Retire issues that are now released, N/A, or ignored in all branches

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@5589 e094ebfe-e918-0410-adfb-c712417f3574

1 files changed, 19 insertions, 0 deletions

diff --git a/retired/CVE-2017-7558 b/retired/CVE-2017-7558
new file mode 100644
index 00000000..75035d11
--- /dev/null
+++ b/retired/CVE-2017-7558
@@ -0,0 +1,19 @@
+Description: sctp: out-of-bounds read in  inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info()
+References:
+ http://www.openwall.com/lists/oss-security/2017/08/23/1
+ https://marc.info/?t=150348787500002&r=1&w=2
+Notes:
+ carnil> proposed patch in https://marc.info/?l=linux-netdev&m=150348777122761&w=2
+ carnil> the bug is said to be present from 4.7-rc1 on wards, but needs to be
+ carnil> checked if we have otherwise backport the issue
+ bwh> The sctp_diag code was added in 4.7 and we did not backport it.
+Bugs:
+ https://bugzilla.redhat.com/show_bug.cgi?id=1480266
+upstream: released (4.13) [ee6c88bb754e3d363e568da78086adfedb692447]
+4.9-upstream-stable: released (4.9.51) [08d56d8a99bb82e134ba7704e4cfdabbcc16fc4f]
+3.16-upstream-stable: N/A "Vulnerable code not present"
+3.2-upstream-stable: N/A "Vulnerable code not present"
+sid: released (4.12.13-1) [bugfix/all/sctp-Avoid-out-of-bounds-reads-from-address-storage.patch]
+4.9-stretch-security: released (4.9.30-2+deb9u4) [bugfix/all/sctp-Avoid-out-of-bounds-reads-from-address-storage.patch]
+3.16-jessie-security: N/A "Vulnerable code not present"
+3.2-wheezy-security: N/A "Vulnerable code not present"