Retire several CVEs

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@4499 e094ebfe-e918-0410-adfb-c712417f3574
author: Salvatore Bonaccorso <carnil@debian.org> 2016-06-28 08:34:54 +0000
committer: Salvatore Bonaccorso <carnil@debian.org> 2016-06-28 08:34:54 +0000
commit: 5995bb05fadb43acd248258147490c1c08ae951a (patch)
tree: 434a620c1e69976405abcdc237a569473d83544a /retired/CVE-2016-3951
parent: 98bb4c4104a3c0885f9feab828bf5cb178ec1fa1 (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/retired/CVE-2016-3951 b/retired/CVE-2016-3951
new file mode 100644
index 00000000..b57c75b6
--- /dev/null
+++ b/retired/CVE-2016-3951
@@ -0,0 +1,11 @@
+Description: usbnet: memory corruption triggered by invalid USB descriptor
+References:
+Notes:
+ bwh> First part was included in 3.16.7-ckt26 and doesn't seem to be needed for 3.2
+Bugs:
+upstream: released (4.5) [4d06dd537f95683aba3651098ae288b7cbff8274, 1666984c8625b3db19a9abc298931d35ab7bc64b]
+3.16-upstream-stable: released (3.16.35) [usbnet-cleanup-after-bind-in-probe.patch]
+3.2-upstream-stable: released (3.2.80) [usbnet-cleanup-after-bind-in-probe.patch]
+sid: released (4.5.1-1)
+3.16-jessie-security: released (3.16.7-ckt25-2+deb8u1) [bugfix/all/cdc_ncm-do-not-call-usbnet_link_change-from-cdc_ncm_.patch, bugfix/all/usbnet-cleanup-after-bind-in-probe.patch]
+3.2-wheezy-security: released (3.2.81-1)
author	Salvatore Bonaccorso <carnil@debian.org>	2016-06-28 08:34:54 +0000
committer	Salvatore Bonaccorso <carnil@debian.org>	2016-06-28 08:34:54 +0000
commit	5995bb05fadb43acd248258147490c1c08ae951a (patch)
tree	434a620c1e69976405abcdc237a569473d83544a /retired/CVE-2016-3951
parent	98bb4c4104a3c0885f9feab828bf5cb178ec1fa1 (diff)