From 8bfb209d5e69840ff41c55a3bcfb8314ddee0889 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Wed, 27 Sep 2017 13:26:38 +0000
Subject: Retire CVE-2017-9059

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@5600 e094ebfe-e918-0410-adfb-c712417f3574
---
 retired/CVE-2017-9059 | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 retired/CVE-2017-9059

(limited to 'retired/CVE-2017-9059')

diff --git a/retired/CVE-2017-9059 b/retired/CVE-2017-9059
new file mode 100644
index 00000000..e17ea008
--- /dev/null
+++ b/retired/CVE-2017-9059
@@ -0,0 +1,19 @@
+Description: Module reference leak due to improper shut down of callback channel on umount
+References:
+ https://www.spinics.net/lists/linux-nfs/msg63334.html
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c70422f760c120480fee4de6c38804c72aa26bc1
+Notes:
+ bwh> Upstream fix says this was introduced by commit bb6aeba736ba
+ bwh> "NFSv4.x: Switch to using svc_set_num_threads() to manage the callback
+ bwh> threads" in 4.9.
+Bugs:
+ https://bugzilla.redhat.com/show_bug.cgi?id=1451386
+ https://bugs.debian.org/863550
+upstream: released (4.12-rc1) [9e0d87680d689f1758185851c3da6eafb16e71e1, ed6473ddc704a2005b9900ca08e236ebb2d8540a]
+4.9-upstream-stable: released (4.9.52) [d9f9b83539ab9b1ebb5cbdfa0a5a9994e20e6a0d, f609266b12d214437cf9d68245dc27f8d4f69836]
+3.16-upstream-stable: N/A "Vulnerable code not present"
+3.2-upstream-stable: N/A "Vulnerable code not present"
+sid: released (4.9.30-1) [bugfix/all/sunrpc-refactor-svc_set_num_threads.patch, bugfix/all/nfsv4-fix-callback-server-shutdown.patch]
+4.9-stretch-security: N/A "Fixed before branching point"
+3.16-jessie-security: N/A "Vulnerable code not present"
+3.2-wheezy-security: N/A "Vulnerable code not present"
-- 
cgit v1.2.3