[kernel-sec-discuss] r5030 - active retired

[Salvatore Bonaccorso]

Author: carnil
Date: 2017-02-27 20:43:45 +0000 (Mon, 27 Feb 2017)
New Revision: 5030

Added:
   retired/CVE-2017-5897
   retired/CVE-2017-6074
Removed:
   active/CVE-2017-5897
   active/CVE-2017-6074
Log:
Retire two CVEs which are fixed everywhere

Deleted: active/CVE-2017-5897
===================================================================
--- active/CVE-2017-5897	2017-02-27 20:41:36 UTC (rev 5029)
+++ active/CVE-2017-5897	2017-02-27 20:43:45 UTC (rev 5030)
@@ -1,11 +0,0 @@
-Description: ip6_gre: invalid reads in ip6gre_err()
-References:
-Notes:
-Bugs:
-upstream: released (4.10-rc8) [7892032cfe67f4bde6fc2ee967e45a8fbaf33756]
-4.9-upstream-stable: released (4.9.11) [ae1768bbbc469b75662c6714957fe5886cc960c4]
-3.16-upstream-stable: released (3.16.41) [ip6_gre-fix-ip6gre_err-invalid-reads.patch]
-3.2-upstream-stable: N/A "Vulnerable code introduced in 3.7-rc1 with c12b395a46646bab69089ce7016ac78177f6001f"
-sid: released (4.9.13-1)
-3.16-jessie-security: released (3.16.39-1+deb8u1) [bugfix/all/ip6_gre-fix-ip6gre_err-invalid-reads.patch]
-3.2-wheezy-security: N/A "Vulnerable code not present"

Deleted: active/CVE-2017-6074
===================================================================
--- active/CVE-2017-6074	2017-02-27 20:41:36 UTC (rev 5029)
+++ active/CVE-2017-6074	2017-02-27 20:43:45 UTC (rev 5030)
@@ -1,12 +0,0 @@
-Description: dccp: fix freeing skb too early for IPV6_RECVPKTINFO
-References:
-Notes:
- carnil> bwh disabled dccp auto-loading in 4.9.10-1
-Bugs:
-upstream: released (4.10) [5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4]
-4.9-upstream-stable: released (4.9.13) [171d92a9d915d238e05285ca67faf30f554d7df7]
-3.16-upstream-stable: released (3.16.41) [dccp-fix-freeing-skb-too-early-for-ipv6_recvpktinfo.patch]
-3.2-upstream-stable: released (3.2.86) [dccp-fix-freeing-skb-too-early-for-ipv6_recvpktinfo.patch]
-sid: released (4.9.13-1)
-3.16-jessie-security: released (3.16.39-1+deb8u1) [bugfix/all/dccp-fix-freeing-skb-too-early-for-IPV6_RECVPKTINFO.patch]
-3.2-wheezy-security: released (3.2.84-2) [bugfix/all/dccp-fix-freeing-skb-too-early-for-IPV6_RECVPKTINFO.patch]

Copied: retired/CVE-2017-5897 (from rev 5029, active/CVE-2017-5897)
===================================================================
--- retired/CVE-2017-5897	                        (rev 0)
+++ retired/CVE-2017-5897	2017-02-27 20:43:45 UTC (rev 5030)
@@ -0,0 +1,11 @@
+Description: ip6_gre: invalid reads in ip6gre_err()
+References:
+Notes:
+Bugs:
+upstream: released (4.10-rc8) [7892032cfe67f4bde6fc2ee967e45a8fbaf33756]
+4.9-upstream-stable: released (4.9.11) [ae1768bbbc469b75662c6714957fe5886cc960c4]
+3.16-upstream-stable: released (3.16.41) [ip6_gre-fix-ip6gre_err-invalid-reads.patch]
+3.2-upstream-stable: N/A "Vulnerable code introduced in 3.7-rc1 with c12b395a46646bab69089ce7016ac78177f6001f"
+sid: released (4.9.13-1)
+3.16-jessie-security: released (3.16.39-1+deb8u1) [bugfix/all/ip6_gre-fix-ip6gre_err-invalid-reads.patch]
+3.2-wheezy-security: N/A "Vulnerable code not present"

Copied: retired/CVE-2017-6074 (from rev 5029, active/CVE-2017-6074)
===================================================================
--- retired/CVE-2017-6074	                        (rev 0)
+++ retired/CVE-2017-6074	2017-02-27 20:43:45 UTC (rev 5030)
@@ -0,0 +1,12 @@
+Description: dccp: fix freeing skb too early for IPV6_RECVPKTINFO
+References:
+Notes:
+ carnil> bwh disabled dccp auto-loading in 4.9.10-1
+Bugs:
+upstream: released (4.10) [5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4]
+4.9-upstream-stable: released (4.9.13) [171d92a9d915d238e05285ca67faf30f554d7df7]
+3.16-upstream-stable: released (3.16.41) [dccp-fix-freeing-skb-too-early-for-ipv6_recvpktinfo.patch]
+3.2-upstream-stable: released (3.2.86) [dccp-fix-freeing-skb-too-early-for-ipv6_recvpktinfo.patch]
+sid: released (4.9.13-1)
+3.16-jessie-security: released (3.16.39-1+deb8u1) [bugfix/all/dccp-fix-freeing-skb-too-early-for-IPV6_RECVPKTINFO.patch]
+3.2-wheezy-security: released (3.2.84-2) [bugfix/all/dccp-fix-freeing-skb-too-early-for-IPV6_RECVPKTINFO.patch]