From 18ff2d6aa6fe6fd382d954549b1cf9daea158ee2 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Thu, 3 Sep 2020 23:54:23 +0200
Subject: Add CVE-2020-14385

---
 active/CVE-2020-14385 | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100644 active/CVE-2020-14385

diff --git a/active/CVE-2020-14385 b/active/CVE-2020-14385
new file mode 100644
index 00000000..a70aa820
--- /dev/null
+++ b/active/CVE-2020-14385
@@ -0,0 +1,14 @@
+Description: xfs: fix boundary test in xfs_attr_shortform_verify
+References:
+ https://lore.kernel.org/linux-xfs/63722af5-2d8d-2455-17ee-988defd3126f@redhat.com/
+ https://bugzilla.redhat.com/show_bug.cgi?id=1874800
+Notes:
+ carnil> Introduced in 4.16-rc1 with 1e1bbd8e7ee06 ("xfs: create
+ carnil> structure verifier function for shortform xattrs").
+Bugs:
+upstream: pending [f4020438fab05364018c91f7e02ebdd192085933]
+4.19-upstream-stable: needed
+4.9-upstream-stable: N/A "Vulnerable code introduced later"
+sid: needed
+4.19-buster-security: needed
+4.9-stretch-security: N/A "Vulnerable code introduced later"
-- 
cgit v1.2.3