Retire CVEs fixed everywhere

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@5780 e094ebfe-e918-0410-adfb-c712417f3574

1 files changed, 23 insertions, 0 deletions

diff --git a/retired/CVE-2017-15299 b/retired/CVE-2017-15299
new file mode 100644
index 00000000..2079e507
--- /dev/null
+++ b/retired/CVE-2017-15299
@@ -0,0 +1,23 @@
+Description: Incorrect updates of uninstantiated keys crash the kernel
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=1498016
+ https://marc.info/?t=150654188100001&r=1&w=2
+ https://marc.info/?t=150783958600011&r=1&w=2
+Notes:
+ carnil> The bug is not restricted to CONFIG_ENCRYPTED_KEYS=y
+ carnil> only, but the impact is different. As noted in the commit
+ carnil> message: "In the case of the "user" and "logon" key types
+ carnil> this causes a memory leak, at best.  Maybe even worse, the
+ carnil> ->update() methods of the "encrypted" and "trusted" key types
+ carnil> actually just dereference a NULL pointer when passed an
+ carnil> uninstantiated key.
+ carnil> For 4.13.x fixed in 4.13.10 with 24a33a0c96f3e976c18e4321ca09f71cb835a9b5
+Bugs:
+upstream: released (4.14-rc6) [60ff5b2f547af3828aebafd54daded44cfb0807a]
+4.9-upstream-stable: released (4.9.59) [da0c7503c0b886784bf8bcb279c7d71c1e50c438]
+3.16-upstream-stable: released (3.16.50) [24832178de3ab7b6fb42f2730d8d675e3d30adb2]
+3.2-upstream-stable: released (3.2.95) [57f94e88bb255bf7b7d267c999aefbe4557307c1]
+sid: released (4.13.10-1)
+4.9-stretch-security: released (4.9.65-1)
+3.16-jessie-security: released (3.16.51-1)
+3.2-wheezy-security: released (3.2.96-1)