Retire CVEs fixed everywhere needed

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@5086 e094ebfe-e918-0410-adfb-c712417f3574
author: Salvatore Bonaccorso <carnil@debian.org> 2017-03-16 08:20:15 +0000
committer: Salvatore Bonaccorso <carnil@debian.org> 2017-03-16 08:20:15 +0000
commit: 91d7544f9fdbc7ffb67a099b9576cae72ed19d5d (patch)
tree: d77e7390fdb0dede8b6a64caa15c0f9c61fcb261 /retired/CVE-2017-5986
parent: 14dbef9d90b473780b5adbab26f82bdf23716846 (diff)
1 files changed, 15 insertions, 0 deletions
diff --git a/retired/CVE-2017-5986 b/retired/CVE-2017-5986
new file mode 100644
index 00000000..2deeb7ee
--- /dev/null
+++ b/retired/CVE-2017-5986
@@ -0,0 +1,15 @@
+Description: Reachable BUG_ON from userspace in sctp_wait_for_sndbuf()
+References:
+Notes:
+ carnil> Introduced in 2.6.17-rc5 with 61c9fed41638249f8b6ca5345064eb1beb50179f
+ bwh> Upstream fix actually makes things worse; see
+ bwh> https://marc.info/?l=linux-sctp&m=148770688203103&w=2 and CVE-2017-6353
+Bugs:
+upstream: released (4.10-rc8) [2dcab598484185dea7ec22219c76dcdd59e3cb90]
+4.9-upstream-stable: released (4.9.11) [00eff2ebbd229758e90659907724c14dd5a18339]
+3.16-upstream-stable: released (3.16.42) [sctp-avoid-bug_on-on-sctp_wait_for_sndbuf.patch]
+3.2-upstream-stable: released (3.2.87) [sctp-avoid-bug_on-on-sctp_wait_for_sndbuf.patch]
+sid: released (4.9.10-1) [bugfix/all/sctp-avoid-BUG_ON-on-sctp_wait_for_sndbuf.patch]
+3.16-jessie-security: released (3.16.39-1+deb8u2) [bugfix/all/sctp-avoid-BUG_ON-on-sctp_wait_for_sndbuf.patch]
+3.2-wheezy-security: released (3.2.86-1) [bugfix/all/sctp-avoid-bug_on-on-sctp_wait_for_sndbuf.patch]
+
author	Salvatore Bonaccorso <carnil@debian.org>	2017-03-16 08:20:15 +0000
committer	Salvatore Bonaccorso <carnil@debian.org>	2017-03-16 08:20:15 +0000
commit	91d7544f9fdbc7ffb67a099b9576cae72ed19d5d (patch)
tree	d77e7390fdb0dede8b6a64caa15c0f9c61fcb261 /retired/CVE-2017-5986
parent	14dbef9d90b473780b5adbab26f82bdf23716846 (diff)