From 4f4de25a7b32551359a35554b6d277215d24a486 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Sun, 10 Dec 2017 05:37:16 +0000
Subject: Retire CVEs fixed everywhere

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@5780 e094ebfe-e918-0410-adfb-c712417f3574
---
 retired/CVE-2017-15265 | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 retired/CVE-2017-15265

(limited to 'retired/CVE-2017-15265')

diff --git a/retired/CVE-2017-15265 b/retired/CVE-2017-15265
new file mode 100644
index 00000000..3186955c
--- /dev/null
+++ b/retired/CVE-2017-15265
@@ -0,0 +1,19 @@
+Description: alsa: use-after-free in /dev/snd/seq
+References:
+ http://www.openwall.com/lists/oss-security/2017/10/11/3
+ https://bugzilla.suse.com/show_bug.cgi?id=1062520
+ http://mailman.alsa-project.org/pipermail/alsa-devel/2017-October/126292.html
+Notes:
+ bwh> The bug appears to have been introduced in 2.6.9 by "ALSA CVS update
+ bwh> ... Unlock BKL in ioctl callback to avoid the long preempt-disabling."
+ bwh> For !SMP configurations, commit 8009d506a1dd "ALSA: seq: Enable 'use'
+ bwh> locking in all configurations" is also needed.
+Bugs:
+upstream: released (4.14-rc5) [71105998845fb012937332fe2e806d443c09e026]
+4.9-upstream-stable: released (4.9.57) [35b84860667ff081eee56b62f3db2a28ca8a3823]
+3.16-upstream-stable: released (3.16.50) [853c65fe1db498563bdeea5b7e733441db34d330]
+3.2-upstream-stable: released (3.2.95) [c3895a053b2505f9e409e6d6c57dcece714ab486]
+sid: released (4.13.4-2) [bugfix/all/ALSA-seq-Fix-use-after-free-at-creating-a-port.patch]
+4.9-stretch-security: released (4.9.65-1)
+3.16-jessie-security: released (3.16.51-1)
+3.2-wheezy-security: released (3.2.96-1)
-- 
cgit v1.2.3