diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2023-07-06 17:17:39 +0200 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2023-07-06 17:17:39 +0200 |
commit | 89eda44999529f039f22695008387a0dcc350c40 (patch) | |
tree | 67f332c661c81051f65f6b82ef269d68e73456d0 /retired | |
parent | b0d2fd3cf16990d0866c24693a431a0894b29c9c (diff) |
Retire several CVEs
Diffstat (limited to 'retired')
-rw-r--r-- | retired/CVE-2023-32247 | 14 | ||||
-rw-r--r-- | retired/CVE-2023-32248 | 14 | ||||
-rw-r--r-- | retired/CVE-2023-32252 | 16 | ||||
-rw-r--r-- | retired/CVE-2023-32257 | 16 | ||||
-rw-r--r-- | retired/CVE-2023-32258 | 14 |
5 files changed, 74 insertions, 0 deletions
diff --git a/retired/CVE-2023-32247 b/retired/CVE-2023-32247 new file mode 100644 index 00000000..fc4fb334 --- /dev/null +++ b/retired/CVE-2023-32247 @@ -0,0 +1,14 @@ +Description: ksmbd: destroy expired sessions +References: + https://bugzilla.redhat.com/show_bug.cgi?id=2219803 + https://www.zerodayinitiative.com/advisories/ZDI-CAN-20478/ +Notes: +Bugs: +upstream: released (6.4-rc1) [ea174a91893956450510945a0c5d1a10b5323656] +6.1-upstream-stable: released (6.1.29) [1fc8a2b14ef5223f8e0b95faba2ee0a6e4d0f99d] +5.10-upstream-stable: N/A "Vunerable code not present" +4.19-upstream-stable: N/A "Vunerable code not present" +sid: released (6.3.7-1) +6.1-bookworm-security: released (6.1.37-1) +5.10-bullseye-security: N/A "Vunerable code not present" +4.19-buster-security: N/A "Vunerable code not present" diff --git a/retired/CVE-2023-32248 b/retired/CVE-2023-32248 new file mode 100644 index 00000000..915f6fcd --- /dev/null +++ b/retired/CVE-2023-32248 @@ -0,0 +1,14 @@ +Description: ksmbd: fix NULL pointer dereference in smb2_get_info_filesystem() +References: + https://bugzilla.redhat.com/show_bug.cgi?id=2219818 + https://www.zerodayinitiative.com/advisories/ZDI-CAN-20479/ +Notes: +Bugs: +upstream: released (6.4-rc1) [3ac00a2ab69b34189942afa9e862d5170cdcb018] +6.1-upstream-stable: released (6.1.28) [a70751dd7b60eab025e97e19b6b2477c6eaf2bbb] +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.3.7-1) +6.1-bookworm-security: released (6.1.37-1) +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2023-32252 b/retired/CVE-2023-32252 new file mode 100644 index 00000000..a6a7aab4 --- /dev/null +++ b/retired/CVE-2023-32252 @@ -0,0 +1,16 @@ +Description: ksmbd: fix racy issue from session setup and logoff +References: + https://bugzilla.redhat.com/show_bug.cgi?id=2219815 + https://www.zerodayinitiative.com/advisories/ZDI-CAN-20590/ +Notes: + carnil> Not a duplicate CVE-2023-32250, different issue fixed in same + carnil> commit as CVE-2023-32250. +Bugs: +upstream: released (6.4-rc1) [f5c779b7ddbda30866cf2a27c63e34158f858c73] +6.1-upstream-stable: released (6.1.29) [f623f627ad2b1dc215ab3b0df53fb05cfd3a1c3b] +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.3.7-1) +6.1-bookworm-security: released (6.1.37-1) +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2023-32257 b/retired/CVE-2023-32257 new file mode 100644 index 00000000..92244569 --- /dev/null +++ b/retired/CVE-2023-32257 @@ -0,0 +1,16 @@ +Description: ksmbd: fix racy issue from session setup and logoff +References: + https://bugzilla.redhat.com/show_bug.cgi?id=2219806 + https://www.zerodayinitiative.com/advisories/ZDI-CAN-20596/ +Notes: + carnil> Not a duplicate CVE-2023-32250, different issue fixed in same + carnil> commit as CVE-2023-32250. +Bugs: +upstream: released (6.4-rc1) [f5c779b7ddbda30866cf2a27c63e34158f858c73] +6.1-upstream-stable: released (6.1.29) [f623f627ad2b1dc215ab3b0df53fb05cfd3a1c3b] +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.3.7-1) +6.1-bookworm-security: released (6.1.37-1) +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2023-32258 b/retired/CVE-2023-32258 new file mode 100644 index 00000000..1f0c6e7b --- /dev/null +++ b/retired/CVE-2023-32258 @@ -0,0 +1,14 @@ +Description: ksmbd: fix racy issue from smb2 close and logoff with multichannel +References: + https://bugzilla.redhat.com/show_bug.cgi?id=2219809 + https://www.zerodayinitiative.com/advisories/ZDI-CAN-20796/ +Notes: +Bugs: +upstream: released (6.4-rc1) [abcc506a9a71976a8b4c9bf3ee6efd13229c1e19] +6.1-upstream-stable: released (6.1.29) [4aba9ab6a007e41182454f84f95c0bddf7d6d7e1] +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.3.7-1) +6.1-bookworm-security: released (6.1.37-1) +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" |