Mark CVE-2017-18261 as N/A for stable branches, and retire it

author: Ben Hutchings <ben@decadent.org.uk> 2018-04-25 17:28:32 +0100
committer: Ben Hutchings <ben@decadent.org.uk> 2018-04-25 17:46:37 +0100
commit: e3dbddf75d4a856793a85ddc79345781db5b1a5e (patch)
tree: 28c2ed27ab71703a8bf9c2f1276c3e68d798a393 /retired/CVE-2017-18261
parent: 6d1bd4096a2d86f3af08f9db7b884f489aa33c13 (diff)
1 files changed, 16 insertions, 0 deletions
diff --git a/retired/CVE-2017-18261 b/retired/CVE-2017-18261
new file mode 100644
index 00000000..b24e91dd
--- /dev/null
+++ b/retired/CVE-2017-18261
@@ -0,0 +1,16 @@
+Description: clocksource/drivers/arm_arch_timer: Avoid infinite recursion when ftrace is enabled
+References:
+Notes:
+ bwh> I'm not convinced this is really a security issue.  Anyway, the
+ bwh> vulnerable code path was introduced in 4.12 by commit 6acc71ccac71
+ bwh> "arm64: arch_timer: Allows a CPU-specific erratum to only affect a
+ bwh> subset of CPUs".
+Bugs:
+upstream: released (4.13-rc6) [adb4f11e0a8f4e29900adb2b7af28b6bbd5c1fa4]
+4.9-upstream-stable: N/A "Vulnerable code not present"
+3.16-upstream-stable: N/A "Vulnerable code not present"
+3.2-upstream-stable: N/A "Vulnerable code not present"
+sid: released (4.13.4-1)
+4.9-stretch-security: N/A "Vulnerable code not present"
+3.16-jessie-security: N/A "Vulnerable code not present"
+3.2-wheezy-security: N/A "Vulnerable code not present"
author	Ben Hutchings <ben@decadent.org.uk>	2018-04-25 17:28:32 +0100
committer	Ben Hutchings <ben@decadent.org.uk>	2018-04-25 17:46:37 +0100
commit	e3dbddf75d4a856793a85ddc79345781db5b1a5e (patch)
tree	28c2ed27ab71703a8bf9c2f1276c3e68d798a393 /retired/CVE-2017-18261
parent	6d1bd4096a2d86f3af08f9db7b884f489aa33c13 (diff)