From 13587c183ef1725c767cc312e4c3934f2316bd3a Mon Sep 17 00:00:00 2001
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Thu, 6 Nov 2014 10:41:47 +0000
Subject: retire

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@3532 e094ebfe-e918-0410-adfb-c712417f3574
---
 retired/CVE-2014-7207 | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 retired/CVE-2014-7207

(limited to 'retired/CVE-2014-7207')

diff --git a/retired/CVE-2014-7207 b/retired/CVE-2014-7207
new file mode 100644
index 00000000..4ac93655
--- /dev/null
+++ b/retired/CVE-2014-7207
@@ -0,0 +1,18 @@
+Description: Denial of service by sending IPv6 UFO packet through tap
+References:
+Notes:
+ bwh> Bug was introduced in 3.2.63 (and 3.4.101) by the backport of
+ bwh> commit 73f156a6e8c1 ("inetpeer: get rid of ip_id_count") which
+ bwh> assumes ipv6_select_ident() is called with a non-null struct
+ bwh> rt6_info pointer.  That was not true as they were missing commit
+ bwh> 916e4cf46d02 ("ipv6: reuse ip6_frag_id from ip6_ufo_append_data").
+ bwh> Neither the upstream kernel nor any other stable branch had this
+ bwh> bug.
+Bugs: #766195
+upstream: N/A
+2.6.32-upstream-stable: N/A
+sid: N/A
+3.2-wheezy-security: released (3.2.63-2+deb7u1) [bugfix/all/ipv6-reuse-ip6_frag_id-from-ip6_ufo_append_data.patch]
+2.6.32-squeeze-security: N/A
+3.16-upstream-stable: N/A
+3.2-upstream-stable: released (3.2.64)
-- 
cgit v1.2.3