From bae0523bf48cec05cb6e0913363a0f758193e99c Mon Sep 17 00:00:00 2001
From: Ben Hutchings <benh@debian.org>
Date: Mon, 18 Mar 2013 03:56:02 +0000
Subject: Retire CVE-2013-1858 with an explanation of why it doesn't matter to
 earlier versions

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@2870 e094ebfe-e918-0410-adfb-c712417f3574
---
 retired/CVE-2013-1858 | 12 ++++++++++++
 1 file changed, 12 insertions(+)
 create mode 100644 retired/CVE-2013-1858

(limited to 'retired/CVE-2013-1858')

diff --git a/retired/CVE-2013-1858 b/retired/CVE-2013-1858
new file mode 100644
index 00000000..27b6250a
--- /dev/null
+++ b/retired/CVE-2013-1858
@@ -0,0 +1,12 @@
+Description: userns: Don't allow CLONE_NEWUSER | CLONE_FS
+References:
+ http://stealth.openwall.net/xSports/clown-newuser.c
+Notes:
+ Prior to 3.8, CLONE_NEWUSER required CAP_SYS_ADMIN && CAP_SETUID &&
+ CAP_SETGID, so no privilege escalation is possible.
+Bugs:
+upstream: pending [e66eded8309ebf679d3d3c1f5820d1f2ca332c71]
+2.6.32-upstream-stable: N/A
+sid: N/A
+2.6.32-squeeze-security: N/A
+3.2-upstream-stable: N/A
-- 
cgit v1.2.3