Mark CVE-2017-9986 as pending upstream, and retire it

The OSS drivers have been removed upstream. git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@5721 e094ebfe-e918-0410-adfb-c712417f3574
author: Ben Hutchings <benh@debian.org> 2017-11-16 17:50:26 +0000
committer: Ben Hutchings <benh@debian.org> 2017-11-16 17:50:26 +0000
commit: f50c9e7d38f7830c9af8cbc5dc0bcbfd0b82b8c9 (patch)
tree: a7017014bdc0fe2aa30542ce4d85ba9acbcce5d1
parent: 4dcbe14c721962a81db44158561b1a7bf335358a (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/active/CVE-2017-9986 b/retired/CVE-2017-9986
index 88afc346..5470c2b2 100644
--- a/active/CVE-2017-9986
+++ b/retired/CVE-2017-9986
@@ -2,10 +2,11 @@ Description: Double fetch problem in sound/oss/msnd_pinnacle.c
 References:
 Notes:
  bwh> Malicious ISA cards aren't worth worrying about, unlike USB devices.
- bwh> Also, Debian doesn't build the OSS drivers.
+ bwh> Also, Debian doesn't build the OSS drivers and they have been removed
+ bwh> upstream.
 Bugs:
  https://bugzilla.kernel.org/show_bug.cgi?id=196135
-upstream: needed
+upstream: pending (4.15-rc1) [727dede0ba8afbd8d19116d39f2ae8d19d00033d]
 4.9-upstream-stable: ignored "Minor issue"
 3.16-upstream-stable: ignored "Minor issue"
 3.2-upstream-stable: ignored "Minor issue"
author	Ben Hutchings <benh@debian.org>	2017-11-16 17:50:26 +0000
committer	Ben Hutchings <benh@debian.org>	2017-11-16 17:50:26 +0000
commit	f50c9e7d38f7830c9af8cbc5dc0bcbfd0b82b8c9 (patch)
tree	a7017014bdc0fe2aa30542ce4d85ba9acbcce5d1
parent	4dcbe14c721962a81db44158561b1a7bf335358a (diff)