move retired to the top level hierarchy so people can easily checkout just the active issues

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@548 e094ebfe-e918-0410-adfb-c712417f3574

1 files changed, 30 insertions, 0 deletions

diff --git a/retired/CVE-2004-2607 b/retired/CVE-2004-2607
new file mode 100644
index 00000000..ec1da937
--- /dev/null
+++ b/retired/CVE-2004-2607
@@ -0,0 +1,30 @@
+Candidate: CVE-2004-2607 
+References: 
+ http://www.uwsg.iu.edu/hypermail/linux/kernel/0404.2/0313.html
+ http://www.kernel.org/git/?p=linux/kernel/git/tglx/history.git;a=commitdiff;h=98cd917c1ac348d5cd94beabecc3011dcaa0a0f2
+Description: 
+ A numeric casting discrepancy in sdla_xfer in Linux kernel 2.6.x up to
+ 2.6.5 and 2.4 up to 2.4.29-rc1 allows local users to read portions of
+ kernel memory via a large len argument, which is received as an int but
+ cast to a short, which prevents a read loop from filling a buffer.
+Notes: 
+ jmm> The referenced patch was applied by Jeff Garzik on 2004-04-16,
+ jmm> 2.6.6 was released on 2004-05-09, so Sarge seems not affected, should
+ jmm> be double-checked against the source though, but my bandwidth is currently
+ jmm> too slim to download 2.6.8
+ jmm>
+ jmm> The fix below is for a completely different issue, I've split it out
+ horms> Fix was included in 2.6.6. Checked source and 2.6.8 is not vulnerable
+ horms> 2.4.27 is vulnerable, added fix to SVN. Woody is likely vulnerable
+Bugs: 
+upstream: released (2.4.33-pre2), released (2.6.6)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: released (2.4.27-10sarge2) [200_net_sdla_xfer_leak.diff]
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
+2.4.18-woody-security-hppa: