From a243fff16aebe976547d3a7cbe883c193e33c1d5 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Mon, 4 Jun 2018 06:38:07 +0200
Subject: Retire CVE-2017-15121

---
 retired/CVE-2017-15121 | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 retired/CVE-2017-15121

(limited to 'retired/CVE-2017-15121')

diff --git a/retired/CVE-2017-15121 b/retired/CVE-2017-15121
new file mode 100644
index 00000000..273c481f
--- /dev/null
+++ b/retired/CVE-2017-15121
@@ -0,0 +1,17 @@
+Description: vfs: BUG in truncate_inode_pages_range() and fuse client
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=1520893
+Notes:
+ bwh> Red Hat reports this as affecting RHEL 6 (2.6.32ish) and 7 (3.10ish),
+ bwh> so I assume that 3.2 is affected.
+ bwh> The upstream fix depends on commit d47992f86b30 "mm: change invalidatepage
+ bwh> prototype to accept length" etc.  We'll need something simpler for 3.2.
+Bugs:
+upstream: released (3.11-rc1) [5a7203947a1d9b6f3a00a39fda08c2466489555f]
+4.9-upstream-stable: N/A "Fixed before branching point"
+3.16-upstream-stable: N/A "Fixed before branching point"
+3.2-upstream-stable: ignored "Too much work to backport"
+sid: released (3.11.5-1)
+4.9-stretch-security: N/A "Fixed before branching point"
+3.16-jessie-security: N/A "Fixed before branching point"
+3.2-wheezy-security: ignored "Too much work to backport"
-- 
cgit v1.2.3