Retire CVE-2017-14991

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@5643 e094ebfe-e918-0410-adfb-c712417f3574
author: Salvatore Bonaccorso <carnil@debian.org> 2017-10-12 11:38:07 +0000
committer: Salvatore Bonaccorso <carnil@debian.org> 2017-10-12 11:38:07 +0000
commit: 6bb2203b34475b329104562ba57103fabad611ba (patch)
tree: 2acb8a03fd18dcf775a3ea14fd2ec0e0a4b0b2e5 /retired/CVE-2017-14991
parent: c9894789fc4be3e7bf21027fef06f841f712bc32 (diff)
1 files changed, 16 insertions, 0 deletions
diff --git a/retired/CVE-2017-14991 b/retired/CVE-2017-14991
new file mode 100644
index 00000000..62c62219
--- /dev/null
+++ b/retired/CVE-2017-14991
@@ -0,0 +1,16 @@
+Description: scsi: sg: fixup infoleak when using SG_GET_REQUEST_TABLE
+References:
+Notes:
+ bwh> Introduced in 4.12-rc1 by commit 109bade9c62 "scsi: sg: use standard
+ bwh> lists for sg_requests". This was backported to some stable branches,
+ bwh> but I'm not sure why. We might want to take both commits.
+ carnil> For 4.9-upstream stable this was in 4.9.52.
+Bugs:
+upstream: released (4.14-rc2) [3e0097499839e0fe3af380410eababe5a47c4cf9]
+4.9-upstream-stable: released (4.9.53) [90cb12f6dc5ac45c51082721ec5bbe18850cf80f]
+3.16-upstream-stable: N/A "Vulnerable code introduced later"
+3.2-upstream-stable: N/A "Vulnerable code introduced later"
+sid: released (4.13.4-1)
+4.9-stretch-security: N/A "Vulnerable code introduced later"
+3.16-jessie-security: N/A "Vulnerable code introduced later"
+3.2-wheezy-security: N/A "Vulnerable code introduced later"
author	Salvatore Bonaccorso <carnil@debian.org>	2017-10-12 11:38:07 +0000
committer	Salvatore Bonaccorso <carnil@debian.org>	2017-10-12 11:38:07 +0000
commit	6bb2203b34475b329104562ba57103fabad611ba (patch)
tree	2acb8a03fd18dcf775a3ea14fd2ec0e0a4b0b2e5 /retired/CVE-2017-14991
parent	c9894789fc4be3e7bf21027fef06f841f712bc32 (diff)