Retire many issues now released (or N/A or ignored) in all branches

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@5001 e094ebfe-e918-0410-adfb-c712417f3574

1 files changed, 25 insertions, 0 deletions

diff --git a/retired/CVE-2016-8645 b/retired/CVE-2016-8645
new file mode 100644
index 00000000..1f1158c4
--- /dev/null
+++ b/retired/CVE-2016-8645
@@ -0,0 +1,25 @@
+Description: net: a BUG() statement can be hit in net/ipv4/tcp_input.c
+References:
+ http://www.spinics.net/lists/stable/msg150470.html
+ http://www.spinics.net/lists/netdev/msg403701.html
+ http://marc.info/?l=linux-netdev&m=147878925724283&w=2
+ http://marc.info/?t=147878927800005&r=1&w=2 # the whole thread
+ https://bugzilla.redhat.com/show_bug.cgi?id=1393904
+ http://marc.info/?l=linux-netdev&m=147881188232264&w=2
+ http://marc.info/?t=147881111500001&r=1&w=2&n=2 # the whole thread
+ http://marc.info/?l=linux-netdev&m=147881236332369&w=2 # patch v2
+ http://www.spinics.net/lists/netdev/msg403787.html
+ http://www.spinics.net/lists/netdev/msg403789.html # patch v2
+Notes:
+ carnil> Issue introduced with the tcp-fastopen feature. Cf.
+ carnil> http://www.openwall.com/lists/oss-security/2016/11/30/3
+ carnil> Introduced in 3.6-rc1 with cf60af03ca4e71134206809ea892e49b92a88896
+ bwh> Eric Dumazet disputes that tcp-fastopen introduced the issue.
+ bwh> Only the specific case found by syzkaller seems to depend on it.
+Bugs:
+upstream: released (4.9-rc6) [ac6e780070e30e4c35bd395acfe9191e6268bdd3]
+3.16-upstream-stable: released (3.16.40) [tcp-take-care-of-truncations-done-by-sk_filter.patch]
+3.2-upstream-stable: released (3.2.85) [tcp-take-care-of-truncations-done-by-sk_filter.patch]
+sid: released (4.8.11-1) [2b5f22e4f7fd208c8d392e5c3755cea1f562cb98]
+3.16-jessie-security: released (3.16.39-1) [bugfix/all/tcp-take-care-of-truncations-done-by-sk_filter.patch]
+3.2-wheezy-security: released (3.2.84-1) [bugfix/all/tcp-take-care-of-truncations-done-by-sk_filter.patch]