- i was able to track down the patches for CVE-2004-1191

- remark CVE-2009-3888 as unimportant

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@1627 e094ebfe-e918-0410-adfb-c712417f3574

1 files changed, 10 insertions, 12 deletions

diff --git a/retired/CVE-2004-1191 b/retired/CVE-2004-1191
index 15e07d0e..3b7108ab 100644
--- a/retired/CVE-2004-1191
+++ b/retired/CVE-2004-1191
@@ -6,16 +6,14 @@ Description:
 References:
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1191
  http://www.novell.com/linux/security/advisories/2004_42_kernel.html
- http://xforce.iss.net/xforce/xfdb/18137
+ http://linux.bkbits.net:8080/linux-2.6/?PAGE=cset&REV=416e0015fxUJlgXuh_QC32U-2R9eKw
 Notes:
- the secure-testing tracker indicates that this was fixed appropriately in all of the
- linux-2.4 kernels released at the time; however, it also says that linux-2.6 needs
- to be checked, which was never done.
- - retiring based on the assumption that it was fixed in sarge's 2.6.8, and that
-   hopefully during that timeframe patches were pushed upstream
-Bugs:
-upstream: ignored "unable to find info about defect"
-linux-2.6: ignored "unable to find info about defect"
-2.6.18-etch-security: ignored "unable to find info about defect"
-2.6.24-etch-security: ignored "unable to find info about defect"
-2.6.26-lenny-security: ignored "unable to find info about defect"
+ - i've found the original bug report and bitkeeper patch (see above link)
+ - i have checked that the bitkeeper patch is indeed present in etch's 2.6.18
+ - as of 2.6.26, pgtable.h has been completely rewritten, so it is not affected
+Bugs: 300163
+upstream: released (sometime before 2.6.18)
+linux-2.6: N/A "pgtable.h completely rewritten"
+2.6.18-etch-security: N/A "fixed before 2.6.18"
+2.6.24-etch-security: N/A "fixed before 2.6.18"
+2.6.26-lenny-security: N/A "pgtable.h completely rewritten"