Retire several CVEs

author: Salvatore Bonaccorso <carnil@debian.org> 2018-05-02 08:01:27 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2018-05-02 08:01:27 +0200
commit: 3f1ac495684211f5c6c8bd5e8eac8d2b405dee68 (patch)
tree: 0bc18e11dc4f10760a099c6a1c90fa10dd1ccd96 /retired/CVE-2017-0861
parent: 658830538c79baf34e713b9d5c5e533168a65321 (diff)
1 files changed, 17 insertions, 0 deletions
diff --git a/retired/CVE-2017-0861 b/retired/CVE-2017-0861
new file mode 100644
index 00000000..c5befe2b
--- /dev/null
+++ b/retired/CVE-2017-0861
@@ -0,0 +1,17 @@
+Description: ALSA: pcm: prevent UAF in snd_pcm_info
+References:
+Notes:
+ bwh> Commit 362bca57f5d7 "ALSA: pcm: prevent UAF in snd_pcm_info" claims to
+ bwh> fix this, but the UAF was already removed in 4.13 by commit e11f0f90a626
+ bwh> "ALSA: pcm: remove SNDRV_PCM_IOCTL1_INFO internal command".  Based on
+ bwh> the latter commit message it appears that the UAF is totally harmless
+ bwh> in practice.
+Bugs:
+upstream: released (4.13-rc1) [e11f0f90a626f93899687b1cc909ee37dd6c5809]
+4.9-upstream-stable: released (4.9.69) [45ddff3ce4e9a3d7e935d5b596686d9e176ed4a9]
+3.16-upstream-stable: released (3.16.55) [da7bce9e41266e17c98a997c154cb126a7ed8e98]
+3.2-upstream-stable: released (3.2.100) [c51f80d4d3a47dbc97b9b1b67d81e763afe9c398]
+sid: released (4.13.4-1)
+4.9-stretch-security: released (4.9.80-1)
+3.16-jessie-security: released (3.16.56-1)
+3.2-wheezy-security: released (3.2.101-1)
author	Salvatore Bonaccorso <carnil@debian.org>	2018-05-02 08:01:27 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2018-05-02 08:01:27 +0200
commit	3f1ac495684211f5c6c8bd5e8eac8d2b405dee68 (patch)
tree	0bc18e11dc4f10760a099c6a1c90fa10dd1ccd96 /retired/CVE-2017-0861
parent	658830538c79baf34e713b9d5c5e533168a65321 (diff)