Debian updates; retire several issues

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@1197 e094ebfe-e918-0410-adfb-c712417f3574

1 files changed, 23 insertions, 0 deletions

diff --git a/retired/CVE-2008-0007 b/retired/CVE-2008-0007
new file mode 100644
index 00000000..3f588fa9
--- /dev/null
+++ b/retired/CVE-2008-0007
@@ -0,0 +1,23 @@
+Candidate: CVE-2008-0007
+Description: 
+ Linux kernel before 2.6.22.17, when using certain drivers that register
+ a fault handler that does not perform range checks, allows local users
+ to access kernel memory via an out-of-range offset.
+References: 
+Ubuntu-Description: 
+ It was discovered that some device driver fault handlers did not
+ correctly verify memory ranges.  A local attacker could exploit this
+ to access sensitive kernel memory, possibly leading to a loss of privacy.
+Notes: 
+Bugs: 
+upstream: released (2.6.24.1)
+linux-2.6: released (2.6.24-4)
+2.6.18-etch-security: released (2.6.18.dfsg.1-18etch2) [bugfix/mmap-VM_DONTEXPAND.patch]
+2.6.24-etchnhalf-security: released (2.6.24-4) [bugfix/all/stable/2.6.24.1.patch]
+2.6.8-sarge-security: released (2.6.8-17sarge1) [mmap-VM_DONTEXPAND.dpatch]
+2.4.27-sarge-security: released (2.4.27-10sarge6) [264_mmap-VM_DONTEXPAND.diff]
+2.6.15-dapper-security: released (2.6.15-52.67)
+2.6.17-edgy-security: ignored (EOL)
+2.6.20-feisty-security: released (2.6.20-17.36)
+2.6.22-gutsy-security: released (2.6.22-15.54)
+2.6.24-hardy-security: N/A