Retire several CVEs

author: Salvatore Bonaccorso <carnil@debian.org> 2018-01-09 17:51:45 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2018-01-09 17:51:45 +0100
commit: 582bd036a8776b63cd0e81f699e72d750c935e5a (patch)
tree: 79851a25f5babf1c8a068949f39a4b4336c04aaa /retired/CVE-2017-15868
parent: c67af4afbb0edf5226852b954994e32abf2bcdab (diff)
1 files changed, 17 insertions, 0 deletions
diff --git a/retired/CVE-2017-15868 b/retired/CVE-2017-15868
new file mode 100644
index 00000000..43997786
--- /dev/null
+++ b/retired/CVE-2017-15868
@@ -0,0 +1,17 @@
+Description: Bluetooth: bnep: bnep_add_connection() should verify that it's dealing with l2cap socket
+References:
+ https://source.android.com/security/bulletin/pixel/2017-12-01
+Notes:
+ bwh> Depends on commit b3916db32c4a "Bluetooth: hidp: verify l2cap sockets"
+ bwh> which is also an important security fix.  Should also apply commit
+ bwh> 96c26653ce65 "Bluetooth: cmtp: cmtp_add_connection() should verify that
+ bwh> it's dealing with l2cap socket".
+Bugs:
+upstream: released (3.19-rc3) [71bb99a02b32b4cc4265118e85f6035ca72923f0]
+4.9-upstream-stable: N/A "Fixed before branching point"
+3.16-upstream-stable: released (3.16.52) [77369e6ee42b28a529932f5f7a5522de73310d21]
+3.2-upstream-stable: released (3.2.97) [d5623517462d7bdf03cae13e8b713389b0cdd381]
+sid: released (4.0.2-1)
+4.9-stretch-security: N/A "Fixed before branching point"
+3.16-jessie-security: released (3.16.51-3+deb8u1) [bugfix/all/bluetooth-bnep-bnep_add_connection-should-verify-tha.patch]
+3.2-wheezy-security: released (3.2.96-1) [bugfix/all/bluetooth-bnep-bnep_add_connection-should-verify-tha.patch]
author	Salvatore Bonaccorso <carnil@debian.org>	2018-01-09 17:51:45 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2018-01-09 17:51:45 +0100
commit	582bd036a8776b63cd0e81f699e72d750c935e5a (patch)
tree	79851a25f5babf1c8a068949f39a4b4336c04aaa /retired/CVE-2017-15868
parent	c67af4afbb0edf5226852b954994e32abf2bcdab (diff)