retire more issues

1 files changed, 23 insertions, 0 deletions

diff --git a/retired/CVE-2018-14641 b/retired/CVE-2018-14641
new file mode 100644
index 00000000..f53ec377
--- /dev/null
+++ b/retired/CVE-2018-14641
@@ -0,0 +1,23 @@
+Description: ip: frags: fix crash in ip_do_fragment()
+References:
+ https://www.openwall.com/lists/oss-security/2018/09/18/1
+ https://bugzilla.redhat.com/show_bug.cgi?id=1629636
+Notes:
+ carnil> fa0f527358bd (4.19-rc1) is the introducing commit
+ carnil> beeing part of the (upstream) fixes for CVE-2018-5391.
+ carnil> There is no stable release which backported this
+ carnil> (without) 5d407b071dc3. In fact not yet either in
+ carnil> a 4.18.x or 4.9.x.
+ carnil> When upstream fixes for CVE-2018-5391 land in Debian
+ carnil> branch or are in a stable version, then 5d407b071dc3
+ carnil> needs to be added to not make the CVE-2018-14641
+ carnil> open.
+ carnil> For experimental suite technically it was affected
+ carnil> and fixed though with 4.19~rc4-1~exp1 upload.
+Bugs:
+upstream: released (4.19-rc4) [5d407b071dc369c26a38398326ee2be53651cfe4]
+4.9-upstream-stable: N/A "fa0f527358bd not backported"
+3.16-upstream-stable: N/A "fa0f527358bd not backported"
+sid: N/A "Vulnerable code not present"
+4.9-stretch-security: N/A "Vulnerable code not present"
+3.16-jessie-security: N/A "Vulnerable code not present"