Mark CVE-2014-9900 as ignored in all branches, and retire

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@5032 e094ebfe-e918-0410-adfb-c712417f3574
author: Ben Hutchings <benh@debian.org> 2017-03-05 18:49:03 +0000
committer: Ben Hutchings <benh@debian.org> 2017-03-05 18:49:03 +0000
commit: 5a93b3838452bc79fe0fbd352f1a0eba9f51ac17 (patch)
tree: 80782b638a2f4cf1f821d6e1599bd13501880bc1 /retired/CVE-2014-9900
parent: 7fa52a8fb114312ae04a943d02232b539fe93bf0 (diff)
1 files changed, 18 insertions, 0 deletions
diff --git a/retired/CVE-2014-9900 b/retired/CVE-2014-9900
new file mode 100644
index 00000000..ef8972ab
--- /dev/null
+++ b/retired/CVE-2014-9900
@@ -0,0 +1,18 @@
+Description: Potential info-leak in ethtool_get_wol()
+References:
+ https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=63c317dbee97983004dffdd9f742a20d17150071
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9900
+ http://source.android.com/security/bulletin/2016-08-01.html
+ https://lkml.org/lkml/2016/8/23/314
+Notes:
+ jmm> Fixed in Android 3.10 kernel, but this is still unfixed in current mainline
+ bwh> This is compiler-dependent, and doesn't appear to have been demonstrated
+ bwh> as an actual leak (yet).
+Bugs:
+upstream: ignored "minor and as-yet theoretical issue"
+4.9-upstream-stable: ignored "upstream first"
+3.16-upstream-stable: ignored "upstream first"
+3.2-upstream-stable: ignored "upstream first"
+sid: ignored "minor and as-yet theoretical issue"
+3.16-jessie-security: ignored "minor and as-yet theoretical issue"
+3.2-wheezy-security: ignored "minor and as-yet theoretical issue
author	Ben Hutchings <benh@debian.org>	2017-03-05 18:49:03 +0000
committer	Ben Hutchings <benh@debian.org>	2017-03-05 18:49:03 +0000
commit	5a93b3838452bc79fe0fbd352f1a0eba9f51ac17 (patch)
tree	80782b638a2f4cf1f821d6e1599bd13501880bc1 /retired/CVE-2014-9900
parent	7fa52a8fb114312ae04a943d02232b539fe93bf0 (diff)