retiring inactive CVEs

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@939 e094ebfe-e918-0410-adfb-c712417f3574

1 files changed, 26 insertions, 0 deletions

diff --git a/retired/CVE-2007-3642 b/retired/CVE-2007-3642
new file mode 100644
index 00000000..f8c7d5be
--- /dev/null
+++ b/retired/CVE-2007-3642
@@ -0,0 +1,26 @@
+Candidate: CVE-2007-3642
+References: 
+ http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=25845b5155b55cd77e42655ec24161ba3feffa47
+ http://patchwork.netfilter.org/netfilter-devel/patch.pl?id=499
+Description:
+ The decode_choice function in net/netfilter/nf_conntrack_h323_asn1.c
+ in the Linux kernel before 2.6.20.15, 2.6.21.x before 2.6.21.6, and
+ before 2.6.22 allows remote attackers to cause a denial of service
+ (crash) via an encoded, out-of-range index value for a choice field,
+ which triggers a NULL pointer dereference.
+Ubuntu-Description: 
+ Zhongling Wen discovered that the h323 conntrack handler did not correctly
+ handle certain bitfields.  A remote attacker could send a specially crafted
+ packet and cause a denial of service.
+Notes: 
+ pkl> [NETFILTER]: nf_conntrack_h323: add checking of out-of-range on choices' index values
+ dannf> file got renamed between 2.6.18 & 2.6.21
+Bugs: 
+upstream: 
+linux-2.6: released (2.6.21-6) [bugfix/all/stable/2.6.21.6.patch]
+2.6.18-etch-security: released (2.6.18.dfsg.1-13etch1) [bugfix/nf_conntrack_h323-bounds-checking.patch]
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.6.15-dapper-security:  N/A - code doesn't seem to exist
+2.6.17-edgy-security: N/A - code doesn't seem to exist
+2.6.20-feisty-security: released (2.6.20-16.31) [c411287f75b34e8cbeba8e7832c4cf1c235e8568]