From c119f1c2fa6da59eec0cfa1ddc2729c9383aab57 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Wed, 21 Feb 2024 09:47:02 +0100
Subject: Retire three CVEs

---
 retired/CVE-2023-52440 | 12 ++++++++++++
 retired/CVE-2023-52441 | 12 ++++++++++++
 retired/CVE-2023-52442 | 12 ++++++++++++
 3 files changed, 36 insertions(+)
 create mode 100644 retired/CVE-2023-52440
 create mode 100644 retired/CVE-2023-52441
 create mode 100644 retired/CVE-2023-52442

(limited to 'retired')

diff --git a/retired/CVE-2023-52440 b/retired/CVE-2023-52440
new file mode 100644
index 00000000..7bc81152
--- /dev/null
+++ b/retired/CVE-2023-52440
@@ -0,0 +1,12 @@
+Description: ksmbd: fix slub overflow in ksmbd_decode_ntlmssp_auth_blob()
+References:
+Notes:
+Bugs:
+upstream: released (6.6-rc1) [4b081ce0d830b684fdf967abc3696d1261387254]
+6.1-upstream-stable: released (6.1.52) [30fd6521b2fbd9b767e438e31945e5ea3e3a2fba]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.3-1)
+6.1-bookworm-security: released (6.1.52-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52441 b/retired/CVE-2023-52441
new file mode 100644
index 00000000..0985dd95
--- /dev/null
+++ b/retired/CVE-2023-52441
@@ -0,0 +1,12 @@
+Description: ksmbd: fix out of bounds in init_smb2_rsp_hdr()
+References:
+Notes:
+Bugs:
+upstream: released (6.5-rc4) [536bb492d39bb6c080c92f31e8a55fe9934f452b]
+6.1-upstream-stable: released (6.1.53) [330d900620dfc9893011d725b3620cd2ee0bc2bc]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.3-1)
+6.1-bookworm-security: released (6.1.55-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52442 b/retired/CVE-2023-52442
new file mode 100644
index 00000000..e6bc7e77
--- /dev/null
+++ b/retired/CVE-2023-52442
@@ -0,0 +1,12 @@
+Description: ksmbd: validate session id and tree id in compound request
+References:
+Notes:
+Bugs:
+upstream: released (6.5-rc4) [3df0411e132ee74a87aa13142dfd2b190275332e]
+6.1-upstream-stable: released (6.1.53) [becb5191d1d5fdfca0198a2e37457bbbf4fe266f]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.3-1)
+6.1-bookworm-security: released (6.1.55-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
-- 
cgit v1.2.3