retire some issues now that Sarge support has ended

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@1154 e094ebfe-e918-0410-adfb-c712417f3574

1 files changed, 21 insertions, 0 deletions

diff --git a/retired/CVE-2007-0958 b/retired/CVE-2007-0958
new file mode 100644
index 00000000..6dedad67
--- /dev/null
+++ b/retired/CVE-2007-0958
@@ -0,0 +1,21 @@
+Candidate: CVE-2007-0958
+References: 
+ MISC:http://www.isec.pl/vulnerabilities/isec-0017-binfmt_elf.txt
+ CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20 
+Description: 
+ Linux kernel 2.6.x before 2.6.20 allows local users to read unreadable
+ binaries by using the interpreter (PT_INTERP) functionality and triggering
+ a core dump, a variant of CVE-2004-1073.
+Ubuntu-Description: 
+Notes: 
+ dannf> Red Hat's 2.4 isn't vulnerable; Willy Tarreau asked the reporter
+        for a reproducer in 2007.02. I sent Willy an e-mail on 2008.02.06
+        to see if he ever heard back. Until then, I'll assume 2.4 is ok.
+Bugs: 
+upstream: released (2.6.20)
+linux-2.6: released (2.6.20-1)
+2.6.18-etch-security: released (2.6.18.dfsg.1-12etch1) [bugfix/core-dump-unreadable-PT_INTERP.patch]
+2.6.8-sarge-security: released (2.6.8-16sarge7) [core-dump-unreadable-PT_INTERP.dpatch]
+2.4.27-sarge-security: ignored (2.4.27-10sarge6) "poked upstream on 2008.02.06"
+2.6.15-dapper-security: released (2.6.15-28.53)
+2.6.17-edgy-security: released (2.6.17.1-11.37)