[kernel] r4778 - people/dannf/patchinfo

[Dann Frazier]

Author: dannf
Date: Thu Nov 10 07:44:29 2005
New Revision: 4778

Added:
   people/dannf/patchinfo/CAN-2005-2800
      - copied, changed from r4777, people/dannf/patchinfo/00boilerplate
Log:
add CAN-2005-2800


Copied: people/dannf/patchinfo/CAN-2005-2800 (from r4777, people/dannf/patchinfo/00boilerplate)
==============================================================================
--- people/dannf/patchinfo/00boilerplate	(original)
+++ people/dannf/patchinfo/CAN-2005-2800	Thu Nov 10 07:44:29 2005
@@ -1,16 +1,23 @@
-Candidate: 
-References: 
-Description: 
+Candidate: CAN-2005-2800
+References:
+ URL:http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CAN-2005-2800
+Description:
+ Memory leak in the seq_file implemenetation in the SCSI procfs interface
+ (sg.c) in Linux kernel 2.6.13 and earlier allows local users to cause a
+ denial of service (memory consumption) via certain repeated reads from the
+ /proc/scsi/sg/devices file, which is not properly handled when the next()
+ iterator returns NULL or an error.
 Notes: 
+ dannf> seq_file is a 2.6ism, so marking 2.4 as N/A
 Bugs: 
-upstream: 
+upstream: released (2.6.12.6)
 2.6.14: 
-2.6.8-sarge-security: 
+2.6.8-sarge-security: pending (2.6.8-16sarge2)
 2.4.27-sarge-security: 
 2.6.8: 
-2.4.19-woody-security: 
-2.4.18-woody-security: 
-2.4.17-woody-security: 
-2.4.16-woody-security: 
-2.4.17-woody-security-hppa: 
-2.4.17-woody-security-ia64: 
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A