In Ubuntu's USN-219-1: Stephen Hemming discovered a weakness in the network bridge driver. Packets which had already been dropped by the packet filter could poison the forwarding table, which could be exploited to make the bridge forward spoofed packages. This vulnerability only affects Ubuntu 4.10 and 5.04. (CVE-2005-3272)
CVE says < 2.6.12 so I'm closing this one as our 2.6 trees are 2.6.12 or later.