Retire CVE-2013-1858 with an explanation of why it doesn't matter to earlier versions

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@2870 e094ebfe-e918-0410-adfb-c712417f3574
author: Ben Hutchings <benh@debian.org> 2013-03-18 03:56:02 +0000
committer: Ben Hutchings <benh@debian.org> 2013-03-18 03:56:02 +0000
commit: bae0523bf48cec05cb6e0913363a0f758193e99c (patch)
tree: 9f691fc09ec496ab3787b54108b02833b062da1d /retired/CVE-2013-1858
parent: 763085dd11a233bebf48d60837f16ffc435b5993 (diff)
1 files changed, 12 insertions, 0 deletions
diff --git a/retired/CVE-2013-1858 b/retired/CVE-2013-1858
new file mode 100644
index 00000000..27b6250a
--- /dev/null
+++ b/retired/CVE-2013-1858
@@ -0,0 +1,12 @@
+Description: userns: Don't allow CLONE_NEWUSER | CLONE_FS
+References:
+ http://stealth.openwall.net/xSports/clown-newuser.c
+Notes:
+ Prior to 3.8, CLONE_NEWUSER required CAP_SYS_ADMIN && CAP_SETUID &&
+ CAP_SETGID, so no privilege escalation is possible.
+Bugs:
+upstream: pending [e66eded8309ebf679d3d3c1f5820d1f2ca332c71]
+2.6.32-upstream-stable: N/A
+sid: N/A
+2.6.32-squeeze-security: N/A
+3.2-upstream-stable: N/A
author	Ben Hutchings <benh@debian.org>	2013-03-18 03:56:02 +0000
committer	Ben Hutchings <benh@debian.org>	2013-03-18 03:56:02 +0000
commit	bae0523bf48cec05cb6e0913363a0f758193e99c (patch)
tree	9f691fc09ec496ab3787b54108b02833b062da1d /retired/CVE-2013-1858
parent	763085dd11a233bebf48d60837f16ffc435b5993 (diff)