From e3dbddf75d4a856793a85ddc79345781db5b1a5e Mon Sep 17 00:00:00 2001
From: Ben Hutchings <ben@decadent.org.uk>
Date: Wed, 25 Apr 2018 17:28:32 +0100
Subject: Mark CVE-2017-18261 as N/A for stable branches, and retire it

---
 retired/CVE-2017-18261 | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 retired/CVE-2017-18261

(limited to 'retired/CVE-2017-18261')

diff --git a/retired/CVE-2017-18261 b/retired/CVE-2017-18261
new file mode 100644
index 00000000..b24e91dd
--- /dev/null
+++ b/retired/CVE-2017-18261
@@ -0,0 +1,16 @@
+Description: clocksource/drivers/arm_arch_timer: Avoid infinite recursion when ftrace is enabled
+References:
+Notes:
+ bwh> I'm not convinced this is really a security issue.  Anyway, the
+ bwh> vulnerable code path was introduced in 4.12 by commit 6acc71ccac71
+ bwh> "arm64: arch_timer: Allows a CPU-specific erratum to only affect a
+ bwh> subset of CPUs".
+Bugs:
+upstream: released (4.13-rc6) [adb4f11e0a8f4e29900adb2b7af28b6bbd5c1fa4]
+4.9-upstream-stable: N/A "Vulnerable code not present"
+3.16-upstream-stable: N/A "Vulnerable code not present"
+3.2-upstream-stable: N/A "Vulnerable code not present"
+sid: released (4.13.4-1)
+4.9-stretch-security: N/A "Vulnerable code not present"
+3.16-jessie-security: N/A "Vulnerable code not present"
+3.2-wheezy-security: N/A "Vulnerable code not present"
-- 
cgit v1.2.3