From c3d5957ead9cb2bfea48fb3748f8d7a838e9dd35 Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Wed, 2 Sep 2020 09:48:55 +0200 Subject: Retire some CVEs --- active/CVE-2018-13093 | 14 -------------- active/CVE-2018-13094 | 14 -------------- active/CVE-2020-14381 | 10 ---------- retired/CVE-2018-13093 | 14 ++++++++++++++ retired/CVE-2018-13094 | 14 ++++++++++++++ retired/CVE-2020-14381 | 10 ++++++++++ 6 files changed, 38 insertions(+), 38 deletions(-) delete mode 100644 active/CVE-2018-13093 delete mode 100644 active/CVE-2018-13094 delete mode 100644 active/CVE-2020-14381 create mode 100644 retired/CVE-2018-13093 create mode 100644 retired/CVE-2018-13094 create mode 100644 retired/CVE-2020-14381 diff --git a/active/CVE-2018-13093 b/active/CVE-2018-13093 deleted file mode 100644 index 162bcf8b..00000000 --- a/active/CVE-2018-13093 +++ /dev/null @@ -1,14 +0,0 @@ -Description: Uninitialized function pointer (lookup) triggered when mounting and operating a crafted xfs image -References: - https://bugzilla.kernel.org/show_bug.cgi?id=199367 - https://git.kernel.org/pub/scm/fs/xfs/xfs-linux.git/commit/?h=for-next&id=afca6c5b2595fc44383919fba740c194b0b76aff -Notes: -Bugs: -upstream: released (4.18-rc1) [afca6c5b2595fc44383919fba740c194b0b76aff] -4.19-upstream-stable: N/A "Fixed before branch point" -4.9-upstream-stable: released (4.9.233) [42c59d544af976f4736640ef25ff791e2188aed3] -3.16-upstream-stable: released (3.16.58) [7744e6b42712dd27e2457e1eb03b1c73920364c2] -sid: released (4.17.14-1) -4.19-buster-security: N/A "Fixed before branching point" -4.9-stretch-security: released (4.9.210-1) [bugfix/all/xfs-validate-cached-inodes-are-free-when-allocated.patch] -3.16-jessie-security: released (3.16.59-1) diff --git a/active/CVE-2018-13094 b/active/CVE-2018-13094 deleted file mode 100644 index e82b5f8c..00000000 --- a/active/CVE-2018-13094 +++ /dev/null @@ -1,14 +0,0 @@ -Description: NULL pointer dereference in xfs_trans_binval() when mounting and operating a crafted xfs image -References: - https://bugzilla.kernel.org/show_bug.cgi?id=199969 - https://git.kernel.org/pub/scm/fs/xfs/xfs-linux.git/commit/?h=for-next&id=bb3d48dcf86a97dc25fe9fc2c11938e19cb4399a -Notes: -Bugs: -upstream: released (4.18-rc1) [bb3d48dcf86a97dc25fe9fc2c11938e19cb4399a] -4.19-upstream-stable: N/A "Fixed before branch point" -4.9-upstream-stable: released (4.9.233) [beff051fa566f6ed93da74171b30fb049038b23d] -3.16-upstream-stable: released (3.16.58) [991ec538e6683859b065467b8406c7e57526e212] -sid: released (4.17.14-1) -4.19-buster-security: N/A "Fixed before branch point" -4.9-stretch-security: released (4.9.210-1) [bugfix/all/xfs-don-t-call-xfs_da_shrink_inode-with-null-bp.patch] -3.16-jessie-security: released (3.16.59-1) diff --git a/active/CVE-2020-14381 b/active/CVE-2020-14381 deleted file mode 100644 index 4792be77..00000000 --- a/active/CVE-2020-14381 +++ /dev/null @@ -1,10 +0,0 @@ -Description: futex: Fix inode life-time issue -References: -Notes: -Bugs: -upstream: released (5.6-rc6) [8019ad13ef7f64be44d4f892af9c840179009254] -4.19-upstream-stable: released (4.19.113) [e6d506cd2243aa8f6e19fdb4dc61d85275c2c918] -4.9-upstream-stable: released (4.9.218) [fb099f3bb477a0ee2d0669a753f7ffcdf8884c2d] -sid: released (5.5.13-1) -4.19-buster-security: released (4.19.118-1) -4.9-stretch-security: released (4.9.228-1) diff --git a/retired/CVE-2018-13093 b/retired/CVE-2018-13093 new file mode 100644 index 00000000..162bcf8b --- /dev/null +++ b/retired/CVE-2018-13093 @@ -0,0 +1,14 @@ +Description: Uninitialized function pointer (lookup) triggered when mounting and operating a crafted xfs image +References: + https://bugzilla.kernel.org/show_bug.cgi?id=199367 + https://git.kernel.org/pub/scm/fs/xfs/xfs-linux.git/commit/?h=for-next&id=afca6c5b2595fc44383919fba740c194b0b76aff +Notes: +Bugs: +upstream: released (4.18-rc1) [afca6c5b2595fc44383919fba740c194b0b76aff] +4.19-upstream-stable: N/A "Fixed before branch point" +4.9-upstream-stable: released (4.9.233) [42c59d544af976f4736640ef25ff791e2188aed3] +3.16-upstream-stable: released (3.16.58) [7744e6b42712dd27e2457e1eb03b1c73920364c2] +sid: released (4.17.14-1) +4.19-buster-security: N/A "Fixed before branching point" +4.9-stretch-security: released (4.9.210-1) [bugfix/all/xfs-validate-cached-inodes-are-free-when-allocated.patch] +3.16-jessie-security: released (3.16.59-1) diff --git a/retired/CVE-2018-13094 b/retired/CVE-2018-13094 new file mode 100644 index 00000000..e82b5f8c --- /dev/null +++ b/retired/CVE-2018-13094 @@ -0,0 +1,14 @@ +Description: NULL pointer dereference in xfs_trans_binval() when mounting and operating a crafted xfs image +References: + https://bugzilla.kernel.org/show_bug.cgi?id=199969 + https://git.kernel.org/pub/scm/fs/xfs/xfs-linux.git/commit/?h=for-next&id=bb3d48dcf86a97dc25fe9fc2c11938e19cb4399a +Notes: +Bugs: +upstream: released (4.18-rc1) [bb3d48dcf86a97dc25fe9fc2c11938e19cb4399a] +4.19-upstream-stable: N/A "Fixed before branch point" +4.9-upstream-stable: released (4.9.233) [beff051fa566f6ed93da74171b30fb049038b23d] +3.16-upstream-stable: released (3.16.58) [991ec538e6683859b065467b8406c7e57526e212] +sid: released (4.17.14-1) +4.19-buster-security: N/A "Fixed before branch point" +4.9-stretch-security: released (4.9.210-1) [bugfix/all/xfs-don-t-call-xfs_da_shrink_inode-with-null-bp.patch] +3.16-jessie-security: released (3.16.59-1) diff --git a/retired/CVE-2020-14381 b/retired/CVE-2020-14381 new file mode 100644 index 00000000..4792be77 --- /dev/null +++ b/retired/CVE-2020-14381 @@ -0,0 +1,10 @@ +Description: futex: Fix inode life-time issue +References: +Notes: +Bugs: +upstream: released (5.6-rc6) [8019ad13ef7f64be44d4f892af9c840179009254] +4.19-upstream-stable: released (4.19.113) [e6d506cd2243aa8f6e19fdb4dc61d85275c2c918] +4.9-upstream-stable: released (4.9.218) [fb099f3bb477a0ee2d0669a753f7ffcdf8884c2d] +sid: released (5.5.13-1) +4.19-buster-security: released (4.19.118-1) +4.9-stretch-security: released (4.9.228-1) -- cgit v1.2.3