retire

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@4229 e094ebfe-e918-0410-adfb-c712417f3574

1 files changed, 21 insertions, 0 deletions

diff --git a/retired/CVE-2013-4312 b/retired/CVE-2013-4312
new file mode 100644
index 00000000..24a18df9
--- /dev/null
+++ b/retired/CVE-2013-4312
@@ -0,0 +1,21 @@
+Description: unix: properly account for FDs passed over unix sockets
+References:
+ https://lkml.org/lkml/2015/12/31/15
+Notes:
+ carnil> 712f4aad406bb1ed67f3f98d04c044191f0ff593 according to the commit
+ carnil> message mitigated the issue.
+ bwh> This was applied in 3.16.7-ckt20-1+deb8u3, 4.3.3-6, and 4.3.5.
+ carnil> There is a second commit [759c01142a5d0f364a462346168a56de28a80f52] to
+ carnil> mitigate CVE-2013-4312, but this is slightly more involving. Ben
+ carnil> suggested to wait before starting to backport this as well and look
+ carnil> for possible regressions/problems.
+Bugs:
+ https://bugzilla.kernel.org/show_bug.cgi?id=20402
+upstream: released (4.5-rc1) [712f4aad406bb1ed67f3f98d04c044191f0ff593]
+3.16-upstream-stable: released (3.16.7-ckt24)
+3.2-upstream-stable: released (v3.2.78) [a5a6cf8c405e826ff7ed1308dde72560c0ed4854]
+2.6.32-upstream-stable: ignored
+sid: released (4.3.3-6) [bugfix/all/unix-properly-account-for-FDs-passed-over-unix-socke.patch]
+3.16-jessie-security: released (3.16.7-ckt20-1+deb8u3) [bugfix/all/unix-properly-account-for-FDs-passed-over-unix-socke.patch]
+3.2-wheezy-security: released (3.2.73-2+deb7u3) [bugfix/all/unix-properly-account-for-FDs-passed-over-unix-socke.patch]
+2.6.32-squeeze-security: ignored "Too risky to backport at EOL"