Retire several CVEs

author: Salvatore Bonaccorso <carnil@debian.org> 2018-07-14 16:17:43 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2018-07-14 16:17:43 +0200
commit: 75e31d6511c043ea84ab413b0a595d860367cd89 (patch)
tree: 777571a45e5fdba0861b3c734d6ac554b706357a /retired/CVE-2018-9415
parent: 81f63b8fb3fdb033e956a9c74843a43c1edc2faf (diff)
1 files changed, 19 insertions, 0 deletions
diff --git a/retired/CVE-2018-9415 b/retired/CVE-2018-9415
new file mode 100644
index 00000000..6615fa00
--- /dev/null
+++ b/retired/CVE-2018-9415
@@ -0,0 +1,19 @@
+Description:
+References:
+ https://source.android.com/security/bulletin/pixel/2018-07-01
+ https://patchwork.kernel.org/patch/9946759/
+Notes:
+ jmm> Unclear, might affect drivers/amba in some way?
+ bwh> The Android bulletin links to a patch for PCI that *wasn't*
+ bwh> applied upstream (and isn't needed), but based on the
+ bwh> description as "AMBA driver" I found what I think is the actual
+ bwh> upstream fix.
+ bwh> Introduced in Linux 4.0 by commit 3cf385713460 "ARM: 8256/1:
+ bwh> driver coamba: add device binding path 'driver_override'".
+Bugs:
+upstream: released (4.17-rc3) [d2ffed5185df9d8d9ccd150e4340e3b6f96a8381]
+4.9-upstream-stable: released (4.9.98) [8970c12ac9b917b27e42c0537ab7fce0357f0cf3]
+3.16-upstream-stable: N/A "Vulnerable code not present"
+sid: released (4.16.12-1)
+4.9-stretch-security: released (4.9.107-1)
+3.16-jessie-security: N/A "Vulnerable code not present"
author	Salvatore Bonaccorso <carnil@debian.org>	2018-07-14 16:17:43 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2018-07-14 16:17:43 +0200
commit	75e31d6511c043ea84ab413b0a595d860367cd89 (patch)
tree	777571a45e5fdba0861b3c734d6ac554b706357a /retired/CVE-2018-9415
parent	81f63b8fb3fdb033e956a9c74843a43c1edc2faf (diff)