From c77a05b32b2f63a5cefb610c25affbe3a5afe807 Mon Sep 17 00:00:00 2001
From: Ben Hutchings <benh@debian.org>
Date: Thu, 23 Feb 2017 21:55:28 +0000
Subject: Retire many issues now released (or N/A or ignored) in all branches

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@5001 e094ebfe-e918-0410-adfb-c712417f3574
---
 retired/CVE-2015-8964 | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 retired/CVE-2015-8964

(limited to 'retired/CVE-2015-8964')

diff --git a/retired/CVE-2015-8964 b/retired/CVE-2015-8964
new file mode 100644
index 00000000..97e0f859
--- /dev/null
+++ b/retired/CVE-2015-8964
@@ -0,0 +1,18 @@
+Description: Potential information leak or use-after-free in tty subsystem
+References:
+ https://source.android.com/security/bulletin/2016-11-01.html
+Notes:
+ bwh> A known use-after-free bug in N_X25 has already been fixed
+ bwh> (commit ee9159ddce14, no CVE assigned).  The Android security
+ bwh> bulletin says this fixes an information leak, presumably because
+ bwh> if receive_room is too large it will permit reading beyond a
+ bwh> buffer.  We also need commit fd98e9419d8d ("isdn/gigaset: reset
+ bwh> tty->receive_room when attaching ser_gigaset") to avoid a
+ bwh> regression.
+Bugs:
+upstream: released (4.5-rc1) [dd42bf1197144ede075a9d4793123f7689e164bc]
+3.16-upstream-stable: released (3.16.40) [tty-prevent-ldisc-drivers-from-re-using-stale-tty-fields.patch]
+3.2-upstream-stable: released (3.2.85) [tty-prevent-ldisc-drivers-from-re-using-stale-tty-fields.patch]
+sid: released (4.5.1-1)
+3.16-jessie-security: released (3.16.39-1) [bugfix/all/tty-prevent-ldisc-drivers-from-re-using-stale-tty-fi.patch]
+3.2-wheezy-security: released (3.2.84-1) [bugfix/all/tty-prevent-ldisc-drivers-from-re-using-stale-tty-fi.patch]
-- 
cgit v1.2.3