[kernel-sec-discuss] r776 - active ignored
Moritz Muehlenhoff
jmm at alioth.debian.org
Mon Apr 30 17:17:19 UTC 2007
Author: jmm
Date: 2007-04-30 17:17:18 +0000 (Mon, 30 Apr 2007)
New Revision: 776
Added:
ignored/CVE-2005-2873
Removed:
active/CVE-2005-2873
Log:
moving ipt_recent design issue to ignored/, the directory for
issues, which are broken by design or too complex to backport
Deleted: active/CVE-2005-2873
===================================================================
--- active/CVE-2005-2873 2007-04-30 17:16:04 UTC (rev 775)
+++ active/CVE-2005-2873 2007-04-30 17:17:18 UTC (rev 776)
@@ -1,28 +0,0 @@
-Candidate: CVE-2005-2873
-References:
- URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2873
- Final-Decision:
- Interim-Decision:
- Modified:
- Proposed:
- Assigned: 20050909
- Category: SF
- MISC:http://blog.blackdown.de/2005/05/09/fixing-the-ipt_recent-netfilter-module/
-Description:
- The ipt_recent kernel module (ipt_recent.c) in Linux kernel 2.6.12 and
- earlier does not properly perform certain time tests when the jiffies
- value is greater than LONG_MAX, which can cause ipt_recent netfilter
- rules to block too early, a different vulnerability than
- CVE-2005-2872.
-Notes:
- horms> No patch that is acceptable upstream is available
- http://lists.debian.org/debian-kernel/2005/09/msg00257.html
- jmm> There's now a complete rewrite by Patrick McHardy in 2.6.18
- jmm> This change won't be backported to Sarge, if this poses a problem an update
- jmm> to Etch is required
-upstream: released (2.6.18)
-Bugs: 332381, 332231, 332228
-linux-2.6: released (2.6.18-1)
-2.6.8-sarge-security: ignored (2.6.8-16sarge5)
-2.4.27-sarge-security: ignored (2.4.27-10sarge4)
-2.6.18-etch-security: N/A
Copied: ignored/CVE-2005-2873 (from rev 775, active/CVE-2005-2873)
More information about the kernel-sec-discuss
mailing list