move retired to the top level hierarchy so people can easily checkout just the active issues

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@548 e094ebfe-e918-0410-adfb-c712417f3574

1 files changed, 41 insertions, 0 deletions

diff --git a/retired/CVE-2004-0587 b/retired/CVE-2004-0587
new file mode 100644
index 00000000..72028b0d
--- /dev/null
+++ b/retired/CVE-2004-0587
@@ -0,0 +1,41 @@
+Candidate: CVE-2004-0587
+References: 
+ FEDORA:FEDORA-2004-186
+ URL:http://lwn.net/Articles/91155/
+ MANDRAKE:MDKSA-2004:066
+ URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:066
+ REDHAT:RHSA-2004:413
+ URL:http://www.redhat.com/support/errata/RHSA-2004-413.html
+ REDHAT:RHSA-2004:418
+ URL:http://www.redhat.com/support/errata/RHSA-2004-418.html
+ SGI:20040804-01-U
+ URL:ftp://patches.sgi.com/support/free/security/advisories/20040804-01-U.asc
+ SUSE:SuSE-SA:2004:010
+ URL:http://www.novell.com/linux/security/advisories/2004_10_kernel.html
+ BID:10279
+ URL:http://www.securityfocus.com/bid/10279
+ SECTRACK:1010057
+ URL:http://securitytracker.com/id?1010057
+ XF:suse-hbaapinode-dos(16062)
+ URL:http://xforce.iss.net/xforce/xfdb/16062
+Description: 
+ Insecure permissions for the /proc/scsi/qla2300/HbaApiNode file in Linux
+ allows local users to cause a denial of service.
+Notes: 
+ 2.4.26-3 has the note:
+  CVE-2004-0587 code is not present, not vulnerable
+ So the question is, did the code get added when we moved to 2.4.27, and
+ was it still vulnerable?
+ dannf> Nope; qla2xxx isn't in 2.4.27
+Bugs: 
+upstream: 
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: needed
+2.4.18-woody-security-hppa: N/A