diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2007-05-27 15:33:24 +0000 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2007-05-27 15:33:24 +0000 |
commit | 1ddc19aa57a95daa3360f75d53531b61c3172982 (patch) | |
tree | bb7da21f8e2535343bed301167d4d84598cfe1db /retired/CVE-2006-2275 | |
parent | c20a11308ef3d5af7a6584f52994e1939d4c3a0e (diff) |
ignore CVE-2007-1217
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@839 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'retired/CVE-2006-2275')
-rw-r--r-- | retired/CVE-2006-2275 | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/retired/CVE-2006-2275 b/retired/CVE-2006-2275 new file mode 100644 index 00000000..49751f59 --- /dev/null +++ b/retired/CVE-2006-2275 @@ -0,0 +1,21 @@ +Candidate: CVE-2006-2275 +References: + http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7c3ceb4fb9667f34f1599a062efecf4cdc4a4ce5 +Description: + Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a + denial of service (deadlock) via a large number of small messages + to a receiver application that cannot process the messages quickly + enough, which leads to "spillover of the receive buffer." +Notes: + jmm> Seems like an ABI-breaker, the sctp_chunk struct is changed in the + jmm> upstream fix, this issue alone is not worth an ABI bump, a fix will + jmm> be postponed for now + jmm> For Sarge we'll ignore it, as it was only available under CONFIG_EXPERIMENTAL + jmm> and not suitable for production use anyway +Bugs: +upstream: released (2.6.16.15) +linux-2.6: released (2.6.16-13) +2.6.8-sarge-security: ignored +2.4.27-sarge-security: ignored +2.6.18-etch-security: N/A + |