Fill in status for CVE-2015-8967 and retire it

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@4811 e094ebfe-e918-0410-adfb-c712417f3574

2 files changed, 13 insertions, 10 deletions

diff --git a/active/CVE-2015-8967 b/active/CVE-2015-8967
deleted file mode 100644
index 2cb1ca84..00000000
--- a/active/CVE-2015-8967
+++ /dev/null
@@ -1,10 +0,0 @@
-Description:
-References:
-Notes:
-Bugs:
-upstream: released (4.0-rc1) [c623b33b4e9599c6ac5076f7db7369eb9869aa04]
-3.16-upstream-stable:
-3.2-upstream-stable:
-sid: released (4.0.2-1)
-3.16-jessie-security:
-3.2-wheezy-security:
diff --git a/retired/CVE-2015-8967 b/retired/CVE-2015-8967
new file mode 100644
index 00000000..80ace3b0
--- /dev/null
+++ b/retired/CVE-2015-8967
@@ -0,0 +1,13 @@
+Description: arm64 syscall table is not read-only
+References:
+Notes:
+ bwh> This is not a security flaw in itself, but a missing mitigation.
+ bwh> Additionally, arm64 had no support for page protections in the
+ bwh> kernel mapping before 4.0, so this is impractical to backport.
+Bugs:
+upstream: released (4.0-rc1) [c623b33b4e9599c6ac5076f7db7369eb9869aa04]
+3.16-upstream-stable: ignored "Missing mitigation, impractical to backport"
+3.2-upstream-stable: N/A "Vulnerable architecture not present"
+sid: released (4.0.2-1)
+3.16-jessie-security: ignored "Missing mitigation, impractical to backport"
+3.2-wheezy-security: N/A "Vulnerable architecture not present"