Retire CVE-2016-8632

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@4801 e094ebfe-e918-0410-adfb-c712417f3574
author: Salvatore Bonaccorso <carnil@debian.org> 2016-12-19 19:09:58 +0000
committer: Salvatore Bonaccorso <carnil@debian.org> 2016-12-19 19:09:58 +0000
commit: 43646809fdebe502a46dc128ccd4dd0f26a21760 (patch)
tree: be7a94155a3bf0f3e81e8fa31b61e782bd3f8346 /retired/CVE-2016-8632
parent: 00e6ca6fecaaa5517a01ce2481b3f5af0f1d1ce2 (diff)
1 files changed, 13 insertions, 0 deletions
diff --git a/retired/CVE-2016-8632 b/retired/CVE-2016-8632
new file mode 100644
index 00000000..88a61575
--- /dev/null
+++ b/retired/CVE-2016-8632
@@ -0,0 +1,13 @@
+Description: TIPC subsystem: tipc_msg_build() doesn't validate MTU, may cause memory corruption
+References:
+ https://www.mail-archive.com/netdev@vger.kernel.org/msg133205.html
+Notes:
+ bwh> Introduced by commit 067608e9d019d6477fd45dd948e81af0e5bf599f (3.17-rc1)
+ bwh> "tipc: introduce direct iovec to buffer chain fragmentation function"
+Bugs:
+upstream: released (4.9-rc8) [3de81b758853f0b29c61e246679d20b513c4cfec]
+3.16-upstream-stable: N/A "Vulnerable code not present"
+3.2-upstream-stable: N/A "Vulnerable code not present"
+sid: released (4.8.15-1)
+3.16-jessie-security: N/A "Vulnerable code not present"
+3.2-wheezy-security: N/A "Vulnerable code not present"
author	Salvatore Bonaccorso <carnil@debian.org>	2016-12-19 19:09:58 +0000
committer	Salvatore Bonaccorso <carnil@debian.org>	2016-12-19 19:09:58 +0000
commit	43646809fdebe502a46dc128ccd4dd0f26a21760 (patch)
tree	be7a94155a3bf0f3e81e8fa31b61e782bd3f8346 /retired/CVE-2016-8632
parent	00e6ca6fecaaa5517a01ce2481b3f5af0f1d1ce2 (diff)