Retire issues released in Debian branches and released/pending in upstream braches

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@4223 e094ebfe-e918-0410-adfb-c712417f3574

1 files changed, 16 insertions, 0 deletions

diff --git a/retired/CVE-2015-8767 b/retired/CVE-2015-8767
new file mode 100644
index 00000000..7cbb0ff2
--- /dev/null
+++ b/retired/CVE-2015-8767
@@ -0,0 +1,16 @@
+Description: SCTP denial of service during heartbeat timeout functions
+References:
+Notes:
+ bwh> I'm not sure exactly how far back this is needed as I can't see
+ bwh> where the change of association is made.  But SCTP hasn't
+ bwh> changed a whole lot since 2.6.32 and most other security fixes
+ bwh> have been needed all the way back.
+Bugs:
+upstream: released (v4.3-rc4) [635682a14427d241bab7bbdeebb48a7d7b91638e]
+3.16-upstream-stable: released (3.16.7-ckt24)
+3.2-upstream-stable: released (3.2.77) [sctp-prevent-soft-lockup-when-sctp_accept-is-called-during-a.patch]
+2.6.32-upstream-stable: pending (2.6.32.71)
+sid: released (4.3.1-1)
+3.16-jessie-security: released (3.16.7-ckt20-1+deb8u3) [bugfix/all/sctp-prevent-soft-lockup-when-sctp_accept-is-called-.patch]
+3.2-wheezy-security: released (3.2.73-2+deb7u3) [bugfix/all/sctp-prevent-soft-lockup-when-sctp_accept-is-called-.patch]
+2.6.32-squeeze-security: released (2.6.32-48squeeze19) [bugfix/all/sctp-prevent-soft-lockup-when-sctp_accept-is-called-.patch]