Retire some CVEs

author: Salvatore Bonaccorso <carnil@debian.org> 2020-07-18 11:58:21 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2020-07-18 11:58:21 +0200
commit: e9cf8d89fbcbcbb119deb6204f524ccfdc09bb9c (patch)
tree: 56f387cf169ceeb8be47ddd007c36f9b329fef84 /retired/CVE-2018-9517
parent: aa415a73d49d2cebbeb4713527804c30a998b850 (diff)
1 files changed, 16 insertions, 0 deletions
diff --git a/retired/CVE-2018-9517 b/retired/CVE-2018-9517
new file mode 100644
index 00000000..4ae237e0
--- /dev/null
+++ b/retired/CVE-2018-9517
@@ -0,0 +1,16 @@
+Description: race condition in l2tp tunnel handling
+References:
+ https://source.android.com/security/bulletin/pixel/2018-09-01
+Notes:
+ carnil> Introduced an ABI change AFAICS so might just be postponed
+ carnil> to an update where anyway an ABI bump would be required.
+ bwh> l2tp was missing a *lot* of fixes in 4.9, until 4.9.225.
+Bugs:
+upstream: released (4.14-rc1) [f026bc29a8e093edfbb2a77700454b285c97e8ad]
+4.19-upstream-stable: N/A "Fixed before branch point"
+4.9-upstream-stable: released (4.9.225) [feaed88dccc4742805c41260040103fa8a7f0df2]
+3.16-upstream-stable: released (3.16.51) [0b3ca265e81f5e1d9f7f66ad416cbabecca914cf]
+sid: released (4.14.2-1)
+4.19-buster-security: N/A "Fixed before branching point"
+4.9-stretch-security: released (4.9.228-1)
+3.16-jessie-security: released (3.16.51-1)
author	Salvatore Bonaccorso <carnil@debian.org>	2020-07-18 11:58:21 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2020-07-18 11:58:21 +0200
commit	e9cf8d89fbcbcbb119deb6204f524ccfdc09bb9c (patch)
tree	56f387cf169ceeb8be47ddd007c36f9b329fef84 /retired/CVE-2018-9517
parent	aa415a73d49d2cebbeb4713527804c30a998b850 (diff)