From b5b111bb1febc114cd20f881f8c6f689f350df19 Mon Sep 17 00:00:00 2001
From: Ben Hutchings <benh@debian.org>
Date: Thu, 23 Feb 2017 22:24:06 +0000
Subject: Explain why CVE-2014-9892 is bullshit, and retire it

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@5002 e094ebfe-e918-0410-adfb-c712417f3574
---
 retired/CVE-2014-9892 | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 retired/CVE-2014-9892

(limited to 'retired/CVE-2014-9892')

diff --git a/retired/CVE-2014-9892 b/retired/CVE-2014-9892
new file mode 100644
index 00000000..4e8e37bd
--- /dev/null
+++ b/retired/CVE-2014-9892
@@ -0,0 +1,20 @@
+Description: [disputed] infoleak in ioctl(SNDRV_COMPRESS_TSTAMP)
+References:
+ http://source.android.com/security/bulletin/2016-08-01.html
+ https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=591b1f455c32206704cbcf426bb30911c260c33e 
+Notes:
+ jmm> Fixed in Android 3.10 kernel, but unfixed in Linux mainline
+ bwh> This doesn't make sense - there should be no padding in a
+ bwh> structure that has all 32-bit members, unless the natural
+ bwh> alignment is explicitly overridden.  I consider this invalid.
+ bwh> Additionally, snd_compr_tstamp and all the other sound
+ bwh> compression related structures now have their alignment
+ bwh> explicitly set to 4 to avoid compat issues on i386/amd64.
+Bugs:
+upstream: N/A "Invalid"
+4.9-upstream-stable: N/A "Invalid"
+3.16-upstream-stable: N/A "Invalid"
+3.2-upstream-stable: N/A "Supposedly vulnerable code not present"
+sid: N/A "Invalid"
+3.16-jessie-security: N/A "Invalid"
+3.2-wheezy-security: N/A "Supposedly vulnerable code not present"
-- 
cgit v1.2.3