From c288d49c181cc94469fe3ed9b4dd2e5f240c1692 Mon Sep 17 00:00:00 2001
From: Ben Hutchings <benh@debian.org>
Date: Sat, 26 Sep 2015 14:39:12 +0000
Subject: Retire CVE-2015-7312

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@3937 e094ebfe-e918-0410-adfb-c712417f3574
---
 retired/CVE-2015-7312 | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100644 retired/CVE-2015-7312

(limited to 'retired/CVE-2015-7312')

diff --git a/retired/CVE-2015-7312 b/retired/CVE-2015-7312
new file mode 100644
index 000000000..b5449ff79
--- /dev/null
+++ b/retired/CVE-2015-7312
@@ -0,0 +1,14 @@
+Description: Use-after-free bugs introduced by aufs mmap patch
+References:
+ http://sourceforge.net/p/aufs/mailman/aufs-users/thread/e5b3205e4688d8a53e217d928020f1cd%40biscuit.intersec.com/
+ http://www.openwall.com/lists/oss-security/2015/09/10/3
+Notes:
+Bugs: #796036
+upstream: N/A "vulnerable code not present"
+3.16-upstream-stable: N/A "vulnerable code not present"
+3.2-upstream-stable: N/A "vulnerable code not present"
+2.6.32-upstream-stable: N/A "vulnerable code not present"
+sid: released (4.2.1-1) [features/all/aufs4/aufs4-mmap.patch]
+3.16-jessie-security: released (3.16.7-ckt11-1+deb8u4) [features/all/aufs3/aufs3-mmap-fix-races.patch]
+3.2-wheezy-security: N/A "vulnerable code not present"
+2.6.32-squeeze-security: N/A "vulnerable code not present"
-- 
cgit v1.2.3