From 5a35fd3e2ee09fbe52e052d63d2e491cbd23d973 Mon Sep 17 00:00:00 2001
From: Ben Hutchings <benh@debian.org>
Date: Mon, 28 Nov 2016 19:33:33 +0000
Subject: Retire issues that are released, ignored or N/A in all branches

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@4740 e094ebfe-e918-0410-adfb-c712417f3574
---
 retired/CVE-2016-7916 | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 retired/CVE-2016-7916

(limited to 'retired/CVE-2016-7916')

diff --git a/retired/CVE-2016-7916 b/retired/CVE-2016-7916
new file mode 100644
index 000000000..8df14bbec
--- /dev/null
+++ b/retired/CVE-2016-7916
@@ -0,0 +1,17 @@
+Description:
+ Race condition in the environ_read function in fs/proc/base.c in the Linux kernel
+ before 4.5.4 allows local users to obtain sensitive information from kernel memory
+ by reading a /proc/*/environ file during a process-setup time interval in which
+ environment-variable copying is incomplete. 
+References:
+ http://source.android.com/security/bulletin/2016-11-01.html
+ https://bugzilla.kernel.org/show_bug.cgi?id=116461
+ https://forums.grsecurity.net/viewtopic.php?f=3&t=4363 
+Notes:
+Bugs:
+upstream: released (4.6-rc7) [8148a73c9901a8794a50f950083c00ccf97d43b3]
+3.16-upstream-stable: released (3.16.36)
+3.2-upstream-stable: released (3.2.81)
+sid: released (4.5.4-1)
+3.16-jessie-security: released (3.16.36-1)
+3.2-wheezy-security: released (3.2.81-1)
-- 
cgit v1.2.3