Mark CVE-2016-3139 as ignored for stable/security branches, and retire it

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@4389 e094ebfe-e918-0410-adfb-c712417f3574
author: Ben Hutchings <benh@debian.org> 2016-05-16 00:21:00 +0000
committer: Ben Hutchings <benh@debian.org> 2016-05-16 00:21:00 +0000
commit: 1c226d15b7ff3a07ed18049e2b42148def3be4a3 (patch)
tree: 36a14f175a1843fc53f380744ac08d79d9d7c067 /retired/CVE-2016-3139
parent: 14ef704a18f8bbf6afb5f994a99470d7aadf99ce (diff)
1 files changed, 16 insertions, 0 deletions
diff --git a/retired/CVE-2016-3139 b/retired/CVE-2016-3139
new file mode 100644
index 00000000..6f4020ff
--- /dev/null
+++ b/retired/CVE-2016-3139
@@ -0,0 +1,16 @@
+Description: crash on invalid USB device descriptors (wacom driver)
+References:
+ http://seclists.org/bugtraq/2016/Mar/60
+ https://bugzilla.redhat.com/show_bug.cgi?id=1283375
+ https://bugzilla.redhat.com/show_bug.cgi?id=1283377
+Notes:
+ jmm> drivers/input/tablet/wacom_sys.c in jessie and earlier, drivers/hid/wacom_sys.c in stretch
+ carnil> The code has been rewritten in 3.17, specifically as well
+ carnil> 01c846f9539c194c7a6e34af036b1115b8ed822a and not anymore vulnerable
+Bugs:
+upstream: released (3.17-rc1) [01c846f9539c194c7a6e34af036b1115b8ed822a]
+3.16-upstream-stable: ignored "minor issue"
+3.2-upstream-stable: ignored "minor issue"
+sid: released (4.0.2-1)
+3.16-jessie-security: ignored "minor issue"
+3.2-wheezy-security: ignored "minor issue"
author	Ben Hutchings <benh@debian.org>	2016-05-16 00:21:00 +0000
committer	Ben Hutchings <benh@debian.org>	2016-05-16 00:21:00 +0000
commit	1c226d15b7ff3a07ed18049e2b42148def3be4a3 (patch)
tree	36a14f175a1843fc53f380744ac08d79d9d7c067 /retired/CVE-2016-3139
parent	14ef704a18f8bbf6afb5f994a99470d7aadf99ce (diff)