diff options
author | Ben Hutchings <ben@decadent.org.uk> | 2018-04-17 20:54:38 +0100 |
---|---|---|
committer | Ben Hutchings <ben@decadent.org.uk> | 2018-04-17 22:19:33 +0100 |
commit | 8a26e89267fc5cacf0aeb45e58efd563b396dd30 (patch) | |
tree | dbc4833b3a38d1b225c2ba5b858497d2724d2a3d /retired/CVE-2017-15116 | |
parent | 7c9a4327338a227c6b17cede429ec0379b47d9aa (diff) |
Triage and retire various issues that don't need to be fixed anywhere
Diffstat (limited to 'retired/CVE-2017-15116')
-rw-r--r-- | retired/CVE-2017-15116 | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/retired/CVE-2017-15116 b/retired/CVE-2017-15116 new file mode 100644 index 00000000..01dc4693 --- /dev/null +++ b/retired/CVE-2017-15116 @@ -0,0 +1,22 @@ +Description: crypto: drbg - null pointer dereference +References: + https://bugzilla.redhat.com/show_bug.cgi?id=1485815 (not accessible) + https://bugzilla.redhat.com/show_bug.cgi?id=1514609 +Notes: + bwh> Clearly we can't apply the upstream fix for this, but need to guard + bwh> against the null pointer somehow. I can't work out which pointer + bwh> can be null though. + bwh> I've now looked at the RHEL 7 update, and the comment indicates + bwh> that the vulnerable code is in crypto/drbg.c. I verified that + bwh> it does have a weird special case for slen == 0 && seed != NULL + bwh> which no other RNG does. This was added in mainline in 3.17 and + bwh> then backported to RHEL's 3.10 branch. +Bugs: +upstream: released (4.2-rc1) [94f1bb15bed84ad6c893916b7e7b9db6f1d7eec6] +4.9-upstream-stable: N/A "Fixed before branching point" +3.16-upstream-stable: N/A "Vulnerable code not present" +3.2-upstream-stable: N/A "Vulnerable code not present" +sid: released (4.2.1-1) +4.9-stretch-security: N/A "Fixed before branching point" +3.16-jessie-security: N/A "Vulnerable code not present" +3.2-wheezy-security: N/A "Vulnerable code not present" |