Retire some CVEs

1 files changed, 20 insertions, 0 deletions

diff --git a/retired/CVE-2018-3646 b/retired/CVE-2018-3646
new file mode 100644
index 00000000..1a769b12
--- /dev/null
+++ b/retired/CVE-2018-3646
@@ -0,0 +1,20 @@
+Description: hw: cpu: L1 terminal fault (L1TF) [for attack vector against virtualization hypervisor (KVM)]
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=1585005
+ https://git.kernel.org/linus/958f338e96f874a0d29442396d6adf9c1e17aa2d
+ https://access.redhat.com/security/vulnerabilities/L1TF
+ https://foreshadowattack.eu/
+ https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault
+ https://access.redhat.com/articles/3562741
+ https://xenbits.xen.org/xsa/advisory-273.html
+Notes:
+ carnil> Will be adressed in 4.18.1, 4.17.15, 4.14.63, 4.9.120, and 4.4.148.
+Bugs:
+upstream: released (4.19-rc1) [781fca5b104693bc9242199cc47c690dcaf6a4cb..07d981ad4cf1e78361c6db1c28ee5ba105f96cc1]
+4.19-upstream-stable: N/A "Fixed before branch point"
+4.9-upstream-stable: released (4.9.120) [329d815667373e858497b5947ad0484194d8c3e2..7f5d090ffe9e7603265e7991aacec64d86cf70ab]
+3.16-upstream-stable: ignored "Too invasive and risky to apply"
+sid: released (4.17.15-1)
+4.19-buster-security: N/A "Fixed before branching point"
+4.9-stretch-security: released (4.9.110-3+deb9u3)
+3.16-jessie-security: ignored "Too invasive and risky to apply"