 21:22:45 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2020-02-09 21:22:45 +0100
commit	30e923c9029fa0f9ba1976670c8ee73cbf02169e (patch)
tree	87b0fd686e9a24569aaaf32fc5792062600f7517 /retired/CVE-2019-18809
parent	00d322afed3dc04e74ab0037716e96278c5b8ac6 (diff)