Retire CVE-2014-9419, CVE-2014-9529

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@3693 e094ebfe-e918-0410-adfb-c712417f3574

1 files changed, 17 insertions, 0 deletions

diff --git a/retired/CVE-2014-9419 b/retired/CVE-2014-9419
new file mode 100644
index 00000000..e3608a89
--- /dev/null
+++ b/retired/CVE-2014-9419
@@ -0,0 +1,17 @@
+Description: x86_64: userspace address leak
+References:
+Notes:
+ bwh> This depends on fixes to FPU state management that have not been
+ bwh> applied to 2.6.32.y.  In order to fix it, we would need to either
+ bwh> pick only commit b3b0870ef3ff ("i387: do not preload FPU state at
+ bwh> task switch time") which will hurt FP performance, or backport a
+ bwh> large number of changes.  I did prepare a backport but don't feel
+ bwh> confident enough to use it.
+Bugs:
+upstream: released (v3.19-rc1) [f647d7c155f069c1a068030255c300663516420e]
+2.6.32-upstream-stable: ignored ("complete fix is too invasive to backport")
+sid: released (3.16.7-ckt4-1)
+3.2-wheezy-security: released (3.2.65-1+deb7u1) [bugfix/x86/x86_64-switch_to-load-tls-descriptors-before-switchi.patch]
+2.6.32-squeeze-security: ignored ("complete fix is too invasive to backport")
+3.16-upstream-stable: released (3.16.7-ckt4)
+3.2-upstream-stable: released (3.2.67) [x86_64-switch_to-load-tls-descriptors-before-switching-ds-and-es.patch]