ignore CVE-2007-1217

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@839 e094ebfe-e918-0410-adfb-c712417f3574
author: Moritz Muehlenhoff <jmm@debian.org> 2007-05-27 15:33:24 +0000
committer: Moritz Muehlenhoff <jmm@debian.org> 2007-05-27 15:33:24 +0000
commit: 1ddc19aa57a95daa3360f75d53531b61c3172982 (patch)
tree: bb7da21f8e2535343bed301167d4d84598cfe1db /retired/CVE-2006-2275
parent: c20a11308ef3d5af7a6584f52994e1939d4c3a0e (diff)
1 files changed, 21 insertions, 0 deletions
diff --git a/retired/CVE-2006-2275 b/retired/CVE-2006-2275
new file mode 100644
index 00000000..49751f59
--- /dev/null
+++ b/retired/CVE-2006-2275
@@ -0,0 +1,21 @@
+Candidate: CVE-2006-2275
+References: 
+ http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7c3ceb4fb9667f34f1599a062efecf4cdc4a4ce5 
+Description: 
+ Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a
+ denial of service (deadlock) via a large number of small messages
+ to a receiver application that cannot process the messages quickly
+ enough, which leads to "spillover of the receive buffer."
+Notes: 
+ jmm> Seems like an ABI-breaker, the sctp_chunk struct is changed in the
+ jmm> upstream fix, this issue alone is not worth an ABI bump, a fix will
+ jmm> be postponed for now
+ jmm> For Sarge we'll ignore it, as it was only available under CONFIG_EXPERIMENTAL
+ jmm> and not suitable for production use anyway
+Bugs: 
+upstream: released (2.6.16.15)
+linux-2.6: released (2.6.16-13)
+2.6.8-sarge-security: ignored
+2.4.27-sarge-security: ignored
+2.6.18-etch-security: N/A
+
author	Moritz Muehlenhoff <jmm@debian.org>	2007-05-27 15:33:24 +0000
committer	Moritz Muehlenhoff <jmm@debian.org>	2007-05-27 15:33:24 +0000
commit	1ddc19aa57a95daa3360f75d53531b61c3172982 (patch)
tree	bb7da21f8e2535343bed301167d4d84598cfe1db /retired/CVE-2006-2275
parent	c20a11308ef3d5af7a6584f52994e1939d4c3a0e (diff)