From d6ce9ee6d4c958926ec6efa83eb940d75c80c0bc Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Wed, 20 Sep 2017 20:36:39 +0000 Subject: Retire issues that are now released, N/A, or ignored in all branches git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@5589 e094ebfe-e918-0410-adfb-c712417f3574 --- retired/CVE-2017-7558 | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 retired/CVE-2017-7558 (limited to 'retired/CVE-2017-7558') diff --git a/retired/CVE-2017-7558 b/retired/CVE-2017-7558 new file mode 100644 index 00000000..75035d11 --- /dev/null +++ b/retired/CVE-2017-7558 @@ -0,0 +1,19 @@ +Description: sctp: out-of-bounds read in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() +References: + http://www.openwall.com/lists/oss-security/2017/08/23/1 + https://marc.info/?t=150348787500002&r=1&w=2 +Notes: + carnil> proposed patch in https://marc.info/?l=linux-netdev&m=150348777122761&w=2 + carnil> the bug is said to be present from 4.7-rc1 on wards, but needs to be + carnil> checked if we have otherwise backport the issue + bwh> The sctp_diag code was added in 4.7 and we did not backport it. +Bugs: + https://bugzilla.redhat.com/show_bug.cgi?id=1480266 +upstream: released (4.13) [ee6c88bb754e3d363e568da78086adfedb692447] +4.9-upstream-stable: released (4.9.51) [08d56d8a99bb82e134ba7704e4cfdabbcc16fc4f] +3.16-upstream-stable: N/A "Vulnerable code not present" +3.2-upstream-stable: N/A "Vulnerable code not present" +sid: released (4.12.13-1) [bugfix/all/sctp-Avoid-out-of-bounds-reads-from-address-storage.patch] +4.9-stretch-security: released (4.9.30-2+deb9u4) [bugfix/all/sctp-Avoid-out-of-bounds-reads-from-address-storage.patch] +3.16-jessie-security: N/A "Vulnerable code not present" +3.2-wheezy-security: N/A "Vulnerable code not present" -- cgit v1.2.3