From a7d7adb819f329fecd6d48e9af34d4f21c1c49d4 Mon Sep 17 00:00:00 2001
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Mon, 30 Apr 2007 17:17:18 +0000
Subject: moving ipt_recent design issue to ignored/, the directory for issues,
 which are broken by design or too complex to backport

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@776 e094ebfe-e918-0410-adfb-c712417f3574
---
 ignored/CVE-2005-2873 | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 ignored/CVE-2005-2873

(limited to 'ignored')

diff --git a/ignored/CVE-2005-2873 b/ignored/CVE-2005-2873
new file mode 100644
index 00000000..3b3066ce
--- /dev/null
+++ b/ignored/CVE-2005-2873
@@ -0,0 +1,28 @@
+Candidate: CVE-2005-2873
+References: 
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2873
+ Final-Decision:
+ Interim-Decision:
+ Modified:
+ Proposed:
+ Assigned: 20050909
+ Category: SF
+ MISC:http://blog.blackdown.de/2005/05/09/fixing-the-ipt_recent-netfilter-module/
+Description: 
+ The ipt_recent kernel module (ipt_recent.c) in Linux kernel 2.6.12 and
+ earlier does not properly perform certain time tests when the jiffies
+ value is greater than LONG_MAX, which can cause ipt_recent netfilter
+ rules to block too early, a different vulnerability than
+ CVE-2005-2872.
+Notes: 
+ horms> No patch that is acceptable upstream is available
+ http://lists.debian.org/debian-kernel/2005/09/msg00257.html
+ jmm> There's now a complete rewrite by Patrick McHardy in 2.6.18
+ jmm> This change won't be backported to Sarge, if this poses a problem an update
+ jmm> to Etch is required
+upstream: released (2.6.18)
+Bugs: 332381, 332231, 332228
+linux-2.6: released (2.6.18-1)
+2.6.8-sarge-security: ignored (2.6.8-16sarge5)
+2.4.27-sarge-security: ignored (2.4.27-10sarge4)
+2.6.18-etch-security: N/A
-- 
cgit v1.2.3