From fa4b479102f1f23791cd21b1497d6467c3721d50 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Fri, 12 Apr 2019 15:47:28 +0200
Subject: Retire CVE-2017-1000379

---
 retired/CVE-2017-1000379 | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 retired/CVE-2017-1000379

(limited to 'retired/CVE-2017-1000379')

diff --git a/retired/CVE-2017-1000379 b/retired/CVE-2017-1000379
new file mode 100644
index 00000000..db4983bd
--- /dev/null
+++ b/retired/CVE-2017-1000379
@@ -0,0 +1,19 @@
+Description: mmap'd regions including ld.so data segment may be close to stack limit
+References:
+ https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
+Notes:
+ bwh> It's unclear to me whether this deserves a specific fix, separate
+ bwh> from that for CVE-2017-1000364.
+ carnil> It's unclear wich of the stack-clash patchset patches fixes the
+ carnil> issue in specific.
+ jmm> Red Hat, Ubuntu and SuSE all closed this bug with a reference that it's
+ jmm> fixed along with the other fixes, shall we just do the same?
+Bugs:
+upstream: released (4.12-rc6) [1be7107fbe18eed3e319a6c3e83c78254b693acb]
+4.9-upstream-stable: released (4.9.34) [cfc0eb403816c5c4f9667d959de5e22789b5421e]
+3.16-upstream-stable: released (3.16.45) [978b8aa1646d4e023edd121c7f1b8f938ccb813d]
+3.2-upstream-stable: ignored "EOL"
+sid: released (4.11.6-1) [bugfix/all/mm-larger-stack-guard-gap-between-vmas.patch]
+4.9-stretch-security: released (4.9.30-2+deb9u1)
+3.16-jessie-security: released (3.16.43-2+deb8u1)
+3.2-wheezy-security: ignored "EOL"
-- 
cgit v1.2.3