retire CVE-2006-2935

more etch updates


git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@771 e094ebfe-e918-0410-adfb-c712417f3574

1 files changed, 25 insertions, 0 deletions

diff --git a/retired/CVE-2006-2935 b/retired/CVE-2006-2935
new file mode 100644
index 00000000..3a997ebd
--- /dev/null
+++ b/retired/CVE-2006-2935
@@ -0,0 +1,25 @@
+Candidate: CVE-2006-2935
+References: 
+ http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=454d6fbc48374be8f53b9bafaa86530cf8eb3bc1
+Description: 
+ The dvd_read_bca function in the DVD handling code in drivers/cdrom/cdrom.c
+ in Linux kernel 2.2.16, and later versions, assigns the wrong value to a
+ length variable, which allows local users to execute arbitrary code via a
+ crafted USB Storage device that triggers a buffer overflow.
+Ubuntu-Description:
+ A buffer overflow has been discovered in the dvd_read_bca() function.
+ By inserting a specially crafted DVD, USB stick, or similar
+ automatically mounted removable device, a local user could crash the
+ machine or potentially even execute arbitrary code with full root
+ privileges.
+Notes: 
+ dannf> Submitted to Adrian Bunk for inclusion in 2.6.16.y
+Bugs: 
+upstream: released (2.6.17.7)
+linux-2.6: released (2.6.17-5)
+2.6.8-sarge-security: released (2.6.8-16sarge5) [cdrom-bad-cgc.buflen-assign.dpatch]
+2.4.27-sarge-security: released (2.4.27-10sarge4) [224_cdrom-bad-cgc.buflen-assign.diff]
+2.6.10-hoary-security: released (2.6.10-34.23)
+2.6.12-breezy-security: released (2.6.12-10.37)
+2.6.15-dapper-security: released (2.6.15-26.46)
+2.6.17-edgy: released (2.6.17-10.30)