From 9a53b9c6d958966fc78a6511fbe0f7926448251a Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Sun, 24 Dec 2017 07:36:56 +0000
Subject: Retire several CVEs

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@5834 e094ebfe-e918-0410-adfb-c712417f3574
---
 retired/CVE-2017-17854 | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100644 retired/CVE-2017-17854

(limited to 'retired/CVE-2017-17854')

diff --git a/retired/CVE-2017-17854 b/retired/CVE-2017-17854
new file mode 100644
index 00000000..ebbba195
--- /dev/null
+++ b/retired/CVE-2017-17854
@@ -0,0 +1,14 @@
+Description: bpf: fix integer overflows
+References:
+ http://www.openwall.com/lists/oss-security/2017/12/21/2
+Notes:
+ carnil> Introduced by f1174f77b50c94eecaa658fdc56fa69b421de4b8 in 4.14-rc1
+Bugs:
+upstream: released (4.15-rc5) [bb7f0f989ca7de1153bd128a40a71709e339fa03]
+4.9-upstream-stable: N/A "Vulnerable code introduced in 4.14-rc1"
+3.16-upstream-stable: N/A "Vulnerable code introduced in 4.14-rc1"
+3.2-upstream-stable: N/A "Vulnerable code introduced in 4.14-rc1"
+sid: released (4.14.7-1) [bugfix/all/bpf-fix-integer-overflows.patch]
+4.9-stretch-security: N/A "Vulnerable code not present"
+3.16-jessie-security: N/A "Vulnerable code not present"
+3.2-wheezy-security: N/A "Vulnerable code not present"
-- 
cgit v1.2.3