move retired to the top level hierarchy so people can easily checkout just the active issues

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@548 e094ebfe-e918-0410-adfb-c712417f3574

1 files changed, 30 insertions, 0 deletions

diff --git a/retired/CVE-2005-0178 b/retired/CVE-2005-0178
new file mode 100644
index 00000000..eb3a56dd
--- /dev/null
+++ b/retired/CVE-2005-0178
@@ -0,0 +1,30 @@
+Candidate: CVE-2005-0178
+References: 
+ CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@41ddda70CWJb5nNL71T4MOlG2sMG8A
+ CONECTIVA:CLA-2005:930
+ URL:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930
+ REDHAT:RHSA-2005:092
+ URL:http://www.redhat.com/support/errata/RHSA-2005-092.html
+ BUGTRAQ:20050215 [USN-82-1] Linux kernel vulnerabilities
+ URL:http://marc.theaimsgroup.com/?l=full-disclosure&m=110846102231365&w=2
+Description: 
+ Race condition in the setsid function in Linux before 2.6.8.1 allows local
+ users to cause a denial of service (crash) and possibly access portions of
+ kernel memory, related to TTY changes, locking, and semaphores.
+Notes:
+ dannf> Alan Cox suggested that this is not a 2.4 issue:
+ Alan> Is it actually needed for 2.4. In the 2.4 case your controlling tty is
+ Alan> private not thread group so a setsid() can't race because you can't
+ Alan> setsid in the same thread as is opening current->tty. 
+Bugs: 
+upstream: released (2.6.8.1, 2.6.11)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-14) [setsid-race.dpatch]
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
+2.4.18-woody-security-hppa: N/A