permanently ignore CVE-2004-1190 for 2.4 and retire

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@1091 e094ebfe-e918-0410-adfb-c712417f3574
author: dann frazier <dannf@debian.org> 2008-01-17 22:49:47 +0000
committer: dann frazier <dannf@debian.org> 2008-01-17 22:49:47 +0000
commit: 7b2149f741cda70666181c6490d654ed49c8679b (patch)
tree: 17a7d2b0c9713a5c7051bc074142871e784de633 /retired/CVE-2004-1190
parent: 1ccbd81b4c085ec2e37808879964c1c880a736f7 (diff)
1 files changed, 19 insertions, 0 deletions
diff --git a/retired/CVE-2004-1190 b/retired/CVE-2004-1190
new file mode 100644
index 00000000..7f76542e
--- /dev/null
+++ b/retired/CVE-2004-1190
@@ -0,0 +1,19 @@
+Candidate: CVE-2004-1190
+References: 
+ http://www.novell.com/linux/security/advisories/2004_42_kernel.html
+ http://xforce.iss.net/xforce/xfdb/18370
+Description:
+ SUSE Linux before 9.1 and SUSE Linux Enterprise Server before 9 do not
+ properly check commands sent to CD devices that have been opened read-only,
+ which could allow local users to conduct unauthorized write activities to
+ modify the firmware of associated SCSI devices.
+ .
+ dannf> skipping for 2.4/sarge3 - not sure if 2.4 is affected, but we should
+        revisit
+Notes: 
+Bugs: 300162
+upstream: released (2.6.10)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-14) [scsi-ioctl-cmd-warned.dpatch, scsi-ioctl-remove-dup.dpatch, scsi-ioctl-permit.dpatch, SG_IO-cap.dpatch, SG_IO-safe-commands-2.dpatch, SG_IO-safe-commands-3.dpatch, SG_IO-safe-commands-5.dpatch]
+2.4.27-sarge-security: ignored
+2.6.18-etch-security: N/A
author	dann frazier <dannf@debian.org>	2008-01-17 22:49:47 +0000
committer	dann frazier <dannf@debian.org>	2008-01-17 22:49:47 +0000
commit	7b2149f741cda70666181c6490d654ed49c8679b (patch)
tree	17a7d2b0c9713a5c7051bc074142871e784de633 /retired/CVE-2004-1190
parent	1ccbd81b4c085ec2e37808879964c1c880a736f7 (diff)