From b94ef1454c64395365f54373803dec1b1d34b9aa Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Mon, 26 Feb 2024 19:05:56 +0100 Subject: Retire CVEs covered in all supported branches --- retired/CVE-2019-25160 | 17 +++++++++++++++++ retired/CVE-2019-25161 | 15 +++++++++++++++ retired/CVE-2019-25162 | 16 ++++++++++++++++ retired/CVE-2021-46906 | 15 +++++++++++++++ 4 files changed, 63 insertions(+) create mode 100644 retired/CVE-2019-25160 create mode 100644 retired/CVE-2019-25161 create mode 100644 retired/CVE-2019-25162 create mode 100644 retired/CVE-2021-46906 (limited to 'retired') diff --git a/retired/CVE-2019-25160 b/retired/CVE-2019-25160 new file mode 100644 index 00000000..8e7c7472 --- /dev/null +++ b/retired/CVE-2019-25160 @@ -0,0 +1,17 @@ +Description: netlabel: fix out-of-bounds memory accesses +References: +Notes: + carnil> Introduced in 446fda4f2682 ("[NetLabel]: CIPSOv4 engine") + carnil> 3faa8f982f95 ("netlabel: Move bitmap manipulation functions to the NetLabel + carnil> core."). Vulnerable versions: 2.6.19-rc1. +Bugs: +upstream: released (5.0) [5578de4834fe0f2a34fedc7374be691443396d1f] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: N/A "Fixed before branching point" +4.19-upstream-stable: released (4.19.28) [e3713abc4248aa6bcc11173d754c418b02a62cbb] +sid: released (4.19.28-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: N/A "Fixed before branching point" +4.19-buster-security: N/A "Fixed before branching point" diff --git a/retired/CVE-2019-25161 b/retired/CVE-2019-25161 new file mode 100644 index 00000000..a8064906 --- /dev/null +++ b/retired/CVE-2019-25161 @@ -0,0 +1,15 @@ +Description: drm/amd/display: prevent memory leak +References: +Notes: + carnil> First introducing commit could not be determined. +Bugs: +upstream: released (5.4-rc1) [104c307147ad379617472dd91a5bcb368d72bd6d] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: N/A "Fixed before branching point" +4.19-upstream-stable: released (4.19.137) [60e1b411bf0fd9fda2d2de7f45dc3b1d9960b85e] +sid: released (5.4.6-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: N/A "Fixed before branching point" +4.19-buster-security: released (4.19.146-1) diff --git a/retired/CVE-2019-25162 b/retired/CVE-2019-25162 new file mode 100644 index 00000000..ed62f2a3 --- /dev/null +++ b/retired/CVE-2019-25162 @@ -0,0 +1,16 @@ +Description: i2c: Fix a potential use after free +References: +Notes: + carnil> Introduced in 611e12ea0f12 ("i2c: core: manage i2c bus device refcount in + carnil> i2c_[get|put]_adapter"). Vulnerable versions: 4.3-rc1. +Bugs: +upstream: released (6.0-rc1) [e4c72c06c367758a14f227c847f9d623f1994ecf] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.137) [81cb31756888bb062e92d2dca21cd629d77a46a9] +4.19-upstream-stable: released (4.19.256) [23a191b132cd87f746c62f3dc27da33683d85829] +sid: released (5.19.6-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: released (5.10.140-1) +4.19-buster-security: released (4.19.260-1) diff --git a/retired/CVE-2021-46906 b/retired/CVE-2021-46906 new file mode 100644 index 00000000..0a1a062a --- /dev/null +++ b/retired/CVE-2021-46906 @@ -0,0 +1,15 @@ +Description: HID: usbhid: fix info leak in hid_submit_ctrl +References: +Notes: + carnil> First introducing commit could not be determined. +Bugs: +upstream: released (5.13-rc5) [6be388f4a35d2ce5ef7dbf635a8964a5da7f799f] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.45) [b1e3596416d74ce95cc0b7b38472329a3818f8a9] +4.19-upstream-stable: released (4.19.196) [0e280502be1b003c3483ae03fc60dea554fcfa82] +sid: released (5.14.6-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: released (5.10.46-1) +4.19-buster-security: released (4.19.208-1) -- cgit v1.2.3