Retire CVE-2017-1000379

author: Salvatore Bonaccorso <carnil@debian.org> 2019-04-12 15:47:28 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2019-04-12 15:47:28 +0200
commit: fa4b479102f1f23791cd21b1497d6467c3721d50 (patch)
tree: 8db556e640ab8102e59e92bd5e9d16bf89c17afc /retired/CVE-2017-1000379
parent: c61348034ae1808ef577a3a13217da7403e5b247 (diff)
1 files changed, 19 insertions, 0 deletions
diff --git a/retired/CVE-2017-1000379 b/retired/CVE-2017-1000379
new file mode 100644
index 00000000..db4983bd
--- /dev/null
+++ b/retired/CVE-2017-1000379
@@ -0,0 +1,19 @@
+Description: mmap'd regions including ld.so data segment may be close to stack limit
+References:
+ https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
+Notes:
+ bwh> It's unclear to me whether this deserves a specific fix, separate
+ bwh> from that for CVE-2017-1000364.
+ carnil> It's unclear wich of the stack-clash patchset patches fixes the
+ carnil> issue in specific.
+ jmm> Red Hat, Ubuntu and SuSE all closed this bug with a reference that it's
+ jmm> fixed along with the other fixes, shall we just do the same?
+Bugs:
+upstream: released (4.12-rc6) [1be7107fbe18eed3e319a6c3e83c78254b693acb]
+4.9-upstream-stable: released (4.9.34) [cfc0eb403816c5c4f9667d959de5e22789b5421e]
+3.16-upstream-stable: released (3.16.45) [978b8aa1646d4e023edd121c7f1b8f938ccb813d]
+3.2-upstream-stable: ignored "EOL"
+sid: released (4.11.6-1) [bugfix/all/mm-larger-stack-guard-gap-between-vmas.patch]
+4.9-stretch-security: released (4.9.30-2+deb9u1)
+3.16-jessie-security: released (3.16.43-2+deb8u1)
+3.2-wheezy-security: ignored "EOL"
author	Salvatore Bonaccorso <carnil@debian.org>	2019-04-12 15:47:28 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2019-04-12 15:47:28 +0200
commit	fa4b479102f1f23791cd21b1497d6467c3721d50 (patch)
tree	8db556e640ab8102e59e92bd5e9d16bf89c17afc /retired/CVE-2017-1000379
parent	c61348034ae1808ef577a3a13217da7403e5b247 (diff)