diff options
| author | Salvatore Bonaccorso <carnil@debian.org> | 2023-12-21 21:40:42 +0100 |
|---|---|---|
| committer | Salvatore Bonaccorso <carnil@debian.org> | 2023-12-21 21:40:42 +0100 |
| commit | 4af43a1614baf0a366468dab9a8127f3fc9b6c6a (patch) | |
| tree | 5d05235bb64e86e4e6bbcc636f7899e904e94249 /retired | |
| parent | 6f0b49bfd0276bf17d7da1c4b4feaa972c0692ff (diff) | |
Retire two CVEs
Diffstat (limited to 'retired')
| -rw-r--r-- | retired/CVE-2023-4273 | 15 | ||||
| -rw-r--r-- | retired/CVE-2023-6546 | 17 |
2 files changed, 32 insertions, 0 deletions
diff --git a/retired/CVE-2023-4273 b/retired/CVE-2023-4273 new file mode 100644 index 00000000..e5ce8c22 --- /dev/null +++ b/retired/CVE-2023-4273 @@ -0,0 +1,15 @@ +Description: exfat: check if filename entries exceeds max filename length +References: + https://bugzilla.redhat.com/show_bug.cgi?id=2221609 + https://dfir.ru/2023/08/23/cve-2023-4273-a-vulnerability-in-the-linux-exfat-driver/ +Notes: + carnil> For 6.4.y fixed as well in 6.4.10. +Bugs: +upstream: released (6.5-rc5) [d42334578eba1390859012ebb91e1e556d51db49] +6.1-upstream-stable: released (6.1.45) [c2fdf827f8fc6a571e1b7cc38a61041f0321adf5] +5.10-upstream-stable: released (5.10.190) [381f7df0f3c3bd7dceb3e2b2b64c2f6247e2ac19] +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.4.11-1) +6.1-bookworm-security: released (6.1.52-1) +5.10-bullseye-security: released (5.10.191-1) +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2023-6546 b/retired/CVE-2023-6546 new file mode 100644 index 00000000..bdd742fd --- /dev/null +++ b/retired/CVE-2023-6546 @@ -0,0 +1,17 @@ +Description: tty: n_gsm: fix the UAF caused by race condition in gsm_cleanup_mux +References: + https://bugzilla.redhat.com/show_bug.cgi?id=2255498 +Notes: + carnil> Commit fixes 9b9c8195f3f0 ("tty: n_gsm: fix UAF in + carnil> gsm_cleanup_mux") and aa371e96f05d ("tty: n_gsm: fix restart + carnil> handling via CLD command") where the later was in 5.18-rc5 (and + carnil> backported to 5.10.114 as well). +Bugs: +upstream: released (6.5-rc7) [3c4f8333b582487a2d1e02171f1465531cde53e3] +6.1-upstream-stable: released (6.1.47) [31311a9a4baae0ad47c85e448af21b2120344ff0] +5.10-upstream-stable: released (5.10.192) [869ce5e5984595bd2c62b598d977debc218b6f4d] +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.4.13-1) +6.1-bookworm-security: released (6.1.52-1) +5.10-bullseye-security: released (5.10.197-1) +4.19-buster-security: N/A "Vulnerable code not present" |