move retired to the top level hierarchy so people can easily checkout just the active issues

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@548 e094ebfe-e918-0410-adfb-c712417f3574

1 files changed, 34 insertions, 0 deletions

diff --git a/retired/CVE-2005-3356 b/retired/CVE-2005-3356
new file mode 100644
index 000000000..4da47902a
--- /dev/null
+++ b/retired/CVE-2005-3356
@@ -0,0 +1,34 @@
+Candidate: CVE-2005-3356
+References: 
+ http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff_plain;h=7c7dce9209161eb260cdf9e9172f72c3a02379e6h+p=12dbf3fc4d06d2c0c4c44dc0612df04248b3cfd3
+Description: 
+ [PATCH] Fix double decrement of mqueue_mnt->mnt_count in sys_mq_open
+ .
+ Fixed the refcounting on failure exits in sys_mq_open() and
+ cleaned the logics up.  Rules are actually pretty simple - dentry_open()
+ expects vfsmount and dentry to be pinned down and it either transfers
+ them into created struct file or drops them.  Old code had been very
+ confused in that area - if dentry_open() had failed either in do_open()
+ or do_create(), we ended up dentry and mqueue_mnt dropped twice, once
+ by dentry_open() cleanup and then by sys_mq_open().
+ .
+ Fix consists of making the rules for do_create() and do_open()
+ same as for dentry_open() and updating the sys_mq_open() accordingly;
+ that actually leads to more straightforward code and less work on
+ normal path.
+ .
+ Signed-off-by: Al Viro <aviro@redhat.com>
+ Signed-off-by: Linus Torvalds <torvalds@osdl.org>
+Notes: 
+ jmm> Discovered by Doug Chapman
+Bugs: 
+upstream: released (2.6.15.2)
+linux-2.6: released (2.6.15-4)
+2.6.8-sarge-security: released (2.6.8-16sarge2)
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A