From cffb363c568e15bb95549d0c5746068cca9c94bf Mon Sep 17 00:00:00 2001
From: dann frazier <dannf@debian.org>
Date: Sun, 20 Jul 2008 21:58:00 +0000
Subject: Debian updates; retire several issues

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@1197 e094ebfe-e918-0410-adfb-c712417f3574
---
 retired/CVE-2007-2242 | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 retired/CVE-2007-2242

(limited to 'retired/CVE-2007-2242')

diff --git a/retired/CVE-2007-2242 b/retired/CVE-2007-2242
new file mode 100644
index 00000000..b656dac1
--- /dev/null
+++ b/retired/CVE-2007-2242
@@ -0,0 +1,33 @@
+Candidate: CVE-2007-2242
+References: 
+ http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.20.y.git;a=commit;h=010831ab8436dfd9304b203467566fb6b135c24f
+ http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.20.y.git;a=commit;h=9d08f139275450f9366d85ba09b9a2e09bb33766
+Description: 
+ The IPv6 protocol allows remote attackers to cause a denial of service via
+ crafted IPv6 type 0 route headers (IPV6_RTHDR_TYPE_0) that create network
+ amplification between two routers.
+Ubuntu-Description: 
+ A flaw was discovered in the IPv6 stack's handling of type 0 route headers.
+ By sending a specially crafted IPv6 packet, a remote attacker could cause
+ a denial of service between two IPv6 hosts.
+Notes: 
+ dannf> Some info from Vlad Yasevich:
+  <vlad> dannf: is someone including commits 010831ab8436dfd9304b203467566fb6b135c24f and 9d08f139275450f9366d85ba09b9a2e09bb33766 (IPv6 routing header changes) in the debian kernel?
+ ...
+ <dannf> vlad: right, but (010831ab8436dfd9304b203467566fb6b135c24f) is security, so it'll be included in etch if necessary
+ <dannf> s/necessary/affected/
+ <vlad> dannf: you need the second one I listed as well, since the first one has a bug in it.
+ <dannf> vlad: oh, ok - thx
+ <vlad> dannf: although for the purposes of 2.6.18, the second one might be a no-op and the first one might need to be modified a bit.
+ jmm> Contacted Willy
+ dannf> functions are different, but 2.4 code looks similar
+ dannf> My 2.4 backport attempt causes a crash at boot time, ignoring for now
+Bugs: 421595
+upstream: released (2.6.21)
+linux-2.6: released (2.6.21-1)
+2.6.18-etch-security: released (2.6.18.dfsg.1-13etch1) [bugfix/ipv6-disallow-RH0-by-default.patch]
+2.6.8-sarge-security: needed
+2.4.27-sarge-security: ignored (2.4.27-10sarge6) "needs port"
+2.6.15-dapper-security: released (2.6.15-29.58)
+2.6.17-edgy-security: released (2.6.17.1-11.39) [fee89820efa8e3479b39149dcfb2b1bccdaadedc]
+2.6.20-feisty-security: released (2.6.20-16.28)
-- 
cgit v1.2.3