move retired to the top level hierarchy so people can easily checkout just the active issues

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@548 e094ebfe-e918-0410-adfb-c712417f3574

1 files changed, 38 insertions, 0 deletions

diff --git a/retired/CVE-2006-1242 b/retired/CVE-2006-1242
new file mode 100644
index 00000000..08a09c4a
--- /dev/null
+++ b/retired/CVE-2006-1242
@@ -0,0 +1,38 @@
+Candidate: CVE-2006-1242
+References: 
+http://www.kernel.org/git/gitweb.cgi?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1a55d57b107c3e06935763905dc0fb235214569d
+Description: 
+ [TCP]: Do not use inet->id of global tcp_socket when sending RST.
+ . 
+ The problem is in ip_push_pending_frames(), which uses:
+ .          if (!df) {
+ .                  __ip_select_ident(iph, &rt->u.dst, 0);
+ .          } else {
+ .                  iph->id = htons(inet->id++);
+ .          }
+ .
+ instead of ip_select_ident().
+ .
+ Right now I think the code is a nonsense. Most likely, I copied it from
+ old ip_build_xmit(), where it was really special, we had to decide
+ whether to generate unique ID when generating the first (well, the last)
+ fragment.
+ .
+ In ip_push_pending_frames() it does not make sense, it should use plain
+ ip_select_ident() instead.
+Notes: 
+ jmm> 2.4 doesn't seem to be affected, but I'd prefer a second look before
+ jmm> marking it N/A
+ .
+ dannf> troyh gave me a patch for 2.4, so I guess it is affected
+Bugs: 
+upstream: released (2.6.16.1)
+linux-2.6: released (2.6.16-4)
+2.6.8-sarge-security: released (2.6.8-16sarge3)
+2.4.27-sarge-security: released (2.4.27-10sarge3)
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: