retire two issues

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@2456 e094ebfe-e918-0410-adfb-c712417f3574

1 files changed, 14 insertions, 0 deletions

diff --git a/retired/CVE-2010-2943 b/retired/CVE-2010-2943
new file mode 100644
index 00000000..cefea60d
--- /dev/null
+++ b/retired/CVE-2010-2943
@@ -0,0 +1,14 @@
+Candidate: CVE-2010-2943
+Description:
+ xfs leak due to filehandle conversion issue
+References:
+ http://www.openwall.com/lists/oss-security/2010/08/18/2
+Notes:
+ also need regression fix (not commited yet):
+ http://oss.sgi.com/archives/xfs/2010-08/msg00179.html
+Bugs:
+upstream: release (2.6.35) [7dce11db,7124fe0a,1920779e,7b6259e7]
+2.6.32-upstream-stable: released (2.6.32.30)
+sid: released (2.6.37-1) [bugfix/all/xfs-always-use-iget-in-bulkstat.patch, bugfix/all/xfs-validate-untrusted-inode-numbers-during-lookup.patch, bugfix/all/xfs-rename-XFS_IGET_BULKSTAT-to-XFS_IGET_UNTRUSTED.patch, bugfix/all/xfs-remove-block-number-from-inode-lookup-code.patch, bugfix/all/xfs-fix-untrusted-inode-number-lookup.patch]
+2.6.26-lenny-security: ignored "backport too complex/risky for little risk"
+2.6.32-squeeze-security: released (2.6.32-31) [bugfix/all/xfs-always-use-iget-in-bulkstat.patch, bugfix/all/xfs-validate-untrusted-inode-numbers-during-lookup.patch, bugfix/all/xfs-rename-XFS_IGET_BULKSTAT-to-XFS_IGET_UNTRUSTED.patch, bugfix/all/xfs-remove-block-number-from-inode-lookup-code.patch, bugfix/all/xfs-fix-untrusted-inode-number-lookup.patch]