summaryrefslogtreecommitdiffstats
path: root/retired
diff options
context:
space:
mode:
authorSalvatore Bonaccorso <carnil@debian.org>2023-09-18 22:12:26 +0200
committerSalvatore Bonaccorso <carnil@debian.org>2023-09-18 22:12:26 +0200
commitb98f46981ffa8710b6e0bc56f82f6e28e2169d69 (patch)
treea93332e7467456f19e2085b8b2f5e175efea12e2 /retired
parentb91ae5548fb0d0f253c63350e4de6b4b7669aabc (diff)
Retire some CVEs
Diffstat (limited to 'retired')
-rw-r--r--retired/CVE-2020-3676612
-rw-r--r--retired/CVE-2023-386514
-rw-r--r--retired/CVE-2023-386614
-rw-r--r--retired/CVE-2023-386714
4 files changed, 54 insertions, 0 deletions
diff --git a/retired/CVE-2020-36766 b/retired/CVE-2020-36766
new file mode 100644
index 00000000..47c4675c
--- /dev/null
+++ b/retired/CVE-2020-36766
@@ -0,0 +1,12 @@
+Description: cec-api: prevent leaking memory through hole in structure
+References:
+Notes:
+Bugs:
+upstream: released (5.9-rc1) [6c42227c3467549ddc65efe99c869021d2f4a570]
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Fixed before branching point"
+4.19-upstream-stable: released (4.19.143) [da489549711e61bd43f3fd6fe19bb538eb575b39]
+sid: released (5.8.7-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.146-1)
diff --git a/retired/CVE-2023-3865 b/retired/CVE-2023-3865
new file mode 100644
index 00000000..bb449ddf
--- /dev/null
+++ b/retired/CVE-2023-3865
@@ -0,0 +1,14 @@
+Description: ksmbd: fix out-of-bound read in smb2_write
+References:
+ https://www.zerodayinitiative.com/advisories/ZDI-23-980/
+ https://lore.kernel.org/all/20230626180806.056931954@linuxfoundation.org/
+Notes:
+Bugs:
+upstream: released (6.4) [5fe7f7b78290638806211046a99f031ff26164e1]
+6.1-upstream-stable: released (6.1.36) [c86211159bc3178b891e0d60e586a32c7b6a231b]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.3.11-1)
+6.1-bookworm-security: released (6.1.37-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-3866 b/retired/CVE-2023-3866
new file mode 100644
index 00000000..2f180735
--- /dev/null
+++ b/retired/CVE-2023-3866
@@ -0,0 +1,14 @@
+Description: ksmbd: validate session id and tree id in the compound request
+References:
+ https://www.zerodayinitiative.com/advisories/ZDI-23-979/
+ https://lore.kernel.org/all/20230626180806.105257976@linuxfoundation.org/
+Notes:
+Bugs:
+upstream: released (6.4) [5005bcb4219156f1bf7587b185080ec1da08518e]
+6.1-upstream-stable: released (6.1.36) [854156d12caa9d36de1cf5f084591c7686cc8a9d]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.3.11-1)
+6.1-bookworm-security: released (6.1.37-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-3867 b/retired/CVE-2023-3867
new file mode 100644
index 00000000..091e1d28
--- /dev/null
+++ b/retired/CVE-2023-3867
@@ -0,0 +1,14 @@
+Description: ksmbd: add missing compound request handing in some commands
+References:
+ https://www.zerodayinitiative.com/advisories/ZDI-23-981/
+ https://lore.kernel.org/all/20230624040141.16088-1-linkinjeon@kernel.org/
+Notes:
+Bugs:
+upstream: released (6.5-rc1) [7b7d709ef7cf285309157fb94c33f625dd22c5e1]
+6.1-upstream-stable: released (6.1.40) [869ef4f2965bbb91157dad220133f76c16faba9b]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.4.11-1)
+6.1-bookworm-security: released (6.1.52-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"

© 2014-2024 Faster IT GmbH | imprint | privacy policy