Update data

This likely overlaps with @szlin's MR !26 (closed).

Adding this one to hold information I already gathered.

New CVEs:

• CVE-2019-5108

  mac80211 layer 2 update frame sent out before authorization. Fixed in mainline.

• CVE-2019-19241

  Possible incorrect permissions when executing io_uring actions. Fixed in mainline and 5.4.y. Doesn't apply to LTS branches since io_uring is relatively new.

• CVE-2019-19807

  use-after-free in sound/core/timer.c. Fixed in all branches.

• CVE-2019-19813

• CVE-2019-19814

• CVE-2019-19815

• CVE-2019-19816

• CVE-2019-19927

  Crafted FS image related issues found by fuzzing.

• CVE-2019-19922

  Incorrect CFS throttling. Fixed in mainline, 5.4.y, 4.19.y, and 4.14.y.

• CVE-2019-19947

  Info-leaks from CAN_KVASER_USB. Fixed in mainline, 5.4.y and 4.19.y.

• CVE-2019-19965

  Possible NULL pointer derefernece in libsas sas port discovery. Fixed in mainline.

• CVE-2019-19966

  Use-after-free in VIDEO_CPIA2. Fixed in all branches.

• CVE-2019-20054

  NULL pointer dereference in drop_sysctl_table(). Fixed in all branches.

• CVE-2019-20095

  Memory leak and DoS in net/wireless/marvell/mwifiex. Fixed in all branches except 4.4.y. Maybe it doesn't apply?

• CVE-2019-20096

  Memory leak in dccp. Fixed in mainline and 3.16.y.

issues/CVE-2019-14895.yml

@@ -16,4 +16,5 @@ comments:
     requested AP while associating".  Fixed by commit 3d94a4a8373b
     "mwifiex: fix possible heap overflow in mwifiex_process_country_ie()".
 fixed-by:
+  linux-3.16.y: [3b2f9bd867e1a288b470da440992a908c5972644]
   mainline: [3d94a4a8373bf5f45cf5f939e88b8354dbf2311b]