Candidate: CVE-2005-2873
References: 
 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2873
 Final-Decision:
 Interim-Decision:
 Modified:
 Proposed:
 Assigned: 20050909
 Category: SF
 MISC:http://blog.blackdown.de/2005/05/09/fixing-the-ipt_recent-netfilter-module/
Description: 
 The ipt_recent kernel module (ipt_recent.c) in Linux kernel 2.6.12 and
 earlier does not properly perform certain time tests when the jiffies
 value is greater than LONG_MAX, which can cause ipt_recent netfilter
 rules to block too early, a different vulnerability than
 CVE-2005-2872.
Notes: 
 horms> No patch that is acceptable upstream is available
 http://lists.debian.org/debian-kernel/2005/09/msg00257.html
 jmm> There's now a complete rewrite by Patrick McHardy in 2.6.18
 jmm> This change won't be backported to Sarge, if this poses a problem an update
 jmm> to Etch is required
upstream: released (2.6.18)
Bugs: 332381, 332231, 332228
linux-2.6: released (2.6.18-1)
2.6.8-sarge-security: ignored (2.6.8-16sarge5)
2.4.27-sarge-security: ignored (2.4.27-10sarge4)
2.6.18-etch-security: N/A