From 27b3d6a80bd2f514d34d033cf2bd02f4e3145ad7 Mon Sep 17 00:00:00 2001
From: Ben Hutchings <ben@decadent.org.uk>
Date: Thu, 28 Mar 2019 01:50:09 +0000
Subject: Retire inactive issues

---
 retired/CVE-2018-19407 | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 retired/CVE-2018-19407

(limited to 'retired/CVE-2018-19407')

diff --git a/retired/CVE-2018-19407 b/retired/CVE-2018-19407
new file mode 100644
index 00000000..4d1d62de
--- /dev/null
+++ b/retired/CVE-2018-19407
@@ -0,0 +1,16 @@
+Description: KVM: X86: Fix scan ioapic use-before-initialization
+References:
+ https://lkml.org/lkml/2018/11/20/580
+Notes:
+ carnil> Introduced by 3d81bc7e96d6bca0b8f8b7d1bf6ea72caa3aac57 (3.10-rc1)
+ bwh> I'm fairly sure this is impossible before commit 5c919412fe61
+ bwh> "kvm/x86: Hyper-V synthetic interrupt controller" (4.5-rc1).  The
+ bwh> reproducer didn't work for me on either 3.16 or 4.9.
+Bugs:
+upstream: released (4.20-rc5) [e97f852fd4561e77721bb9a4e0ea9d98305b1e93]
+4.19-upstream-stable: released (4.19.7) [61c42d657c859ccc95e53afdac64f73a0053b8ea]
+4.9-upstream-stable: released (4.9.143) [3a468e8e5a6124523e2e94c33866c609cc914876]
+3.16-upstream-stable: N/A "Vulnerable code not present"
+sid: released (4.19.9-1)
+4.9-stretch-security: released (4.9.144-1)
+3.16-jessie-security: N/A "Vulnerable code not present"
-- 
cgit v1.2.3