Retire many issues now released (or N/A or ignored) in all branches

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@5001 e094ebfe-e918-0410-adfb-c712417f3574

1 files changed, 22 insertions, 0 deletions

diff --git a/retired/CVE-2012-6704 b/retired/CVE-2012-6704
new file mode 100644
index 00000000..38f08b67
--- /dev/null
+++ b/retired/CVE-2012-6704
@@ -0,0 +1,22 @@
+Description: net: Negative socket receive buffer size permitted
+References:
+Notes:
+ bwh> Prior to commit 82981930125a "net: cleanups in sock_setsockopt()":
+ bwh> - The comparison with SOCK_MIN_SNDBUF used type int, so it
+ bwh>   rejected negative values
+ bwh> - The comparison with SOCK_MIN_RCVBUF used type size_t, so it did
+ bwh>   *not* reject negative values
+ bwh> - The comparisons of val with sysctl_wmem_max used type u32, so
+ bwh>   they rejected negative values *unless* sysctl_wmem_max >=
+ bwh>   1 << 30 (and why would you set it that high?!)
+ bwh> So it was possible to set a negative value for sock::sk_rcvbuf
+ bwh> through SO_RCVBUFFORCE (escalation from CAP_NET_ADMIN to kernel)
+ bwh> or through SO_RCVBUF (escalation from user to kernel) iff
+ bwh> sysctl_wmem_max was large enough.
+Bugs:
+upstream: released (3.5-rc1) [82981930125abfd39d7c8378a9cfdf5e1be2002b]
+3.16-upstream-stable: N/A "Fixed before initial 3.16 release"
+3.2-upstream-stable: released (3.2.85) [net-cleanups-in-sock_setsockopt.patch]
+sid: released (3.8.11-1)
+3.16-jessie-security: N/A "Fixed before initial 3.16 release"
+3.2-wheezy-security: released (3.2.84-1) [bugfix/all/net-cleanups-in-sock_setsockopt.patch]