From f3dd331af9c70c6b5158fc1cd6a0ebc8f14714d3 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Sat, 9 Dec 2017 08:52:03 +0000
Subject: Retire several CVEs fixed everywhere

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@5772 e094ebfe-e918-0410-adfb-c712417f3574
---
 retired/CVE-2017-16534 | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 retired/CVE-2017-16534

(limited to 'retired/CVE-2017-16534')

diff --git a/retired/CVE-2017-16534 b/retired/CVE-2017-16534
new file mode 100644
index 00000000..25ab3091
--- /dev/null
+++ b/retired/CVE-2017-16534
@@ -0,0 +1,16 @@
+Description: USB: core: harden cdc_parse_cdc_header
+References:
+Notes:
+ bwh> Introduced in 4.4 by commit c40a2c8817e4 "CDC: common parser for extra
+ bwh> headers", but there may be similar bugs in individual drivers in older
+ bwh> versions.  cdc_ether seems to have missed a length check for
+ bwh> USB_CDC_ACM_TYPE.
+Bugs:
+upstream: released (4.14-rc4) [2e1c42391ff2556387b3cb6308b24f6f65619feb]
+4.9-upstream-stable: released (4.9.55) [767f7a2cf33a135fe3f57010b51c3f6e92d7677d]
+3.16-upstream-stable: N/A "Vulnerable code not present"
+3.2-upstream-stable: N/A "Vulnerable code not present"
+sid: released (4.13.10-1)
+4.9-stretch-security: released (4.9.65-1)
+3.16-jessie-security: N/A "Vulnerable code not present"
+3.2-wheezy-security: N/A "Vulnerable code not present"
-- 
cgit v1.2.3