Retire several CVEs

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@4499 e094ebfe-e918-0410-adfb-c712417f3574

1 files changed, 13 insertions, 0 deletions

diff --git a/retired/CVE-2016-2117 b/retired/CVE-2016-2117
new file mode 100644
index 00000000..656b9804
--- /dev/null
+++ b/retired/CVE-2016-2117
@@ -0,0 +1,13 @@
+Description: memory disclosure into ethernet frames due to incorrect driver handling of scatter/gather IO
+References:
+ http://www.openwall.com/lists/oss-security/2016/03/16/7
+ https://bugzilla.novell.com/show_bug.cgi?id=968697
+ http://mid.gmane.org/0160420222308.GJ3348@decadent.org.uk
+Notes:
+Bugs:
+upstream: released (4.6-rc5) [f43bfaeddc79effbf3d0fcb53ca477cca66f3db8]
+3.16-upstream-stable: released (3.16.36) [atl2-disable-unimplemented-scatter-gather-feature.patch]
+3.2-upstream-stable: N/A ("scatter/gather cannot be enabled")
+sid: released (4.5.2-1) [bugfix/all/atl2-disable-unimplemented-scatter-gather-feature.patch]
+3.16-jessie-security: released (3.16.7-ckt25-2+deb8u1) [bugfix/all/atl2-disable-unimplemented-scatter-gather-feature.patch]
+3.2-wheezy-security: N/A ("scatter/gather cannot be enabled")