From 4e879024289dae7264857f2f05005ddc92e2b4ce Mon Sep 17 00:00:00 2001
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Tue, 1 May 2007 00:15:11 +0000
Subject: retire old SG_IO issue move two conceptual disk-encryption issues to
 ignored

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@792 e094ebfe-e918-0410-adfb-c712417f3574
---
 ignored/CVE-2004-2135 | 24 ++++++++++++++++++++++++
 ignored/CVE-2004-2136 | 20 ++++++++++++++++++++
 2 files changed, 44 insertions(+)
 create mode 100644 ignored/CVE-2004-2135
 create mode 100644 ignored/CVE-2004-2136

(limited to 'ignored')

diff --git a/ignored/CVE-2004-2135 b/ignored/CVE-2004-2135
new file mode 100644
index 00000000..eabd4119
--- /dev/null
+++ b/ignored/CVE-2004-2135
@@ -0,0 +1,24 @@
+Candidate: CVE-2004-2135
+References: 
+ http://marc.theaimsgroup.com/?l=linux-kernel&m=107719798631935&w=2
+ http://mareichelt.de/pub/notmine/diskenc.pdf
+ http://www.securiteam.com/exploits/5UP0P1PFPM.html
+ http://www.securityfocus.com/bid/13775
+Description: 
+ cryptoloop on Linux kernel 2.6.x, when used on certain file systems with a
+ block size 1024 or greater, has certain "IV computation" weaknesses that
+ allow watermarked files to be detected without decryption.
+Notes: 
+ jmm> IIRC there was some serious flaming about the different disk encryption systems,
+ jmm> I'm not sure whether this has been addressed or how real it is
+ jmm> Plus, cryptoloop is marked DEPRECATED for a long time IIRC
+ jmm> It's not included in stock 2.4 kernels, but only available in kernel-patch-cryptoloop,
+ jmm> which is only part of sid and hasn't been shipped with neither Woody nor Sarge, so
+ jmm> I'm marking all these N/A
+Bugs: 
+upstream: 
+linux-2.6:
+2.6.8-sarge-security: ignored (2.6.8-16sarge5)
+2.4.27-sarge-security: N/A
+2.6.18-etch-security: ignored
+
diff --git a/ignored/CVE-2004-2136 b/ignored/CVE-2004-2136
new file mode 100644
index 00000000..b058dc3a
--- /dev/null
+++ b/ignored/CVE-2004-2136
@@ -0,0 +1,20 @@
+Candidate: CVE-2004-2136
+References: 
+ http://marc.theaimsgroup.com/?l=linux-kernel&m=107719798631935&w=2
+ http://mareichelt.de/pub/notmine/diskenc.pdf
+ http://www.securiteam.com/exploits/5UP0P1PFPM.html
+Description: 
+ dm-crypt on Linux kernel 2.6.x, when used on certain file systems with a
+ block size 1024 or greater, has certain "IV computation" weaknesses that
+ allow watermarked files to be detected without decryption.
+Notes: 
+ jmm> IIRC there was some serious flaming about the different disk encryption systems,
+ jmm> I'm not sure whether this has been addressed or how real it is
+ jmm> 2.4 doesn't have dm-crypt, though
+Bugs: 
+upstream: 
+linux-2.6:
+2.6.8-sarge-security: ignored (2.6.8-16sarge5)
+2.4.27-sarge-security: N/A
+2.6.18-etch-security: ignored
+
-- 
cgit v1.2.3