From 167c0dab924d8723b1faf9bee55244c524f93f70 Mon Sep 17 00:00:00 2001
From: Ben Hutchings <benh@debian.org>
Date: Fri, 4 Mar 2016 13:56:51 +0000
Subject: Mark two more issues pending for 2.6.32-upstream and retire them

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@4225 e094ebfe-e918-0410-adfb-c712417f3574
---
 retired/CVE-2016-2384 | 12 ++++++++++++
 1 file changed, 12 insertions(+)
 create mode 100644 retired/CVE-2016-2384

(limited to 'retired/CVE-2016-2384')

diff --git a/retired/CVE-2016-2384 b/retired/CVE-2016-2384
new file mode 100644
index 00000000..9301dd30
--- /dev/null
+++ b/retired/CVE-2016-2384
@@ -0,0 +1,12 @@
+Description: Double-free in snd-usbmidi-lib triggered by invalid USB descriptor
+References:
+Notes:
+Bugs:
+upstream: released (4.5-rc4) [07d86ca93db7e5cdf4743564d98292042ec21af7]
+3.16-upstream-stable: released (3.16.7-ckt25)
+3.2-upstream-stable: released (3.2.78) [alsa-usb-audio-avoid-freeing-umidi-object-twice.patch]
+2.6.32-upstream-stable: pending (2.6.32.71)
+sid: released (4.4.2-1) [bugfix/all/alsa-usb-audio-avoid-freeing-umidi-object-twice.patch]
+3.16-jessie-security: released (3.16.7-ckt20-1+deb8u4) [bugfix/all/alsa-usb-audio-avoid-freeing-umidi-object-twice.patch]
+3.2-wheezy-security: released (3.2.73-2+deb7u3) [bugfix/all/alsa-usb-audio-avoid-freeing-umidi-object-twice.patch]
+2.6.32-squeeze-security: released (2.6.32-48squeeze20) [bugfix/all/alsa-usb-audio-avoid-freeing-umidi-object-twice.patch]
-- 
cgit v1.2.3