diff options
| author | Moritz Muehlenhoff <jmm@debian.org> | 2007-05-27 15:33:24 +0000 |
|---|---|---|
| committer | Moritz Muehlenhoff <jmm@debian.org> | 2007-05-27 15:33:24 +0000 |
| commit | 1ddc19aa57a95daa3360f75d53531b61c3172982 (patch) | |
| tree | bb7da21f8e2535343bed301167d4d84598cfe1db | |
| parent | c20a11308ef3d5af7a6584f52994e1939d4c3a0e (diff) | |
ignore CVE-2007-1217
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@839 e094ebfe-e918-0410-adfb-c712417f3574
| -rw-r--r-- | ignored/CVE-2007-1217 (renamed from active/CVE-2007-1217) | 0 | ||||
| -rw-r--r-- | retired/CVE-2006-2275 | 21 | ||||
| -rw-r--r-- | retired/CVE-2006-6058 | 26 |
3 files changed, 47 insertions, 0 deletions
diff --git a/active/CVE-2007-1217 b/ignored/CVE-2007-1217 index d7e29322..d7e29322 100644 --- a/active/CVE-2007-1217 +++ b/ignored/CVE-2007-1217 diff --git a/retired/CVE-2006-2275 b/retired/CVE-2006-2275 new file mode 100644 index 00000000..49751f59 --- /dev/null +++ b/retired/CVE-2006-2275 @@ -0,0 +1,21 @@ +Candidate: CVE-2006-2275 +References: + http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7c3ceb4fb9667f34f1599a062efecf4cdc4a4ce5 +Description: + Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a + denial of service (deadlock) via a large number of small messages + to a receiver application that cannot process the messages quickly + enough, which leads to "spillover of the receive buffer." +Notes: + jmm> Seems like an ABI-breaker, the sctp_chunk struct is changed in the + jmm> upstream fix, this issue alone is not worth an ABI bump, a fix will + jmm> be postponed for now + jmm> For Sarge we'll ignore it, as it was only available under CONFIG_EXPERIMENTAL + jmm> and not suitable for production use anyway +Bugs: +upstream: released (2.6.16.15) +linux-2.6: released (2.6.16-13) +2.6.8-sarge-security: ignored +2.4.27-sarge-security: ignored +2.6.18-etch-security: N/A + diff --git a/retired/CVE-2006-6058 b/retired/CVE-2006-6058 new file mode 100644 index 00000000..f3610b89 --- /dev/null +++ b/retired/CVE-2006-6058 @@ -0,0 +1,26 @@ +Candidate: CVE-2006-6058 +References: + MISC:http://projects.info-pull.com/mokb/MOKB-17-11-2006.html + FRSIRT:ADV-2006-4613 + URL:http://www.frsirt.com/english/advisories/2006/4613 + SECUNIA:23034 + URL:http://secunia.com/advisories/23034 +Description: + The minix filesystem code in Linux kernel 2.6.x up to 2.6.18, and possibly + other versions, allows local users to cause a denial of service (hang) via a + malformed minix file stream that triggers an infinite loop in the minix_bmap + function. NOTE: this issue might be due to an integer overflow or signedness + error. +Ubuntu-Description: +Notes: + dannf> ignored for sarge for now - only applies under very rare circumstances + and don't know if there's an upstream fix + jmm> We can ignore this, it has no practical ramifications +Bugs: +upstream: +linux-2.6: ignored +2.6.18-etch-security: ignored +2.6.8-sarge-security: ignored +2.4.27-sarge-security: ignored +2.6.15-dapper-security: needed +2.6.17-edgy-security: needed |