From f43050596507c5a376a3d6fbd8ee81f4be15d71b Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Fri, 28 Apr 2017 04:22:10 +0000
Subject: Retire two CVEs

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@5240 e094ebfe-e918-0410-adfb-c712417f3574
---
 retired/CVE-2017-5970 | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
 create mode 100644 retired/CVE-2017-5970

(limited to 'retired/CVE-2017-5970')

diff --git a/retired/CVE-2017-5970 b/retired/CVE-2017-5970
new file mode 100644
index 00000000..7b30fd0d
--- /dev/null
+++ b/retired/CVE-2017-5970
@@ -0,0 +1,15 @@
+Description: ipv4: Invalid IP options could cause skb->dst drop
+References:
+ http://seclists.org/oss-sec/2017/q1/414
+ https://patchwork.ozlabs.org/patch/724136/
+Notes:
+ bwh> This was actually introduced in 2.6.35 by commit f84af32cbca70
+ bwh> ("net: ip_queue_rcv_skb() helper").
+Bugs:
+upstream: released (4.10-rc8) [34b2cef20f19c87999fff3da4071e66937db9644]
+4.9-upstream-stable: released (4.9.11) [f5b54446630a973e1f27b68599366bbd0ac53066]
+3.16-upstream-stable: released (3.16.41) [ipv4-keep-skb-dst-around-in-presence-of-ip-options.patch]
+3.2-upstream-stable: released (3.2.88) [ipv4-keep-skb-dst-around-in-presence-of-ip-options.patch]
+sid: released (4.9.10-1) [bugfix/all/ipv4-keep-skb-dst-around-in-presence-of-IP-options.patch]
+3.16-jessie-security: released (3.16.39-1+deb8u1) [bugfix/all/ipv4-keep-skb-dst-around-in-presence-of-ip-options.patch]
+3.2-wheezy-security: released (3.2.88-1)
-- 
cgit v1.2.3