retire

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@3387 e094ebfe-e918-0410-adfb-c712417f3574
author: Moritz Muehlenhoff <jmm@debian.org> 2014-06-11 13:13:47 +0000
committer: Moritz Muehlenhoff <jmm@debian.org> 2014-06-11 13:13:47 +0000
commit: a9c0b7269813ae311bf762551b55cb6701e945e7 (patch)
tree: 4382593b263e1f5341d9c111dc6978b3be15d84a /retired/CVE-2014-2851
parent: c101451b73751d0a4c54be6682632aca5a236763 (diff)
1 files changed, 14 insertions, 0 deletions
diff --git a/retired/CVE-2014-2851 b/retired/CVE-2014-2851
new file mode 100644
index 00000000..b4f5b7a0
--- /dev/null
+++ b/retired/CVE-2014-2851
@@ -0,0 +1,14 @@
+Description: memory leak in ping
+References:
+ https://lkml.org/lkml/2014/4/10/736
+Notes:
+ raphael: Appears to have been introduced with the support for IPPROTO_ICMP in 3.0-rc1
+ bwh> Bug is in permission checks for creating ping sockets, so is exploitable
+ bwh> even though the default permissions prevent them being created.
+Bugs:
+upstream: released (3.15-rc2) [b04c46190219a4f845e46a459e3102137b7f6cac]
+2.6.32-upstream-stable: N/A "Vulnerable code not present"
+sid: released (3.14.4-1) [bugfix/all/net-ipv4-current-group_info-should-be-put-after-usin.patch]
+3.2-wheezy-security: released (3.2.57-3+deb7u1) [bugfix/all/net-ipv4-current-group_info-should-be-put-after-usin.patch]
+2.6.32-squeeze-security: N/A "Vulnerable code not present"
+3.2-upstream-stable: released (3.2.60)
author	Moritz Muehlenhoff <jmm@debian.org>	2014-06-11 13:13:47 +0000
committer	Moritz Muehlenhoff <jmm@debian.org>	2014-06-11 13:13:47 +0000
commit	a9c0b7269813ae311bf762551b55cb6701e945e7 (patch)
tree	4382593b263e1f5341d9c111dc6978b3be15d84a /retired/CVE-2014-2851
parent	c101451b73751d0a4c54be6682632aca5a236763 (diff)