From 3f1ac495684211f5c6c8bd5e8eac8d2b405dee68 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Wed, 2 May 2018 08:01:27 +0200
Subject: Retire several CVEs

---
 retired/CVE-2017-17975 | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 retired/CVE-2017-17975

(limited to 'retired/CVE-2017-17975')

diff --git a/retired/CVE-2017-17975 b/retired/CVE-2017-17975
new file mode 100644
index 00000000..b9362ed2
--- /dev/null
+++ b/retired/CVE-2017-17975
@@ -0,0 +1,16 @@
+Description: Double-free in usbtv driver
+References:
+ http://linuxtesting.org/pipermail/ldv-project/2017-November/001008.html
+ https://git.linuxtv.org/media_tree.git/commit?id=50e7044535537b2a54c7ab798cd34c7f6d900bd2
+Notes:
+ bwh> Introduced in 3.18 by commit 63ddf68de52e "[media] usbtv: add audio
+ bwh> support".
+Bugs:
+upstream: released (4.17-rc1) [50e7044535537b2a54c7ab798cd34c7f6d900bd2]
+4.9-upstream-stable: released (4.9.93) [50cd7759a34104c3acb510e644355d4ae8010851]
+3.16-upstream-stable: N/A "Vulnerable code path not present"
+3.2-upstream-stable: N/A "Vulnerable code path not present"
+sid: released (4.15.17-1)
+4.9-stretch-security: released (4.9.88-1) [bugfix/all/media-usbtv-prevent-double-free-in-error-case.patch]
+3.16-jessie-security: N/A "Vulnerable code path not present"
+3.2-wheezy-security: N/A "Vulnerable code path not present"
-- 
cgit v1.2.3