From a9c0b7269813ae311bf762551b55cb6701e945e7 Mon Sep 17 00:00:00 2001
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Wed, 11 Jun 2014 13:13:47 +0000
Subject: retire

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@3387 e094ebfe-e918-0410-adfb-c712417f3574
---
 retired/CVE-2014-2851 | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100644 retired/CVE-2014-2851

(limited to 'retired/CVE-2014-2851')

diff --git a/retired/CVE-2014-2851 b/retired/CVE-2014-2851
new file mode 100644
index 00000000..b4f5b7a0
--- /dev/null
+++ b/retired/CVE-2014-2851
@@ -0,0 +1,14 @@
+Description: memory leak in ping
+References:
+ https://lkml.org/lkml/2014/4/10/736
+Notes:
+ raphael: Appears to have been introduced with the support for IPPROTO_ICMP in 3.0-rc1
+ bwh> Bug is in permission checks for creating ping sockets, so is exploitable
+ bwh> even though the default permissions prevent them being created.
+Bugs:
+upstream: released (3.15-rc2) [b04c46190219a4f845e46a459e3102137b7f6cac]
+2.6.32-upstream-stable: N/A "Vulnerable code not present"
+sid: released (3.14.4-1) [bugfix/all/net-ipv4-current-group_info-should-be-put-after-usin.patch]
+3.2-wheezy-security: released (3.2.57-3+deb7u1) [bugfix/all/net-ipv4-current-group_info-should-be-put-after-usin.patch]
+2.6.32-squeeze-security: N/A "Vulnerable code not present"
+3.2-upstream-stable: released (3.2.60)
-- 
cgit v1.2.3