From 0cfb6301118bc0a69433f63bc9fa5b2fe0f27ed2 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Sun, 6 Nov 2016 16:30:32 +0000
Subject: Retire CVE-2016-7039

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@4690 e094ebfe-e918-0410-adfb-c712417f3574
---
 retired/CVE-2016-7039 | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100644 retired/CVE-2016-7039

(limited to 'retired/CVE-2016-7039')

diff --git a/retired/CVE-2016-7039 b/retired/CVE-2016-7039
new file mode 100644
index 00000000..91aec662
--- /dev/null
+++ b/retired/CVE-2016-7039
@@ -0,0 +1,14 @@
+Description: net: unbounded recursion in the vlan GRO processing
+References:
+ https://www.mail-archive.com/netdev%40vger.kernel.org/msg132064.html
+ https://patchwork.ozlabs.org/patch/680412/
+Notes:
+ carnil> Note the break-fix fac8e0f579695a3ecbc4d3cac369139d7f819971
+ carnil> got assigned a separate CVE ID, CVE-2016-8666
+Bugs:
+upstream: released (4.9-rc4) [fcd91dd449867c6bfe56a81cabba76b829fd05cd]
+3.16-upstream-stable: N/A "Vulnerable code introduced with 9b174d88c257150562b0101fcc6cb6c3cb74275c and 66e5133f19e901a044fa5eaeeb6ecff4545839e5"
+3.2-upstream-stable: N/A "Vulnerable code introduced with 9b174d88c257150562b0101fcc6cb6c3cb74275c and 66e5133f19e901a044fa5eaeeb6ecff4545839e5"
+sid: released (4.7.8-1) [bugfix/all/net-add-recursion-limit-to-gro.patch]
+3.16-jessie-security: N/A "Vulnerable code not present"
+3.2-wheezy-security: N/A "Vulnerable code not present"
-- 
cgit v1.2.3