Retire several CVEs fixed everywhere

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@5772 e094ebfe-e918-0410-adfb-c712417f3574
author: Salvatore Bonaccorso <carnil@debian.org> 2017-12-09 08:52:03 +0000
committer: Salvatore Bonaccorso <carnil@debian.org> 2017-12-09 08:52:03 +0000
commit: f3dd331af9c70c6b5158fc1cd6a0ebc8f14714d3 (patch)
tree: edcf14e6de0e9d6e41f5c2a25173cff32a4ec6a3 /retired/CVE-2017-16534
parent: 8a5e0e12add23e540c83f904ae19ccac1a4116fa (diff)
1 files changed, 16 insertions, 0 deletions
diff --git a/retired/CVE-2017-16534 b/retired/CVE-2017-16534
new file mode 100644
index 00000000..25ab3091
--- /dev/null
+++ b/retired/CVE-2017-16534
@@ -0,0 +1,16 @@
+Description: USB: core: harden cdc_parse_cdc_header
+References:
+Notes:
+ bwh> Introduced in 4.4 by commit c40a2c8817e4 "CDC: common parser for extra
+ bwh> headers", but there may be similar bugs in individual drivers in older
+ bwh> versions.  cdc_ether seems to have missed a length check for
+ bwh> USB_CDC_ACM_TYPE.
+Bugs:
+upstream: released (4.14-rc4) [2e1c42391ff2556387b3cb6308b24f6f65619feb]
+4.9-upstream-stable: released (4.9.55) [767f7a2cf33a135fe3f57010b51c3f6e92d7677d]
+3.16-upstream-stable: N/A "Vulnerable code not present"
+3.2-upstream-stable: N/A "Vulnerable code not present"
+sid: released (4.13.10-1)
+4.9-stretch-security: released (4.9.65-1)
+3.16-jessie-security: N/A "Vulnerable code not present"
+3.2-wheezy-security: N/A "Vulnerable code not present"
author	Salvatore Bonaccorso <carnil@debian.org>	2017-12-09 08:52:03 +0000
committer	Salvatore Bonaccorso <carnil@debian.org>	2017-12-09 08:52:03 +0000
commit	f3dd331af9c70c6b5158fc1cd6a0ebc8f14714d3 (patch)
tree	edcf14e6de0e9d6e41f5c2a25173cff32a4ec6a3 /retired/CVE-2017-16534
parent	8a5e0e12add23e540c83f904ae19ccac1a4116fa (diff)