retire several issues

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@774 e094ebfe-e918-0410-adfb-c712417f3574

1 files changed, 23 insertions, 0 deletions

diff --git a/retired/CVE-2006-4813 b/retired/CVE-2006-4813
new file mode 100644
index 00000000..6045237e
--- /dev/null
+++ b/retired/CVE-2006-4813
@@ -0,0 +1,23 @@
+Candidate: CVE-2006-4813
+References: 
+ http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=152becd26e0563aefdbc4fd1fe491928efe92d1f
+Description: 
+ The __block_prepare_write function in fs/buffer.c for Linux kernel 2.6.x before 2.6.13
+ does not properly clear buffers during certain error conditions, which allows local
+ users to read portions of files that have been unlinked.
+Ubuntu-Description:
+ Dmitriy Monakhov discovered an information leak in the
+ __block_prepare_write() function. During error recovery, this
+ function did not properly clear memory buffers which could allow
+ local users to read portions of unlinked files.
+Notes: 
+ dannf> I don't think 2.4 is affected because the BH_New bit is not
+ dannf> cleared after get_block returns - marking 2.4.27 N/A
+Bugs: 
+upstream: released (2.6.13-rc1)
+linux-2.6: released (2.6.13-1)
+2.6.8-sarge-security: released (2.6.8-16sarge6) [__block_prepare_write-recovery.dpatch]
+2.4.27-sarge-security: N/A
+2.6.12-breezy-security: released (CVE-2006-4813)
+2.6.15-dapper-security: released
+2.6.17-edgy: released