From 938f0c44db72b0fac848615346b5c5c7ca285419 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Mon, 2 Oct 2017 04:23:09 +0000
Subject: Retire CVE-2017-14954

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@5608 e094ebfe-e918-0410-adfb-c712417f3574
---
 retired/CVE-2017-14954 | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 retired/CVE-2017-14954

(limited to 'retired/CVE-2017-14954')

diff --git a/retired/CVE-2017-14954 b/retired/CVE-2017-14954
new file mode 100644
index 00000000..626bf94d
--- /dev/null
+++ b/retired/CVE-2017-14954
@@ -0,0 +1,16 @@
+Description: fix infoleak in waitid(2)
+References:
+ https://grsecurity.net/~spender/exploits/wait_for_kaslr_to_be_effective.c
+ https://twitter.com/_argp/status/914021130712870912
+ https://twitter.com/grsecurity/status/914079864478666753
+Notes:
+ carnil> Fixes ce72a16fa705f960ca2352e95a7c5f4801475e75 (4.13-rc1)
+Bugs:
+upstream: released (4.14-rc3) [6c85501f2fabcfc4fc6ed976543d252c4eaf4be9]
+4.9-upstream-stable: N/A "Vulnerable code introduced in 4.13-rc1"
+3.16-upstream-stable: N/A "Vulnerable code introduced in 4.13-rc1"
+3.2-upstream-stable: N/A "Vulnerable code introduced in 4.13-rc1"
+sid: N/A "Vulnerable code not present"
+4.9-stretch-security: N/A "Vulnerable code not present"
+3.16-jessie-security: N/A "Vulnerable code not present"
+3.2-wheezy-security: N/A "Vulnerable code not present"
-- 
cgit v1.2.3