move retired to the top level hierarchy so people can easily checkout just the active issues

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@548 e094ebfe-e918-0410-adfb-c712417f3574

1 files changed, 31 insertions, 0 deletions

diff --git a/retired/CVE-2005-3180 b/retired/CVE-2005-3180
new file mode 100644
index 00000000..70d585c3
--- /dev/null
+++ b/retired/CVE-2005-3180
@@ -0,0 +1,31 @@
+Candidate: CVE-2005-3180
+References: 
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3180
+ CONFIRM:http://www.kernel.org/hg/linux-2.6/?cmd=changeset;node=feecb2ffde28639e60ede769c6f817dc536c677b
+Description: 
+ The Orinoco driver (orinoco.c) in Linux kernel 2.6.13 and earlier does
+ not properly clear memory from a previously used packet whose length
+ is increased, which allows remote attackers to obtain sensitive
+ information.
+Notes: 
+ > > From: Pavel Roskin <proski@gnu.org>
+ > > 
+ > > The orinoco driver can send uninitialized data exposing random pieces of
+ > > the system memory.  This happens because data is not padded with zeroes
+ > > when its length needs to be increased.
+ horms> a better fix for this is 
+ horms> http://mirror.local.valinux.co.jp/linux/kernel/v2.6/ChangeLog-2.6.15
+ horms> 192_orinoco-info-leak.diff is missing the ALIGN macro which is not
+ horms> defined elsewhere in 2.4. 
+ horms> is added by 192_orinoco-info-leak-2.diff
+upstream: released (2.6.13.4), released (2.4.33-pre2)
+linux-2.6: released (2.6.13+2.6.14-rc4-0experimental.1)
+2.6.8-sarge-security: released (2.6.8-16sarge2) [orinoco-info-leak.dpatch]
+2.4.27-sarge-security: released (2.4.27-10sarge2) [192_orinoco-info-leak.diff, 192_orinoco-info-leak-2.diff]
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
+2.4.18-woody-security-hppa: