From e824eab7fea625551e3ee27c390cf894cfbfba04 Mon Sep 17 00:00:00 2001
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Fri, 4 Apr 2008 08:22:59 +0000
Subject: retire some issues now that Sarge support has ended

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@1154 e094ebfe-e918-0410-adfb-c712417f3574
---
 retired/CVE-2006-4572 | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 retired/CVE-2006-4572

(limited to 'retired/CVE-2006-4572')

diff --git a/retired/CVE-2006-4572 b/retired/CVE-2006-4572
new file mode 100644
index 000000000..6b5d7356a
--- /dev/null
+++ b/retired/CVE-2006-4572
@@ -0,0 +1,25 @@
+Candidate: CVE-2006-4572
+References: 
+ URL:http://readlist.com/lists/vger.kernel.org/linux-kernel/55/275979.html
+ http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6d381634d213580d40d431e7664dfb45f641b884
+ http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=51d8b1a65291a6956b79374b6adbbadc2263bcf6
+Description: 
+ Multiple unspecified vulnerabilities in netfilter for IPv6 code in Linux
+ kernel before 2.6.16.31 allow remote attackers to bypass intended restrictions
+ via unknown vectors, aka (1) "ip6_tables protocol bypass bug" and
+ (2) "ip6_tables extension header bypass bug".
+Ubuntu-Description:
+ Mark Dowd discovered that the netfilter iptables module did not
+ correcly handle fragmented packets. By sending specially crafted
+ packets, a remote attacker could exploit this to bypass firewall
+ rules.
+Notes: 
+ dannf> port to 2.4.27/2.6.8 is non-trivial, ignoring for now
+Bugs: 
+upstream: released (2.6.19)
+linux-2.6: released (2.6.18.dfsg.1-9)
+2.6.18-etch-security: released (2.6.18.dfsg.1-9)
+2.6.8-sarge-security: ignored (2.6.8-16sarge7)
+2.4.27-sarge-security: ignored (2.4.27-10sarge6)
+2.6.15-dapper-security: released (2.6.15-28.51)
+2.6.17-edgy-security: released (2.6.17.1-10.34)
-- 
cgit v1.2.3