Mark CVE-2017-9986 as pending upstream, and retire it

The OSS drivers have been removed upstream. git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@5721 e094ebfe-e918-0410-adfb-c712417f3574
author: Ben Hutchings <benh@debian.org> 2017-11-16 17:50:26 +0000
committer: Ben Hutchings <benh@debian.org> 2017-11-16 17:50:26 +0000
commit: f50c9e7d38f7830c9af8cbc5dc0bcbfd0b82b8c9 (patch)
tree: a7017014bdc0fe2aa30542ce4d85ba9acbcce5d1 /retired/CVE-2017-9986
parent: 4dcbe14c721962a81db44158561b1a7bf335358a (diff)
1 files changed, 16 insertions, 0 deletions
diff --git a/retired/CVE-2017-9986 b/retired/CVE-2017-9986
new file mode 100644
index 00000000..5470c2b2
--- /dev/null
+++ b/retired/CVE-2017-9986
@@ -0,0 +1,16 @@
+Description: Double fetch problem in sound/oss/msnd_pinnacle.c
+References:
+Notes:
+ bwh> Malicious ISA cards aren't worth worrying about, unlike USB devices.
+ bwh> Also, Debian doesn't build the OSS drivers and they have been removed
+ bwh> upstream.
+Bugs:
+ https://bugzilla.kernel.org/show_bug.cgi?id=196135
+upstream: pending (4.15-rc1) [727dede0ba8afbd8d19116d39f2ae8d19d00033d]
+4.9-upstream-stable: ignored "Minor issue"
+3.16-upstream-stable: ignored "Minor issue"
+3.2-upstream-stable: ignored "Minor issue"
+sid: ignored "Minor issue"
+4.9-stretch-security: ignored "Minor issue"
+3.16-jessie-security: ignored "Minor issue"
+3.2-wheezy-security: ignored "Minor issue"
author	Ben Hutchings <benh@debian.org>	2017-11-16 17:50:26 +0000
committer	Ben Hutchings <benh@debian.org>	2017-11-16 17:50:26 +0000
commit	f50c9e7d38f7830c9af8cbc5dc0bcbfd0b82b8c9 (patch)
tree	a7017014bdc0fe2aa30542ce4d85ba9acbcce5d1 /retired/CVE-2017-9986
parent	4dcbe14c721962a81db44158561b1a7bf335358a (diff)