diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2023-09-18 22:12:26 +0200 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2023-09-18 22:12:26 +0200 |
commit | b98f46981ffa8710b6e0bc56f82f6e28e2169d69 (patch) | |
tree | a93332e7467456f19e2085b8b2f5e175efea12e2 /retired | |
parent | b91ae5548fb0d0f253c63350e4de6b4b7669aabc (diff) |
Retire some CVEs
Diffstat (limited to 'retired')
-rw-r--r-- | retired/CVE-2020-36766 | 12 | ||||
-rw-r--r-- | retired/CVE-2023-3865 | 14 | ||||
-rw-r--r-- | retired/CVE-2023-3866 | 14 | ||||
-rw-r--r-- | retired/CVE-2023-3867 | 14 |
4 files changed, 54 insertions, 0 deletions
diff --git a/retired/CVE-2020-36766 b/retired/CVE-2020-36766 new file mode 100644 index 00000000..47c4675c --- /dev/null +++ b/retired/CVE-2020-36766 @@ -0,0 +1,12 @@ +Description: cec-api: prevent leaking memory through hole in structure +References: +Notes: +Bugs: +upstream: released (5.9-rc1) [6c42227c3467549ddc65efe99c869021d2f4a570] +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: N/A "Fixed before branching point" +4.19-upstream-stable: released (4.19.143) [da489549711e61bd43f3fd6fe19bb538eb575b39] +sid: released (5.8.7-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: N/A "Fixed before branching point" +4.19-buster-security: released (4.19.146-1) diff --git a/retired/CVE-2023-3865 b/retired/CVE-2023-3865 new file mode 100644 index 00000000..bb449ddf --- /dev/null +++ b/retired/CVE-2023-3865 @@ -0,0 +1,14 @@ +Description: ksmbd: fix out-of-bound read in smb2_write +References: + https://www.zerodayinitiative.com/advisories/ZDI-23-980/ + https://lore.kernel.org/all/20230626180806.056931954@linuxfoundation.org/ +Notes: +Bugs: +upstream: released (6.4) [5fe7f7b78290638806211046a99f031ff26164e1] +6.1-upstream-stable: released (6.1.36) [c86211159bc3178b891e0d60e586a32c7b6a231b] +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.3.11-1) +6.1-bookworm-security: released (6.1.37-1) +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2023-3866 b/retired/CVE-2023-3866 new file mode 100644 index 00000000..2f180735 --- /dev/null +++ b/retired/CVE-2023-3866 @@ -0,0 +1,14 @@ +Description: ksmbd: validate session id and tree id in the compound request +References: + https://www.zerodayinitiative.com/advisories/ZDI-23-979/ + https://lore.kernel.org/all/20230626180806.105257976@linuxfoundation.org/ +Notes: +Bugs: +upstream: released (6.4) [5005bcb4219156f1bf7587b185080ec1da08518e] +6.1-upstream-stable: released (6.1.36) [854156d12caa9d36de1cf5f084591c7686cc8a9d] +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.3.11-1) +6.1-bookworm-security: released (6.1.37-1) +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2023-3867 b/retired/CVE-2023-3867 new file mode 100644 index 00000000..091e1d28 --- /dev/null +++ b/retired/CVE-2023-3867 @@ -0,0 +1,14 @@ +Description: ksmbd: add missing compound request handing in some commands +References: + https://www.zerodayinitiative.com/advisories/ZDI-23-981/ + https://lore.kernel.org/all/20230624040141.16088-1-linkinjeon@kernel.org/ +Notes: +Bugs: +upstream: released (6.5-rc1) [7b7d709ef7cf285309157fb94c33f625dd22c5e1] +6.1-upstream-stable: released (6.1.40) [869ef4f2965bbb91157dad220133f76c16faba9b] +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.4.11-1) +6.1-bookworm-security: released (6.1.52-1) +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" |