From c512a89c1d6b81d1005cdd5604833bef87a93b2e Mon Sep 17 00:00:00 2001
From: Ben Hutchings <benh@debian.org>
Date: Thu, 3 Apr 2014 23:54:49 +0000
Subject: Retire CVE-2013-7348

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@3291 e094ebfe-e918-0410-adfb-c712417f3574
---
 retired/CVE-2013-7348 | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 retired/CVE-2013-7348

(limited to 'retired/CVE-2013-7348')

diff --git a/retired/CVE-2013-7348 b/retired/CVE-2013-7348
new file mode 100644
index 00000000..48c3aa82
--- /dev/null
+++ b/retired/CVE-2013-7348
@@ -0,0 +1,16 @@
+Description: aio: prevent double free in ioctx_alloc
+References:
+Notes:
+ bwh> So far as I can see, this was introduced by commit e34ecee2ae79
+ bwh> "aio: Fix a trinity splat" and fixed by commit d558023207e0, both
+ bwh> of which went into 3.13-rc3 and 3.12.4.  So no releases appear to
+ bwh> be affected and this CVE is entirely bogus.
+ bwh> There was another regression caused by "aio: Fix a trinity splat",
+ bwh> fixed by commit 200067a3f3e7 "aio: fix kioctx leak ..."
+Bugs:
+upstream: N/A "vulnerable code not present"
+2.6.32-upstream-stable: N/A "vulnerable code not present"
+sid: N/A "vulnerable code not present"
+3.2-wheezy-security: N/A "vulnerable code not present"
+2.6.32-squeeze-security: N/A "vulnerable code not present"
+3.2-upstream-stable: N/A "vulnerable code not present"
-- 
cgit v1.2.3