retire all issues that have been fixed upstream and in all listed kernels that are affected

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@600 e094ebfe-e918-0410-adfb-c712417f3574
author: dann frazier <dannf@debian.org> 2006-09-26 05:25:01 +0000
committer: dann frazier <dannf@debian.org> 2006-09-26 05:25:01 +0000
commit: b5dff88447542aeaeb052e46ac5a81f56b13b47b (patch)
tree: f208d9fb748aff5b1a6082182f77bd7a1bb2df9b /retired/CVE-2006-1343
parent: 708584120cba90a6f017432e2ee45d9c5c1859dc (diff)
1 files changed, 18 insertions, 0 deletions
diff --git a/retired/CVE-2006-1343 b/retired/CVE-2006-1343
new file mode 100644
index 00000000..268db464
--- /dev/null
+++ b/retired/CVE-2006-1343
@@ -0,0 +1,18 @@
+Candidate: CVE-2006-1343
+References:
+ http://marc.theaimsgroup.com/?l=linux-netdev&m=114148078223594&w=2
+Description: 
+ net/ipv4/netfilter/ip_conntrack_core.c in Linux kernel 2.4 and 2.6, and
+ possibly net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c in 2.6, does not
+ clear sockaddr_in.sin_zero before returning IPv4 socket names from the
+ getsockopt function with SO_ORIGINAL_DST, which allows local users to
+ obtain portions of potentially sensitive memory.
+Notes: 
+ troyh> This isn't fixed upstream in 2.6 yet, at least not in the same way as 2.4
+ dannf> marking ignored for sarge3/2.6 due to ^^
+ jmm> It's now fixed upstream in 2.6 as well, let's include it in sarge4
+Bugs: 
+upstream: released (2.4.33-pre3), released (2.6.16.19)
+linux-2.6: released (2.6.16-15)
+2.6.8-sarge-security: released (2.6.8-16sarge5) [netfilter-SO_ORIGINAL_DST-leak.dpatch]
+2.4.27-sarge-security: released (2.4.27-10sarge3) [212_ipv4-sin_zero_clear.diff]
author	dann frazier <dannf@debian.org>	2006-09-26 05:25:01 +0000
committer	dann frazier <dannf@debian.org>	2006-09-26 05:25:01 +0000
commit	b5dff88447542aeaeb052e46ac5a81f56b13b47b (patch)
tree	f208d9fb748aff5b1a6082182f77bd7a1bb2df9b /retired/CVE-2006-1343
parent	708584120cba90a6f017432e2ee45d9c5c1859dc (diff)