Retire inactive issues

author: Ben Hutchings <ben@decadent.org.uk> 2019-03-28 01:50:09 +0000
committer: Ben Hutchings <ben@decadent.org.uk> 2019-03-28 01:50:09 +0000
commit: 27b3d6a80bd2f514d34d033cf2bd02f4e3145ad7 (patch)
tree: 3c74df6a121b9b0354a8cbd59ebdc1b5b54ad106 /retired/CVE-2018-1128
parent: eb51c7725271bea941d40933c031ae86b716e971 (diff)
1 files changed, 17 insertions, 0 deletions
diff --git a/retired/CVE-2018-1128 b/retired/CVE-2018-1128
new file mode 100644
index 00000000..e6ccf295
--- /dev/null
+++ b/retired/CVE-2018-1128
@@ -0,0 +1,17 @@
+Description: libceph: add authorizer challenge
+References:
+ http://tracker.ceph.com/issues/24836
+Notes:
+ bwh> If I understand this rightly, this is a vulnerability in the Ceph
+ bwh> server, not the in-kernel client.  But the fix is an incompatible
+ bwh> protocol change, and that's why the client needs to be updated too.
+ bwh> I don't think this is practical for 3.16 as the protocol change
+ bwh> seems to depend on message signatures which were added in 3.19.
+Bugs:
+upstream: released (4.19-rc1) [6daca13d2e72bedaaacfc08f873114c9307d5aea]
+4.19-upstream-stable: N/A "Fixed before branch point"
+4.9-upstream-stable: released (4.9.144) [06e925920d4de3da2114876bc607447e929604af]
+3.16-upstream-stable: ignored "Protocol change is too difficult"
+sid: released (4.19.9-1)
+4.9-stretch-security: released (4.9.144-1)
+3.16-jessie-security: ignored "Protocol change is too difficult"
author	Ben Hutchings <ben@decadent.org.uk>	2019-03-28 01:50:09 +0000
committer	Ben Hutchings <ben@decadent.org.uk>	2019-03-28 01:50:09 +0000
commit	27b3d6a80bd2f514d34d033cf2bd02f4e3145ad7 (patch)
tree	3c74df6a121b9b0354a8cbd59ebdc1b5b54ad106 /retired/CVE-2018-1128
parent	eb51c7725271bea941d40933c031ae86b716e971 (diff)