Retire issues that are now released, N/A, or ignored in all branches

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@5589 e094ebfe-e918-0410-adfb-c712417f3574

1 files changed, 16 insertions, 0 deletions

diff --git a/retired/CVE-2017-1000371 b/retired/CVE-2017-1000371
new file mode 100644
index 00000000..118a4a2c
--- /dev/null
+++ b/retired/CVE-2017-1000371
@@ -0,0 +1,16 @@
+Description: Very large argument/environment list can result in stack/heap clash for 32-bit PIEs
+References:
+ https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
+Notes:
+ nsl> Looks to be introduced upstream with commit d1fd836dcf00
+ nsl> "mm: split ET_DYN ASLR from mmap ASLR" in 4.1-rc1. This was seemly
+ nsl> added to jessie with patch mm-split-et_dyn-aslr-from-mmap-aslr.patch
+Bugs:
+upstream: released (4.13-rc1) [eab09532d40090698b05a07c1c87f39fdbc5fab5]
+4.9-upstream-stable: released (4.9.39) [63c2f8f8c41bf80af068f0b2aef4c0e2bdc32c4a]
+3.16-upstream-stable: N/A "Memory layout is different"
+3.2-upstream-stable: N/A "Memory layout is different"
+sid: released (4.11.11-1) [bugfix/all/binfmt_elf-use-elf_et_dyn_base-only-for-pie.patch]
+4.9-stretch-security: released (4.9.30-2+deb9u4) [bugfix/all/binfmt_elf-use-elf_et_dyn_base-only-for-pie.patch]
+3.16-jessie-security: released (3.16.43-2+deb8u4) [bugfix/all/pie-aslr/binfmt_elf-use-elf_et_dyn_base-only-for-pie.patch]
+3.2-wheezy-security: N/A "Memory layout is different"