move retired to the top level hierarchy so people can easily checkout just the active issues

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@548 e094ebfe-e918-0410-adfb-c712417f3574

1 files changed, 28 insertions, 0 deletions

diff --git a/retired/CVE-2005-0528 b/retired/CVE-2005-0528
new file mode 100644
index 00000000..d896c0f6
--- /dev/null
+++ b/retired/CVE-2005-0528
@@ -0,0 +1,28 @@
+Candidate: CVE-2005-0528
+References: 
+Description: 
+Notes: 
+ From Joey's 2.4.18-14.4 changelog:
+  * Applied patch by Andrea Arcangeli from 2.4.24 to fix privilege
+    escalation in the mremap() syscall [mm/mremap.c, CAN-2004-nnnn]
+ jmm> Isn't this CVE-2004-0077?
+ dannf> Looks like this is a different issue.  Joey's patch is here:
+  http://klecker.debian.org/~joey/security/kernel/patches/patch.CAN-2005-0528.mremap
+ dannf> But it doesn't look like mitre has released the details yet:
+  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0528
+ jmm> The patch is merged as of 2.4.27, but I'm not sure at which exact version
+ dannf> It looks like this would apply to 2.6, but isn't necessary because
+ dannf> its already fixed in a different way.  2.6 checks for a 0 new_len 
+ dannf> earlier and errors out
+ jmm> This turned out to be a dupe of CVE-2003-0985
+Bugs: 
+upstream: N/A
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.18)