From 8290df912ecbf23e19610e57952fc68c45d59103 Mon Sep 17 00:00:00 2001
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Mon, 30 Apr 2007 17:04:40 +0000
Subject: retire two more issues record upstream fix

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@773 e094ebfe-e918-0410-adfb-c712417f3574
---
 active/CVE-2006-5619  | 23 -----------------------
 active/CVE-2006-5701  | 35 -----------------------------------
 active/CVE-2006-5755  |  2 +-
 retired/CVE-2006-5619 | 23 +++++++++++++++++++++++
 retired/CVE-2006-5701 | 35 +++++++++++++++++++++++++++++++++++
 5 files changed, 59 insertions(+), 59 deletions(-)
 delete mode 100644 active/CVE-2006-5619
 delete mode 100644 active/CVE-2006-5701
 create mode 100644 retired/CVE-2006-5619
 create mode 100644 retired/CVE-2006-5701

diff --git a/active/CVE-2006-5619 b/active/CVE-2006-5619
deleted file mode 100644
index 2a7a48cfb..000000000
--- a/active/CVE-2006-5619
+++ /dev/null
@@ -1,23 +0,0 @@
-Candidate: CVE-2006-5619
-References: 
- http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=bcd620757d3a4ae78ef0ca41adb5d9e400ed92b6
-Description: 
- The seqfile handling (ip6fl_get_n function in ip6_flowlabel.c) in
- Linux kernel 2.6.16, 2.6.17, and 2.6.18-stable allows local users to
- cause a denial of service (hang or oops) via unspecified manipulations
- that trigger an infinite loop while searching for flowlabels.
-Ubuntu-Description:
- James Morris discovered that the ip6fl_get_n() function incorrectly
- handled flow labels. A local attacker could exploit this to crash the
- kernel.
-Notes: 
- dannf> This code does not appear to be present in 2.4
-Bugs: 
-upstream: released (2.6.18.2)
-linux-2.6: released (2.6.18-4)
-2.6.8-sarge-security: released (2.6.8-16sarge6) [ip6_flowlabel-lockup.dpatch]
-2.4.27-sarge-security: N/A
-2.6.12-breezy-security: released (2.6.12-10.41)
-2.6.15-dapper-security: released (2.6.15-27.49)
-2.6.17-edgy-security: released (2.6.17.1-10.34)
-2.6.19-feisty: released
diff --git a/active/CVE-2006-5701 b/active/CVE-2006-5701
deleted file mode 100644
index 9b1ba7b22..000000000
--- a/active/CVE-2006-5701
+++ /dev/null
@@ -1,35 +0,0 @@
-Candidate: CVE-2006-5701
-References: 
- http://projects.info-pull.com/mokb/MOKB-02-11-2006.html
- http://sourceforge.net/mailarchive/forum.php?thread_id=31007759&forum_id=39601
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=211237
-Description: 
- Double free vulnerability in squashfs module in the Linux kernel
- 2.6.x, as used in Fedora Core 5 and possibly other distributions,
- allows local users to cause a denial of service by mounting a crafted
- squashfs filesystem.
-Ubuntu-Description: 
- Certain corrupted squashfs file system images caused a memory
- allocation to be freed twice. By mounting a specially crafted
- squashfs file system, a local attacker could exploit this to crash
- the kernel.
-Notes: 
- Ubuntu kernels have squashfs patch; not sure about Debian's.
- dannf> Debian's do not, but we do have a kernel-patch-squashfs package
- dannf> Marking upstream N/A, because this isn't an upstream feature
- dannf> Affects squashfs (1:3.1r2-6) which is currently in etch. I've
-        Verified that the patch in RH bugzilla applies and fixes the bug.
- dannf> kernel-patch-squashfs applied to a 2.4 kernel does not exhibit
-        this problem. I tested by hexediting the reproducer fs to advertise
-        v2 since v3 is not supported in sarge, which may have just masked
-        the problem.
- dannf> Released in squashfs (1:3.1r2-6.1) which is in etch
-Bugs: 
-upstream: N/A
-linux-2.6: N/A
-2.6.18-etch-security: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.6.12-breezy-security: N/A
-2.6.15-dapper-security: released (2.6.15-27.49)
-2.6.17-edgy-security: released (2.6.17.1-10.34)
diff --git a/active/CVE-2006-5755 b/active/CVE-2006-5755
index d17ca5ffc..13f6621c9 100644
--- a/active/CVE-2006-5755
+++ b/active/CVE-2006-5755
@@ -20,7 +20,7 @@ Notes:
  dannf> ignoring for sarge7 because backport is non-trivial
 Bugs: 
 upstream: released (2.6.18)
-linux-2.6: 
+linux-2.6: released (2.6.18-1)
 2.6.18-etch-security: N/A
 2.6.8-sarge-security: ignored (2.6.8-16sarge7)
 2.4.27-sarge-security: N/A
diff --git a/retired/CVE-2006-5619 b/retired/CVE-2006-5619
new file mode 100644
index 000000000..2a7a48cfb
--- /dev/null
+++ b/retired/CVE-2006-5619
@@ -0,0 +1,23 @@
+Candidate: CVE-2006-5619
+References: 
+ http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=bcd620757d3a4ae78ef0ca41adb5d9e400ed92b6
+Description: 
+ The seqfile handling (ip6fl_get_n function in ip6_flowlabel.c) in
+ Linux kernel 2.6.16, 2.6.17, and 2.6.18-stable allows local users to
+ cause a denial of service (hang or oops) via unspecified manipulations
+ that trigger an infinite loop while searching for flowlabels.
+Ubuntu-Description:
+ James Morris discovered that the ip6fl_get_n() function incorrectly
+ handled flow labels. A local attacker could exploit this to crash the
+ kernel.
+Notes: 
+ dannf> This code does not appear to be present in 2.4
+Bugs: 
+upstream: released (2.6.18.2)
+linux-2.6: released (2.6.18-4)
+2.6.8-sarge-security: released (2.6.8-16sarge6) [ip6_flowlabel-lockup.dpatch]
+2.4.27-sarge-security: N/A
+2.6.12-breezy-security: released (2.6.12-10.41)
+2.6.15-dapper-security: released (2.6.15-27.49)
+2.6.17-edgy-security: released (2.6.17.1-10.34)
+2.6.19-feisty: released
diff --git a/retired/CVE-2006-5701 b/retired/CVE-2006-5701
new file mode 100644
index 000000000..9b1ba7b22
--- /dev/null
+++ b/retired/CVE-2006-5701
@@ -0,0 +1,35 @@
+Candidate: CVE-2006-5701
+References: 
+ http://projects.info-pull.com/mokb/MOKB-02-11-2006.html
+ http://sourceforge.net/mailarchive/forum.php?thread_id=31007759&forum_id=39601
+ https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=211237
+Description: 
+ Double free vulnerability in squashfs module in the Linux kernel
+ 2.6.x, as used in Fedora Core 5 and possibly other distributions,
+ allows local users to cause a denial of service by mounting a crafted
+ squashfs filesystem.
+Ubuntu-Description: 
+ Certain corrupted squashfs file system images caused a memory
+ allocation to be freed twice. By mounting a specially crafted
+ squashfs file system, a local attacker could exploit this to crash
+ the kernel.
+Notes: 
+ Ubuntu kernels have squashfs patch; not sure about Debian's.
+ dannf> Debian's do not, but we do have a kernel-patch-squashfs package
+ dannf> Marking upstream N/A, because this isn't an upstream feature
+ dannf> Affects squashfs (1:3.1r2-6) which is currently in etch. I've
+        Verified that the patch in RH bugzilla applies and fixes the bug.
+ dannf> kernel-patch-squashfs applied to a 2.4 kernel does not exhibit
+        this problem. I tested by hexediting the reproducer fs to advertise
+        v2 since v3 is not supported in sarge, which may have just masked
+        the problem.
+ dannf> Released in squashfs (1:3.1r2-6.1) which is in etch
+Bugs: 
+upstream: N/A
+linux-2.6: N/A
+2.6.18-etch-security: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.6.12-breezy-security: N/A
+2.6.15-dapper-security: released (2.6.15-27.49)
+2.6.17-edgy-security: released (2.6.17.1-10.34)
-- 
cgit v1.2.3