Retire several CVEs

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@5347 e094ebfe-e918-0410-adfb-c712417f3574

1 files changed, 17 insertions, 0 deletions

diff --git a/retired/CVE-2017-7618 b/retired/CVE-2017-7618
new file mode 100644
index 00000000..0e96cf94
--- /dev/null
+++ b/retired/CVE-2017-7618
@@ -0,0 +1,17 @@
+Description: crypto: ahash - Fix EINPROGRESS notification callback
+References:
+ http://marc.info/?l=linux-crypto-vger&m=149181655623850&w=2
+ https://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git/commit/?id=ef0579b64e93188710d48667cb5e014926af9f1b
+Notes:
+ bwh> This depends on several earlier fixes to crypto/ahash.c, applied
+ bwh> between 3.2 and 3.16.  It also breaks algif_aead, fixed by commit
+ bwh> e6534aebb26e ("crypto: algif_aead - Fix bogus request dereference in
+ bwh> completion function").
+Bugs:
+upstream: released (4.11-rc8) [ef0579b64e93188710d48667cb5e014926af9f1b]
+4.9-upstream-stable: released (4.9.24) [c10479591869177ae7ac0570b54ace6fbdeb57c2]
+3.16-upstream-stable: released (3.16.44) [13af702256f8b7d9bb51b86c982fe08e96c589c8]
+3.2-upstream-stable: released (3.2.89) [82ef3e7b16e777db114a0c3699b91134417fe8c9]
+sid: released (4.9.25-1)
+3.16-jessie-security: released (3.16.43-1) [bugfix/all/crypto-ahash-fix-einprogress-notification-callback.patch]
+3.2-wheezy-security: released (3.2.88-1) [bugfix/all/crypto-ahash-fix-einprogress-notification-callback.patch]