Retire CVE-2018-10883

Fix now complete as well for 4.9-upstream-stable and no further tracking
action is needed.

1 files changed, 16 insertions, 0 deletions

diff --git a/retired/CVE-2018-10883 b/retired/CVE-2018-10883
new file mode 100644
index 00000000..9b78822e
--- /dev/null
+++ b/retired/CVE-2018-10883
@@ -0,0 +1,16 @@
+Description: stack-out-of-bounds write in jbd2_journal_dirty_metadata()
+References:
+ https://bugzilla.kernel.org/show_bug.cgi?id=200071
+ https://patchwork.ozlabs.org/patch/930638/
+ https://patchwork.ozlabs.org/patch/930641/
+Notes:
+ carnil> Upstream 4.9.x series did only contain the first part in
+ carnil> 4.9.112. The backport of 8bc1379b82b8 is requested via
+ carnil> <20181011185142.104586-2-fengc@google.com> .
+Bugs:
+upstream: released (4.18-rc4) [e09463f220ca9a1a1ecfda84fcda658f99a1f12a, 8bc1379b82b8e809eef77a9fedbb75c6c297be19]
+4.9-upstream-stable: released (4.9.112) [8ef97ef67ce0f8fc3d32c7218e6b412e479ee2ab], (4.9.135) [7dd55897f23c4e3e3a864c5c72722f7e412138e9]
+3.16-upstream-stable: released (3.16.58) [jbd2-don-t-mark-block-as-modified-if-the-handle-is-out-of-credits.patch, ext4-avoid-running-out-of-journal-credits-when-appending-to-an.patch]
+sid: released (4.17.3-1) [bugfix/all/jbd2-don-t-mark-block-as-modified-if-the-handle-is-o.patch, bugfix/all/ext4-avoid-running-out-of-journal-credits-when-appen.patch]
+4.9-stretch-security: released (4.9.110-1) [bugfix/all/jbd2-don-t-mark-block-as-modified-if-the-handle-is-o.patch, bugfix/all/ext4-avoid-running-out-of-journal-credits-when-appen.patch]
+3.16-jessie-security: released (3.16.59-1)