From 5995bb05fadb43acd248258147490c1c08ae951a Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Tue, 28 Jun 2016 08:34:54 +0000
Subject: Retire several CVEs

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@4499 e094ebfe-e918-0410-adfb-c712417f3574
---
 retired/CVE-2016-3951 | 11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100644 retired/CVE-2016-3951

(limited to 'retired/CVE-2016-3951')

diff --git a/retired/CVE-2016-3951 b/retired/CVE-2016-3951
new file mode 100644
index 00000000..b57c75b6
--- /dev/null
+++ b/retired/CVE-2016-3951
@@ -0,0 +1,11 @@
+Description: usbnet: memory corruption triggered by invalid USB descriptor
+References:
+Notes:
+ bwh> First part was included in 3.16.7-ckt26 and doesn't seem to be needed for 3.2
+Bugs:
+upstream: released (4.5) [4d06dd537f95683aba3651098ae288b7cbff8274, 1666984c8625b3db19a9abc298931d35ab7bc64b]
+3.16-upstream-stable: released (3.16.35) [usbnet-cleanup-after-bind-in-probe.patch]
+3.2-upstream-stable: released (3.2.80) [usbnet-cleanup-after-bind-in-probe.patch]
+sid: released (4.5.1-1)
+3.16-jessie-security: released (3.16.7-ckt25-2+deb8u1) [bugfix/all/cdc_ncm-do-not-call-usbnet_link_change-from-cdc_ncm_.patch, bugfix/all/usbnet-cleanup-after-bind-in-probe.patch]
+3.2-wheezy-security: released (3.2.81-1)
-- 
cgit v1.2.3