retire

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@3532 e094ebfe-e918-0410-adfb-c712417f3574
author: Moritz Muehlenhoff <jmm@debian.org> 2014-11-06 10:41:47 +0000
committer: Moritz Muehlenhoff <jmm@debian.org> 2014-11-06 10:41:47 +0000
commit: 13587c183ef1725c767cc312e4c3934f2316bd3a (patch)
tree: 108fd17d8a46c579f7dda5cca49140110951a456 /retired/CVE-2014-7207
parent: c952b36a4a74e7c01660d4f084cce58f53bab193 (diff)
1 files changed, 18 insertions, 0 deletions
diff --git a/retired/CVE-2014-7207 b/retired/CVE-2014-7207
new file mode 100644
index 00000000..4ac93655
--- /dev/null
+++ b/retired/CVE-2014-7207
@@ -0,0 +1,18 @@
+Description: Denial of service by sending IPv6 UFO packet through tap
+References:
+Notes:
+ bwh> Bug was introduced in 3.2.63 (and 3.4.101) by the backport of
+ bwh> commit 73f156a6e8c1 ("inetpeer: get rid of ip_id_count") which
+ bwh> assumes ipv6_select_ident() is called with a non-null struct
+ bwh> rt6_info pointer.  That was not true as they were missing commit
+ bwh> 916e4cf46d02 ("ipv6: reuse ip6_frag_id from ip6_ufo_append_data").
+ bwh> Neither the upstream kernel nor any other stable branch had this
+ bwh> bug.
+Bugs: #766195
+upstream: N/A
+2.6.32-upstream-stable: N/A
+sid: N/A
+3.2-wheezy-security: released (3.2.63-2+deb7u1) [bugfix/all/ipv6-reuse-ip6_frag_id-from-ip6_ufo_append_data.patch]
+2.6.32-squeeze-security: N/A
+3.16-upstream-stable: N/A
+3.2-upstream-stable: released (3.2.64)
author	Moritz Muehlenhoff <jmm@debian.org>	2014-11-06 10:41:47 +0000
committer	Moritz Muehlenhoff <jmm@debian.org>	2014-11-06 10:41:47 +0000
commit	13587c183ef1725c767cc312e4c3934f2316bd3a (patch)
tree	108fd17d8a46c579f7dda5cca49140110951a456 /retired/CVE-2014-7207
parent	c952b36a4a74e7c01660d4f084cce58f53bab193 (diff)