Retire inactive issues

1 files changed, 22 insertions, 0 deletions

diff --git a/retired/CVE-2018-5995 b/retired/CVE-2018-5995
new file mode 100644
index 00000000..66f6fa15
--- /dev/null
+++ b/retired/CVE-2018-5995
@@ -0,0 +1,22 @@
+Description: local information disclosure
+References:
+ https://github.com/johnsonwangqize/cve-linux/blob/master/CVE-2018-5995.md
+Notes:
+ bwh> The upstream fix was to obscure formatted pointer values by
+ bwh> default.  This carries a high risk of regression so I don't
+ bwh> think it should be backported.  A more targetted fix should
+ bwh> be possible.
+ carnil> 4.9 stretch-security marked as ignored for tracking given the
+ carnil> kernel log is restricted to root by default. But as 4.9.171
+ carnil> includes the fix the fix will land in a stretch point release
+ carnil> as well. So not retiring it yet to mark the fixed version
+ carnil> later on.
+Bugs:
+upstream: released (4.15-rc2) [ad67b74d2469d9b82aaa572d76474c95bc484d57]
+4.19-upstream-stable: N/A "Fixed before branch point"
+4.9-upstream-stable: released (4.9.171) [2c4ae3a694fabfc19b0fc6e65d530a7cdb542bda]
+3.16-upstream-stable: released (3.16.67) [14c2d9209a135872def8508e3f19c74f0f3fee52]
+sid: released (4.15.4-1)
+4.19-buster-security: N/A "Fixed before branching point"
+4.9-stretch-security: released (4.9.168-1+deb9u5) [bugfix/all/percpu-stop-printing-kernel-addresses.patch]
+3.16-jessie-security: released (3.16.68-1)