Retire some CVEs

author: Salvatore Bonaccorso <carnil@debian.org> 2020-02-09 21:22:45 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2020-02-09 21:22:45 +0100
commit: 30e923c9029fa0f9ba1976670c8ee73cbf02169e (patch)
tree: 87b0fd686e9a24569aaaf32fc5792062600f7517 /retired/CVE-2019-2215
parent: 00d322afed3dc04e74ab0037716e96278c5b8ac6 (diff)
1 files changed, 15 insertions, 0 deletions
diff --git a/retired/CVE-2019-2215 b/retired/CVE-2019-2215
new file mode 100644
index 00000000..91b06fa8
--- /dev/null
+++ b/retired/CVE-2019-2215
@@ -0,0 +1,15 @@
+Description: Use-After-Free in Binder driver
+References:
+ https://bugs.chromium.org/p/project-zero/issues/detail?id=1942
+ https://googleprojectzero.blogspot.com/2019/11/bad-binder-android-in-wild-exploit.html
+Notes:
+ bwh> Although the fix commit is marked "# 4.14", the bug is much older.
+Bugs:
+upstream: released (4.16-rc1) [f5cb779ba16334b45ba8946d6bfa6d9834d1527f]
+4.19-upstream-stable: N/A "Fixed before branching point"
+4.9-upstream-stable: released (4.9.196) [a494a71146a1cf3f48bb94cf33981db1f027e6a0]
+3.16-upstream-stable: released (3.16.79) [3a593dd8bd7505f9acbc7b6f8928ec6b7978c125]
+sid: released (4.15.4-1)
+4.19-buster-security: N/A "Fixed before branching point"
+4.9-stretch-security: released (4.9.210-1)
+3.16-jessie-security: released (3.16.81-1)
author	Salvatore Bonaccorso <carnil@debian.org>	2020-02-09 21:22:45 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2020-02-09 21:22:45 +0100
commit	30e923c9029fa0f9ba1976670c8ee73cbf02169e (patch)
tree	87b0fd686e9a24569aaaf32fc5792062600f7517 /retired/CVE-2019-2215
parent	00d322afed3dc04e74ab0037716e96278c5b8ac6 (diff)