From 5a93b3838452bc79fe0fbd352f1a0eba9f51ac17 Mon Sep 17 00:00:00 2001
From: Ben Hutchings <benh@debian.org>
Date: Sun, 5 Mar 2017 18:49:03 +0000
Subject: Mark CVE-2014-9900 as ignored in all branches, and retire

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@5032 e094ebfe-e918-0410-adfb-c712417f3574
---
 retired/CVE-2014-9900 | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 retired/CVE-2014-9900

(limited to 'retired/CVE-2014-9900')

diff --git a/retired/CVE-2014-9900 b/retired/CVE-2014-9900
new file mode 100644
index 000000000..ef8972ab8
--- /dev/null
+++ b/retired/CVE-2014-9900
@@ -0,0 +1,18 @@
+Description: Potential info-leak in ethtool_get_wol()
+References:
+ https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=63c317dbee97983004dffdd9f742a20d17150071
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9900
+ http://source.android.com/security/bulletin/2016-08-01.html
+ https://lkml.org/lkml/2016/8/23/314
+Notes:
+ jmm> Fixed in Android 3.10 kernel, but this is still unfixed in current mainline
+ bwh> This is compiler-dependent, and doesn't appear to have been demonstrated
+ bwh> as an actual leak (yet).
+Bugs:
+upstream: ignored "minor and as-yet theoretical issue"
+4.9-upstream-stable: ignored "upstream first"
+3.16-upstream-stable: ignored "upstream first"
+3.2-upstream-stable: ignored "upstream first"
+sid: ignored "minor and as-yet theoretical issue"
+3.16-jessie-security: ignored "minor and as-yet theoretical issue"
+3.2-wheezy-security: ignored "minor and as-yet theoretical issue
-- 
cgit v1.2.3