move retired to the top level hierarchy so people can easily checkout just the active issues

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@548 e094ebfe-e918-0410-adfb-c712417f3574

1 files changed, 32 insertions, 0 deletions

diff --git a/retired/CVE-2005-3848 b/retired/CVE-2005-3848
new file mode 100644
index 00000000..13cb1398
--- /dev/null
+++ b/retired/CVE-2005-3848
@@ -0,0 +1,32 @@
+Candidate: CVE-2005-3848
+References: 
+ CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=cb94c62c252796f42bb83fe40960d12f3ea5a82a
+ MISC:http://lkml.org/lkml/2005/8/26/173
+Description: 
+ Ollie Wild discovered a leak in the icmp_push_reply() function in Linux 2.6,
+ in which an ignored error returned by ip_append_data() would result in the
+ route and net_device not being freed.  A malicious remote user could exploit
+ this in order to initiate a denial of service attack.  This issue was fixed
+ in Linux 2.6.12.6 and 2.6.13.
+Notes: 
+ This code looks completely different in 2.4; neither ip_append_data() (the
+ function that returns an error) nor icmp_push_reply() (the function that fails
+ to check this error) exist.  So, I'm marking 2.4 as unaffected.
+ Actual CVE description:
+ Memory leak in the icmp_push_reply function in Linux 2.6 before
+ 2.6.12.6 and 2.6.13 allows remote attackers to cause a denial of
+ service (memory consumption) via a large number of crafted packets
+ that cause the ip_append_data function to fail, aka "DST leak in
+ icmp_push_reply."
+upstream: released (2.6.12.6, 2.6.13)
+2.6.8-sarge-security: released (2.6.8-16sarge2) [fix-dst-leak-in-icmp_push_reply.dpatch]
+2.4.27-sid/sarge: released (2.4.27-12) [188_fix-dst-leak-in-icmp_push_reply.diff]
+2.4.27-sarge-security: released (2.4.27-10sarge2) [188_fix-dst-leak-in-icmp_push_reply.diff]
+linux-2.6: 
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
+2.4.18-woody-security-hppa: