retire

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@1927 e094ebfe-e918-0410-adfb-c712417f3574

2 files changed, 31 insertions, 0 deletions

diff --git a/retired/CVE-2009-4895 b/retired/CVE-2009-4895
new file mode 100644
index 00000000..44e53056
--- /dev/null
+++ b/retired/CVE-2009-4895
@@ -0,0 +1,14 @@
+Candidate: CVE-2009-4895
+Description:
+ tty null ptr dereference
+References:
+ http://bugzilla.kernel.org/show_bug.cgi?id=14605
+ http://xorl.wordpress.com/2009/11/30/linux-kernel-tty-null-pointer-dereference-race-condition/
+Notes:
+ supposedly fixed in redhat kernels (see bug report above)
+Bugs:
+upstream: released (2.6.33) [80e1e823989ec44d8e35bdfddadbddcffec90424] 
+2.6.32-upstream-stable: released (2.6.32.9)
+linux-2.6: released (2.6.32-9) [bugfix/all/stable/2.6.32.9.patch]
+2.6.26-lenny-security: released (2.6.26-24lenny1) [bugfix/all/fix-race-in-tty_fasync-properly.patch]
+2.6.32-squeeze-security: released (2.6.32-9) [bugfix/all/stable/2.6.32.9.patch]
diff --git a/retired/CVE-2010-2226 b/retired/CVE-2010-2226
new file mode 100644
index 00000000..a755cd02
--- /dev/null
+++ b/retired/CVE-2010-2226
@@ -0,0 +1,17 @@
+Candidate: CVE-2010-2226
+Description:
+References:
+ http://www.openwall.com/lists/oss-security/2010/06/17/1
+ https://bugzilla.redhat.com/show_bug.cgi?id=605158
+ http://archives.free.net.ph/message/20100616.130710.301704aa.en.html
+ http://archives.free.net.ph/message/20100616.135735.40f53a32.en.html
+Notes:
+ jmm> 1817176a86352f65210139d4c794ad2d19fc6b63
+Bugs:
+upstream: released (2.6.35-rc4)
+2.6.32-upstream-stable: released (2.6.32.18)
+linux-2.6: released (2.6.32-20)
+2.6.26-lenny-security: released (2.6.26-24lenny1) [bugfix/all/xfs-prevent-swapext-from-operating-on-write-only-files.patch]
+2.6.32-squeeze-security: released (2.6.32-20)
+
+