Retire four CVEs

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@5483 e094ebfe-e918-0410-adfb-c712417f3574

1 files changed, 18 insertions, 0 deletions

diff --git a/retired/CVE-2017-7346 b/retired/CVE-2017-7346
new file mode 100644
index 00000000..de77af4f
--- /dev/null
+++ b/retired/CVE-2017-7346
@@ -0,0 +1,18 @@
+Description: drm/vmwgfx: limit the number of mip levels in vmw_gb_surface_define_ioctl()
+References:
+ https://lists.freedesktop.org/archives/dri-devel/2017-March/137429.html
+ https://bugzilla.redhat.com/show_bug.cgi?id=1437431
+ https://marc.info/?l=linux-kernel&m=149086968410117&w=2
+ https://lists.freedesktop.org/archives/dri-devel/2017-April/138293.html
+Notes:
+ bwh> Introduced by commit a97e21923b42 "drm/vmwgfx: Hook up guest-backed
+ bwh> surfaces" in 3.14.
+Bugs:
+upstream: released (4.12-rc5) [ee9c4e681ec4f58e42a83cb0c22a0289ade1aacf]
+4.9-upstream-stable: released (4.9.32) [a76ff847013a7f6b1cd328381ca263ddcca12061]
+3.16-upstream-stable: released (3.16.45) [7943d19453aa1a1acf93bdb2812e0bef970ec23c]
+3.2-upstream-stable: N/A "Vulnerable code not present"
+sid: released (4.11.6-1)
+4.9-stretch-security: released (4.9.30-2+deb9u3) [bugfix/x86/drm-vmwgfx-limit-the-number-of-mip-levels-in-vmw_gb_.patch]
+3.16-jessie-security: released (3.16.43-2+deb8u3) [bugfix/x86/drm-vmwgfx-limit-the-number-of-mip-levels-in-vmw_gb_.patch]
+3.2-wheezy-security: N/A "Vulnerable code not present"