move retired to the top level hierarchy so people can easily checkout just the active issues

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@548 e094ebfe-e918-0410-adfb-c712417f3574

229 files changed, 6672 insertions, 0 deletions

diff --git a/retired/CVE-2002-0429 b/retired/CVE-2002-0429
new file mode 100644
index 00000000..6d6e59f5
--- /dev/null
+++ b/retired/CVE-2002-0429
@@ -0,0 +1,29 @@
+Candidate: CVE-2002-0429
+References: 
+ CONFIRM:http://linux.bkbits.net:8080/linux-2.4/cset@3dd4f4b1MbvSSVddY8E_Yx0bGPux8w?nav=index.html|src/|src/arch|src/arch/i386|src/arch/i386/kernel|related/arch/i386/kernel/entry.S
+ BUGTRAQ:20020308 linux <=2.4.18 x86 traps.c problem
+ CONFIRM:http://www.openwall.com/linux/
+ DEBIAN:DSA-311
+ DEBIAN:DSA-312
+ DEBIAN:DSA-332
+ DEBIAN:DSA-336
+ DEBIAN:DSA-442
+ REDHAT:RHSA-2002:158
+ BID:4259
+ XF:linux-ibcs-lcall-process(8420)
+Description: 
+ The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 and earlier on x86 systems allow local
+ users to kill arbitrary processes via a a binary compatibility interface (lcall).
+Notes: 
+Bugs: 
+upstream: released (2.4.20)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-6)
+2.4.17-woody-security: released (2.4.17-1woody1)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
+2.4.18-woody-security-hppa: released (62.4)
diff --git a/retired/CVE-2003-0001 b/retired/CVE-2003-0001
new file mode 100644
index 00000000..7cd7abbd
--- /dev/null
+++ b/retired/CVE-2003-0001
@@ -0,0 +1,38 @@
+Candidate: CVE-2003-0001
+References: 
+ ATSTAKE:A010603-1
+ URL:http://www.atstake.com/research/advisories/2003/a010603-1.txt
+ BUGTRAQ:20030110 More information regarding Etherleak
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104222046632243&w=2
+ VULNWATCH:20030110 More information regarding Etherleak
+ URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0016.html
+ MISC:http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf
+ CERT-VN:VU#412115
+ URL:http://www.kb.cert.org/vuls/id/412115
+ REDHAT:RHSA-2003:025
+ URL:http://www.redhat.com/support/errata/RHSA-2003-025.html
+ OVAL:OVAL2665
+ URL:http://oval.mitre.org/oval/definitions/data/oval2665.html
+Description: 
+ Multiple ethernet Network Interface Card (NIC) device drivers do not pad
+ frames with null bytes, which allows remote attackers to obtain information
+ from previous packets or kernel memory by using malformed packets, as
+ demonstrated by Etherleak.
+Notes: 
+ dannf> A number of drivers had to be fixed, but when looking to see where this
+ dannf> patch had been applied, I just tracked the de600.c file changes.  My
+ dannf> assumption is that all of the other drivers got fixed at the same time.
+ .
+ dannf> I've e-mailed the security team + mdz, asking for a patch
+Bugs: 
+upstream: released (2.4.21-pre4)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: needed
+2.4.18-woody-security: released (2.4.18-7)
+2.4.17-woody-security: released (2.4.17-1woody1)
+2.4.16-woody-security: needed
+2.4.17-woody-security-hppa: needed
+2.4.17-woody-security-ia64: needed
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2003-0018 b/retired/CVE-2003-0018
new file mode 100644
index 00000000..d89c0b09
--- /dev/null
+++ b/retired/CVE-2003-0018
@@ -0,0 +1,38 @@
+Candidate: CVE-2003-0018
+References: 
+ DEBIAN:DSA-358
+ DEBIAN:DSA-423
+ MANDRAKE:MDKSA-2003:014
+ REDHAT:RHSA-2003:025
+ BID:6763
+ XF:linux-odirect-information-leak(11249)
+Description: 
+ Linux kernel 2.4.10 through 2.4.21-pre4 does not properly handle the
+ O_DIRECT feature, which allows local attackers with write privileges to
+ read portions of previously deleted files, or cause file system
+ corruption.
+Notes: 
+ dannf> It looks like the fix that was used in woody is to diable
+ dannf> O_DIRECT.  Is this the upstream fix?
+ dannf> http://linux.bkbits.net:8080/linux-2.4/cset@3da0af3a87N78_-K9uAzGF_5cLsRkA?nav=index.html|tags|ChangeSet@..1.717.1.11
+ dannf> I've asked hch via e-mail
+ .
+ dannf> and here's his response:
+ .
+ The big O_DIRECT issues we had a while ago involved redoing large parts of
+ the locking so it's definitily not the patch above.  It was fixed in 2.4.2x
+ for x = 2 or 3 IIRC.  The 2.5.27 kernels in sarge ff are definitly okay.
+ .
+ dannf> Therefore, I'm marking >= sarge kernels N/A
+Bugs: 
+upstream: 
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-10)
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.14.1)
+2.4.18-woody-security-hppa: released (62.4)
diff --git a/retired/CVE-2003-0127 b/retired/CVE-2003-0127
new file mode 100644
index 00000000..b1b4b1cd
--- /dev/null
+++ b/retired/CVE-2003-0127
@@ -0,0 +1,62 @@
+Candidate: CVE-2003-0127
+References: 
+ VULNWATCH:20030317 Fwd: Ptrace hole / Linux 2.2.25
+ URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0134.html
+ REDHAT:RHSA-2003:098
+ URL:http://rhn.redhat.com/errata/RHSA-2003-098.html
+ REDHAT:RHSA-2003:088
+ URL:http://rhn.redhat.com/errata/RHSA-2003-088.html
+ SUSE:SuSE-SA:2003:021
+ ENGARDE:ESA-20030318-009
+ DEBIAN:DSA-270
+ URL:http://www.debian.org/security/2003/dsa-270
+ DEBIAN:DSA-276
+ URL:http://www.debian.org/security/2003/dsa-276
+ DEBIAN:DSA-311
+ URL:http://www.debian.org/security/2003/dsa-311
+ DEBIAN:DSA-312
+ URL:http://www.debian.org/security/2003/dsa-312
+ DEBIAN:DSA-332
+ URL:http://www.debian.org/security/2003/dsa-332
+ DEBIAN:DSA-336
+ URL:http://www.debian.org/security/2003/dsa-336
+ DEBIAN:DSA-423
+ URL:http://www.debian.org/security/2004/dsa-423
+ DEBIAN:DSA-495
+ URL:http://www.debian.org/security/2004/dsa-495
+ MANDRAKE:MDKSA-2003:038
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:038
+ MANDRAKE:MDKSA-2003:039
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:039
+ CALDERA:CSSA-2003-020.0
+ URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-020.0.txt
+ ENGARDE:ESA-20030515-017
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105301461726555&w=2
+ REDHAT:RHSA-2003:145
+ URL:http://www.redhat.com/support/errata/RHSA-2003-145.html
+ GENTOO:GLSA-200303-17
+ URL:http://security.gentoo.org/glsa/glsa-200303-17.xml
+ CERT-VN:VU#628849
+ URL:http://www.kb.cert.org/vuls/id/628849
+ OVAL:OVAL254
+ URL:http://oval.mitre.org/oval/definitions/data/oval254.html
+Description: 
+ The kernel module loader in Linux kernel 2.2.x before 2.2.25, and
+ 2.4.x before 2.4.21, allows local users to gain root privileges by
+ using ptrace to attach to a child process that is spawned by the
+ kernel.
+Notes: 
+ Changeset comments say "Linux 2.5 is not believed to be vulnerable.",
+ so marking this issue as N/A for 2.6.
+Bugs: 
+upstream: released (2.4.21-pre6)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: released (2.4.19-4.woody2)
+2.4.18-woody-security: released (2.4.18-7)
+2.4.17-woody-security: released (2.4.17-1woody1)
+2.4.16-woody-security: released (2.4.16-1woody2)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.14.1)
+2.4.18-woody-security-hppa: released (62.4)
diff --git a/retired/CVE-2003-0187 b/retired/CVE-2003-0187
new file mode 100644
index 00000000..44f10428
--- /dev/null
+++ b/retired/CVE-2003-0187
@@ -0,0 +1,25 @@
+Candidate: CVE-2003-0187
+References: 
+ http://marc.theaimsgroup.com/?l=bugtraq&m=105986028426824&w=2
+ http://oval.mitre.org/oval/definitions/data/oval260.html
+Description: 
+ The connection tracking core of Netfilter for Linux 2.4.20, with
+ CONFIG_IP_NF_CONNTRACK enabled or the ip_conntrack module loaded, allows remote
+ attackers to cause a denial of service (resource consumption) due to an
+ inconsistency with Linux 2.4.20's support of linked lists, which causes
+ Netfilter to fail to identify connections with an UNCONFIRMED status and
+ use large timeouts.
+Notes: 
+ This was fixed before 2.6.0:
+  http://linux.bkbits.net:8080/linux-2.6/cset@3e631f9evO15b8EcYa8btEi07F2mYQ?nav=index.html|src/|src/include|src/include/linux|src/include/linux/netfilter_ipv4|related/include/linux/netfilter_ipv4/ip_conntrack.h
+Bugs: 
+upstream: released (2.4.21)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
diff --git a/retired/CVE-2003-0244 b/retired/CVE-2003-0244
new file mode 100644
index 00000000..50f54848
--- /dev/null
+++ b/retired/CVE-2003-0244
@@ -0,0 +1,50 @@
+Candidate: CVE-2003-0244
+References: 
+ VULNWATCH:20030517 Algorithmic Complexity Attacks and the Linux Networking Code
+ URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0073.html
+ MISC:http://www.enyo.de/fw/security/notes/linux-dst-cache-dos.html
+ MISC:http://marc.theaimsgroup.com/?l=linux-kernel&m=104956079213417
+ REDHAT:RHSA-2003:145
+ URL:http://www.redhat.com/support/errata/RHSA-2003-145.html
+ REDHAT:RHSA-2003:147
+ URL:http://www.redhat.com/support/errata/RHSA-2003-147.html
+ REDHAT:RHSA-2003:172
+ URL:http://www.redhat.com/support/errata/RHSA-2003-172.html
+ ENGARDE:ESA-20030515-017
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105301461726555&w=2
+ DEBIAN:DSA-311
+ URL:http://www.debian.org/security/2003/dsa-311
+ DEBIAN:DSA-312
+ URL:http://www.debian.org/security/2003/dsa-312
+ DEBIAN:DSA-332
+ URL:http://www.debian.org/security/2003/dsa-332
+ DEBIAN:DSA-336
+ URL:http://www.debian.org/security/2003/dsa-336
+ DEBIAN:DSA-442
+ URL:http://www.debian.org/security/2004/dsa-442
+ MANDRAKE:MDKSA-2003:066
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:066
+ MANDRAKE:MDKSA-2003:074
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:074
+ BUGTRAQ:20030618 [slackware-security] 2.4.21 kernels available (SSA:2003-168-01)
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105595901923063&w=2
+ OVAL:OVAL261
+ URL:http://oval.mitre.org/oval/definitions/data/oval261.html
+Description: 
+ The route cache implementation in Linux 2.4, and the Netfilter IP conntrack
+ module, allows remote attackers to cause a denial of service (CPU consumption)
+ via packets with forged source addresses that cause a large number of hash
+ table collisions.
+Notes: 
+Bugs: 
+upstream: released (2.4.21-rc2)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: released
+2.4.18-woody-security: released (2.4.18-8)
+2.4.17-woody-security: released (2.4.17-1woody1)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.14.1)
+2.4.18-woody-security-hppa: released (62.4)
diff --git a/retired/CVE-2003-0246 b/retired/CVE-2003-0246
new file mode 100644
index 00000000..6ad4dddd
--- /dev/null
+++ b/retired/CVE-2003-0246
@@ -0,0 +1,50 @@
+Candidate: CVE-2003-0246
+References: 
+ REDHAT:RHSA-2003:172
+ URL:http://www.redhat.com/support/errata/RHSA-2003-172.html
+ REDHAT:RHSA-2003:147
+ URL:http://www.redhat.com/support/errata/RHSA-2003-147.html
+ ENGARDE:ESA-20030515-017
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105301461726555&w=2
+ DEBIAN:DSA-311
+ URL:http://www.debian.org/security/2003/dsa-311
+ DEBIAN:DSA-312
+ URL:http://www.debian.org/security/2003/dsa-312
+ DEBIAN:DSA-332
+ URL:http://www.debian.org/security/2003/dsa-332
+ DEBIAN:DSA-336
+ URL:http://www.debian.org/security/2003/dsa-336
+ DEBIAN:DSA-442
+ URL:http://www.debian.org/security/2004/dsa-442
+ MANDRAKE:MDKSA-2003:066
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:066
+ MANDRAKE:MDKSA-2003:074
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:074
+ TURBO:TLSA-2003-41
+ URL:http://www.turbolinux.com/security/TLSA-2003-41.txt
+ VULNWATCH:20030520 Linux 2.4 kernel ioperm vuln
+ URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0076.html
+ OVAL:OVAL278
+ URL:http://oval.mitre.org/oval/definitions/data/oval278.html
+Description: 
+ The ioperm system call in Linux kernel 2.4.20 and earlier does not properly
+ restrict privileges, which allows local users to gain read or write access to
+ certain I/O ports.
+Notes: 
+ It looks like the patch originally included in woody was just a one line
+ change; whereas there were two larger patches that went upstream.  I'm
+ moving our trees forward to the upstream one.
+ .
+ Patch is x86 only.
+Bugs: 
+upstream: released (2.4.21-rc4)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: pending (2.4.18-14.5)
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: released (011226.14.1)
+2.4.18-woody-security-hppa: N/A
diff --git a/retired/CVE-2003-0247 b/retired/CVE-2003-0247
new file mode 100644
index 00000000..45159ec0
--- /dev/null
+++ b/retired/CVE-2003-0247
@@ -0,0 +1,42 @@
+Candidate: CVE-2003-0247
+References: 
+ REDHAT:RHSA-2003:187
+ URL:http://www.redhat.com/support/errata/RHSA-2003-187.html
+ REDHAT:RHSA-2003:195
+ URL:http://www.redhat.com/support/errata/RHSA-2003-195.html
+ REDHAT:RHSA-2003:198
+ URL:http://www.redhat.com/support/errata/RHSA-2003-198.html
+ DEBIAN:DSA-311
+ URL:http://www.debian.org/security/2003/dsa-311
+ DEBIAN:DSA-312
+ URL:http://www.debian.org/security/2003/dsa-312
+ DEBIAN:DSA-332
+ URL:http://www.debian.org/security/2003/dsa-332
+ DEBIAN:DSA-336
+ URL:http://www.debian.org/security/2003/dsa-336
+ DEBIAN:DSA-442
+ URL:http://www.debian.org/security/2004/dsa-442
+ MANDRAKE:MDKSA-2003:066
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:066
+ MANDRAKE:MDKSA-2003:074
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:074
+ TURBO:TLSA-2003-41
+ URL:http://www.turbolinux.com/security/TLSA-2003-41.txt
+ OVAL:OVAL284
+ URL:http://oval.mitre.org/oval/definitions/data/oval284.html
+Description: 
+ Unknown vulnerability in the TTY layer of the Linux kernel 2.4 allows
+ attackers to cause a denial of service ("kernel oops").
+Notes: 
+Bugs: 
+upstream: released (2.4.21-rc3)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-9)
+2.4.17-woody-security: released (2.4.17-1woody1)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.14.1)
+2.4.18-woody-security-hppa: released (62.4)
diff --git a/retired/CVE-2003-0248 b/retired/CVE-2003-0248
new file mode 100644
index 00000000..9ce634f6
--- /dev/null
+++ b/retired/CVE-2003-0248
@@ -0,0 +1,42 @@
+Candidate: CVE-2003-0248
+References: 
+ REDHAT:RHSA-2003:187
+ URL:http://www.redhat.com/support/errata/RHSA-2003-187.html
+ REDHAT:RHSA-2003:195
+ URL:http://www.redhat.com/support/errata/RHSA-2003-195.html
+ DEBIAN:DSA-311
+ URL:http://www.debian.org/security/2003/dsa-311
+ DEBIAN:DSA-312
+ URL:http://www.debian.org/security/2003/dsa-312
+ DEBIAN:DSA-332
+ URL:http://www.debian.org/security/2003/dsa-332
+ DEBIAN:DSA-336
+ URL:http://www.debian.org/security/2003/dsa-336
+ DEBIAN:DSA-442
+ URL:http://www.debian.org/security/2004/dsa-442
+ MANDRAKE:MDKSA-2003:066
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:066
+ MANDRAKE:MDKSA-2003:074
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:074
+ TURBO:TLSA-2003-41
+ URL:http://www.turbolinux.com/security/TLSA-2003-41.txt
+ OVAL:OVAL292
+ URL:http://oval.mitre.org/oval/definitions/data/oval292.html
+Description: 
+ The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU state
+ registers via a malformed address.
+Notes: 
+ dannf> I think this is the patch:
+ dannf> http://linux.bkbits.net:8080/linux-2.4/cset@3f293760h0HL1XxaPHNYxPXmpO1k8g?nav=index.html|src/|src/arch|src/arch/i386|src/arch/i386/kernel|related/arch/i386/kernel/i387.c
+Bugs: 
+upstream: released (2.4.22-pre10)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-9)
+2.4.17-woody-security: released (2.4.17-1woody1)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: released (011226.14.1)
+2.4.18-woody-security-hppa: N/A
diff --git a/retired/CVE-2003-0364 b/retired/CVE-2003-0364
new file mode 100644
index 00000000..1cc1ba9b
--- /dev/null
+++ b/retired/CVE-2003-0364
@@ -0,0 +1,40 @@
+Candidate: CVE-2003-0364
+References: 
+ REDHAT:RHSA-2003:187
+ URL:http://www.redhat.com/support/errata/RHSA-2003-187.html
+ REDHAT:RHSA-2003:195
+ URL:http://www.redhat.com/support/errata/RHSA-2003-195.html
+ REDHAT:RHSA-2003:198
+ URL:http://www.redhat.com/support/errata/RHSA-2003-198.html
+ DEBIAN:DSA-311
+ URL:http://www.debian.org/security/2003/dsa-311
+ DEBIAN:DSA-312
+ URL:http://www.debian.org/security/2003/dsa-312
+ DEBIAN:DSA-332
+ URL:http://www.debian.org/security/2003/dsa-332
+ DEBIAN:DSA-336
+ URL:http://www.debian.org/security/2003/dsa-336
+ DEBIAN:DSA-442
+ URL:http://www.debian.org/security/2004/dsa-442
+ TURBO:TLSA-2003-41
+ URL:http://www.turbolinux.com/security/TLSA-2003-41.txt
+ OVAL:OVAL295
+ URL:http://oval.mitre.org/oval/definitions/data/oval295.html
+Description: 
+ The TCP/IP fragment reassembly handling in the Linux kernel 2.4 allows remote
+ attackers to cause a denial of service (CPU consumption) via certain packets that
+ cause a large number of hash table collisions.
+Notes: 
+Bugs: 
+upstream: released (2.4.21-rc7)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.2.20-woody-security: released (2.2.20-5woody2)
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-9)
+2.4.17-woody-security: released (2.4.17-1woody1)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.14.1)
+2.4.18-woody-security-hppa: released (62.4)
diff --git a/retired/CVE-2003-0418 b/retired/CVE-2003-0418
new file mode 100644
index 00000000..f20986e7
--- /dev/null
+++ b/retired/CVE-2003-0418
@@ -0,0 +1,21 @@
+Candidate: CVE-2003-0418
+References: 
+ http://marc.theaimsgroup.com/?l=bugtraq&m=105519179005065&w=2
+ http://www.cartel-securite.fr/pbiondi/adv/CARTSA-20030314-icmpleak.txt
+ http://www.kb.cert.org/vuls/id/471084
+Description: 
+ The Linux 2.0 kernel IP stack does not properly calculate the size of an ICMP
+ citation, which causes it to include portions of unauthorized memory in ICMP
+ error responses.
+Notes: 
+Bugs: 
+upstream: 
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
diff --git a/retired/CVE-2003-0461 b/retired/CVE-2003-0461
new file mode 100644
index 00000000..c947ee68
--- /dev/null
+++ b/retired/CVE-2003-0461
@@ -0,0 +1,36 @@
+Candidate: CVE-2003-0461
+References: 
+ MISC:http://rsbac.dyndns.org/pipermail/rsbac/2002-May/000162.html
+ REDHAT:RHSA-2003:238
+ URL:http://www.redhat.com/support/errata/RHSA-2003-238.html
+ REDHAT:RHSA-2004:188
+ URL:http://www.redhat.com/support/errata/RHSA-2004-188.html
+ DEBIAN:DSA-358
+ URL:http://www.debian.org/security/2004/dsa-358
+ DEBIAN:DSA-423
+ URL:http://www.debian.org/security/2004/dsa-423
+ OVAL:OVAL304
+ URL:http://oval.mitre.org/oval/definitions/data/oval304.html
+ OVAL:OVAL997
+ URL:http://oval.mitre.org/oval/definitions/data/oval997.html
+ Description: 
+ /proc/tty/driver/serial in Linux 2.4.x reveals the exact number
+ of characters used in serial links, which could allow local users
+ to obtain potentially sensitive information such as the length of
+ passwords.
+Notes: 
+ dannf> Here's the patches I used:
+ http://linux.bkbits.net:8080/linux-2.4/cset@41a6020dX1GoVx_Eydy1jUOqc11tpw?nav=index.html|src/|src/fs|src/fs/proc|related/fs/proc/proc_tty.c
+ http://linux.bkbits.net:8080/linux-2.4/cset@41aca810DvutJ8aEj43OuUqJ4e1EIw?nav=index.html|src/|src/include|src/include/linux|related/include/linux/proc_fs.h
+Bugs: 
+upstream: released (2.4.29-pre2, 2.6.1)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: released (2.4.27-1) [025_proc_tty_security.diff]
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-10)
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.14.1)
+2.4.18-woody-security-hppa: released (62.4)
diff --git a/retired/CVE-2003-0462 b/retired/CVE-2003-0462
new file mode 100644
index 00000000..b5d9c8b4
--- /dev/null
+++ b/retired/CVE-2003-0462
@@ -0,0 +1,47 @@
+Candidate: CVE-2003-0462
+References: 
+ REDHAT:RHSA-2003:198
+ URL:http://www.redhat.com/support/errata/RHSA-2003-198.html
+ REDHAT:RHSA-2003:238
+ URL:http://www.redhat.com/support/errata/RHSA-2003-238.html
+ DEBIAN:DSA-358
+ URL:http://www.debian.org/security/2004/dsa-358
+ DEBIAN:DSA-423
+ URL:http://www.debian.org/security/2004/dsa-423
+ OVAL:OVAL309
+ URL:http://oval.mitre.org/oval/definitions/data/oval309.html
+Description: 
+ A race condition in the way env_start and env_end pointers are
+ initialized in the execve system call and used in fs/proc/base.c
+ on Linux 2.4 allows local users to cause a denial of service
+ (crash).
+Notes: 
+ The fix for 2.4 went into a larger patch:
+  http://linux.bkbits.net:8080/linux-2.4/cset@41c68e9bogrpceA9rUJa-xHwBd-P6g?nav=index.html|src/|src/fs|src/fs/proc|related/fs/proc/base.c
+ However, the patch for 2.6 is much simpler:
+  http://linux.bkbits.net:8080/linux-2.6/cset@3ff1101fZfOZMtqtcvKc_s-agJpLrQ?nav=index.html|src/|src/fs|src/fs/proc|related/fs/proc/base.c
+ Unfortunately, it doesn't apply cleanly to 2.4.  It looks like
+ the fix included in 2.4.18-10 just re-typed len in
+ proc_pid_environ; while in 2.6 len was also retyped in
+ proc_pid_cmdline.  Only the former deals with evn_end/env_start
+ pointers and the latter doesn't apply cleanly to 2.4, so I'm
+ just making the proc_pid_environ change.
+ .
+ hrm.. maybe there was an earlier patch to 2.4; the above 2.4
+ patch didn't go in till 2.4.29, yet it looks like this was
+ already fixed in our 2.4.27 .orig.tar.gz
+ .
+ jmm> I assume this was fixed upstream in 2.4.22-pre10?
+ jmm> o Fix /proc/self security issue
+Bugs: 
+upstream: released (2.6.1), released (2.4.22-pre10)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-10)
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.14.1)
+2.4.18-woody-security-hppa: released (62.4)
diff --git a/retired/CVE-2003-0464 b/retired/CVE-2003-0464
new file mode 100644
index 00000000..6fe42cf6
--- /dev/null
+++ b/retired/CVE-2003-0464
@@ -0,0 +1,27 @@
+Candidate: CVE-2003-0464
+References: 
+ http://www.redhat.com/support/errata/RHSA-2003-238.html
+ http://oval.mitre.org/oval/definitions/data/oval311.html
+Description: 
+ The RPC code in Linux kernel 2.4 sets the reuse flag when sockets are created,
+ which could allow local users to bind to UDP ports that are used by privileged
+ services such as nfsd.
+Notes: 
+ I couldn't locate the patches RedHat & SuSE used, but Connectiva apparently
+ just #if 0'd out the sock->sk->reuse = 1; line in svcsock.c:svc_create_socket.
+ Upstream didn't disable it altogether; just for UDP
+  http://linux.bkbits.net:8080/linux-2.4/cset@3f1bdcc9r8An_GKkjlXeHBYDYOY11A?nav=index.html|src/|src/net|src/net/sunrpc|related/net/sunrpc/svcsock.c
+ I'm guessing this is a UDP-only problem, so that is probably the fix we want.
+ .
+ This fix was in before 2.6.0.
+Bugs: 
+upstream: released (2.4.22-pre8)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
diff --git a/retired/CVE-2003-0465 b/retired/CVE-2003-0465
new file mode 100644
index 00000000..8ef0a954
--- /dev/null
+++ b/retired/CVE-2003-0465
@@ -0,0 +1,34 @@
+Candidate: CVE-2003-0465
+References: 
+ CONFIRM:http://marc.theaimsgroup.com/?l=linux-kernel&m=105796021120436&w=2
+ CONFIRM:http://marc.theaimsgroup.com/?l=linux-kernel&m=105796415223490&w=2
+ REDHAT:RHSA-2004:188
+ URL:http://www.redhat.com/support/errata/RHSA-2004-188.html
+Description: 
+ The kernel strncpy function in Linux 2.4 and 2.5 does not %NUL pad
+ the buffer on architectures other than x86, as opposed to the expected
+ behavior of strncpy as implemented in libc, which could lead to
+ information leaks.
+Notes: 
+ 2.4.27-8 fixes s390x, ppc64 and s390 but leaves mips & alpha unfixed.
+ .
+ horms> N.B. This bug appears to be minor at best
+ horms> http://marc.theaimsgroup.com/?l=linux-kernel&m=105796021120436&w=2
+ .
+ dannf> Since this is minor, I'm gonna consider the existing patch "good enough"
+ dannf> and mark the 2.4 issues as complete.
+ jmm> Alan Cox wrote in above URL that these will be addressed during the 2.5
+ jmm> cycle, so I guess it's pretty safe to make all the 2.6 kernels as fixed
+ jmm> The ramifications are minor anyway
+Bugs: 
+upstream: 
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: released (2.4.27-8)
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: needed
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
+2.4.18-woody-security-hppa: N/A
diff --git a/retired/CVE-2003-0467 b/retired/CVE-2003-0467
new file mode 100644
index 00000000..b51f352f
--- /dev/null
+++ b/retired/CVE-2003-0467
@@ -0,0 +1,25 @@
+Candidate: CVE-2003-0467
+References: 
+ http://marc.theaimsgroup.com/?l=bugtraq&m=105985703724758&w=2
+Description: 
+ Unknown vulnerability in ip_nat_sack_adjust of Netfilter in Linux kernels
+ 2.4.20, and some 2.5.x, when CONFIG_IP_NF_NAT_FTP or CONFIG_IP_NF_NAT_IRC is
+ enabled, or the ip_nat_ftp or ip_nat_irc modules are loaded, allows remote
+ attackers to cause a denial of service (crash) in systems using NAT, possibly
+ due to an integer signedness error.
+Notes: 
+ http://linux.bkbits.net:8080/linux-2.4/cset@3ea42919d7UMn5WVhEYYcN5hnvM6fA?nav=index.html|src/|src/net|src/net/ipv4|src/net/ipv4/netfilter|related/net/ipv4/netfilter/ip_nat_helper.c
+ .
+ Looks like this was fixed before 2.6.0:
+  http://linux.bkbits.net:8080/linux-2.6/cset@3eb76c8aWimEpZAEU5Xbu-LPK-NxeA?nav=index.html|src/|src/net|src/net/ipv4|src/net/ipv4/netfilter|related/net/ipv4/netfilter/ip_nat_helper.c
+Bugs: 
+upstream: released (2.4.21-rc1)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
diff --git a/retired/CVE-2003-0476 b/retired/CVE-2003-0476
new file mode 100644
index 00000000..03d471c1
--- /dev/null
+++ b/retired/CVE-2003-0476
@@ -0,0 +1,37 @@
+Candidate: CVE-2003-0476
+References: 
+ BUGTRAQ:20030626 Linux 2.4.x execve() file read race vulnerability
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105664924024009&w=2
+ MANDRAKE:MDKSA-2003:074
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:074
+ REDHAT:RHSA-2003:238
+ URL:http://www.redhat.com/support/errata/RHSA-2003-238.html
+ REDHAT:RHSA-2003:368
+ URL:http://www.redhat.com/support/errata/RHSA-2003-368.html
+ REDHAT:RHSA-2003:408
+ URL:http://www.redhat.com/support/errata/RHSA-2003-408.html
+ SUSE:SuSE-SA:2003:034
+ DEBIAN:DSA-358
+ URL:http://www.debian.org/security/2004/dsa-358
+ DEBIAN:DSA-423
+ URL:http://www.debian.org/security/2004/dsa-423
+ OVAL:OVAL327
+ URL:http://oval.mitre.org/oval/definitions/data/oval327.html
+Description: 
+ The execve system call in Linux 2.4.x records the file
+ descriptor of the executable process in the file table of the
+ calling process, which allows local users to gain read access to
+ restricted file descriptors.
+Notes: 
+Bugs: 
+upstream: released (2.4.22-pre4, 2.6.1)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-10)
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.14.1)
+2.4.18-woody-security-hppa: released (62.4)
diff --git a/retired/CVE-2003-0501 b/retired/CVE-2003-0501
new file mode 100644
index 00000000..abd9ec50
--- /dev/null
+++ b/retired/CVE-2003-0501
@@ -0,0 +1,33 @@
+Candidate: CVE-2003-0501
+References: 
+ BUGTRAQ:20030620 Linux /proc sensitive information disclosure
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105621758104242
+ REDHAT:RHSA-2003:198
+ URL:http://www.redhat.com/support/errata/RHSA-2003-198.html
+ REDHAT:RHSA-2003:238
+ URL:http://www.redhat.com/support/errata/RHSA-2003-238.html
+ SUSE:SuSE-SA:2003:034
+ DEBIAN:DSA-358
+ URL:http://www.debian.org/security/2004/dsa-358
+ DEBIAN:DSA-423
+ URL:http://www.debian.org/security/2004/dsa-423
+ OVAL:OVAL328
+ URL:http://oval.mitre.org/oval/definitions/data/oval328.html
+Description: 
+ The /proc filesystem in Linux allows local users to obtain
+ sensitive information by opening various entries in /proc/self
+ before executing a setuid program, which causes the program to
+ fail to change the ownership and permissions of those entries.
+Notes: 
+Bugs: 
+upstream: released (2.4.22-pre10)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-10)
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.14.1)
+2.4.18-woody-security-hppa: released (62.4)
diff --git a/retired/CVE-2003-0550 b/retired/CVE-2003-0550
new file mode 100644
index 00000000..ab06812f
--- /dev/null
+++ b/retired/CVE-2003-0550
@@ -0,0 +1,26 @@
+Candidate: CVE-2003-0550
+References: 
+ REDHAT:RHSA-2003:238
+ URL:http://www.redhat.com/support/errata/RHSA-2003-238.html
+ DEBIAN:DSA-358
+ URL:http://www.debian.org/security/2004/dsa-358
+ DEBIAN:DSA-423
+ URL:http://www.debian.org/security/2004/dsa-423
+ OVAL:OVAL380
+ URL:http://oval.mitre.org/oval/definitions/data/oval380.html
+Description: 
+ The STP protocol, as enabled in Linux 2.4.x, does not provide sufficient
+ security by design, which allows attackers to modify the bridge topology.
+Notes: 
+Bugs: 
+upstream: released (2.4.22-pre3)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-10)
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.14.1)
+2.4.18-woody-security-hppa: released (62.4)
diff --git a/retired/CVE-2003-0551 b/retired/CVE-2003-0551
new file mode 100644
index 00000000..7e5161bc
--- /dev/null
+++ b/retired/CVE-2003-0551
@@ -0,0 +1,28 @@
+Candidate: CVE-2003-0551
+References: 
+ REDHAT:RHSA-2003:198
+ URL:http://www.redhat.com/support/errata/RHSA-2003-198.html
+ REDHAT:RHSA-2003:238
+ URL:http://www.redhat.com/support/errata/RHSA-2003-238.html
+ DEBIAN:DSA-358
+ URL:http://www.debian.org/security/2004/dsa-358
+ DEBIAN:DSA-423
+ URL:http://www.debian.org/security/2004/dsa-423
+ OVAL:OVAL384
+ URL:http://oval.mitre.org/oval/definitions/data/oval384.html
+Description: 
+ The STP protocol implementation in Linux 2.4.x does not properly verify
+ certain lengths, which could allow attackers to cause a denial of service.
+Notes: 
+Bugs: 
+upstream: released (2.4.22-pre3)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-10)
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.14.1)
+2.4.18-woody-security-hppa: released (62.4)
diff --git a/retired/CVE-2003-0552 b/retired/CVE-2003-0552
new file mode 100644
index 00000000..c3f39485
--- /dev/null
+++ b/retired/CVE-2003-0552
@@ -0,0 +1,28 @@
+Candidate: CVE-2003-0552
+References: 
+ REDHAT:RHSA-2003:198
+ URL:http://www.redhat.com/support/errata/RHSA-2003-198.html
+ REDHAT:RHSA-2003:238
+ URL:http://www.redhat.com/support/errata/RHSA-2003-238.html
+ DEBIAN:DSA-358
+ URL:http://www.debian.org/security/2004/dsa-358
+ DEBIAN:DSA-423
+ URL:http://www.debian.org/security/2004/dsa-423
+ OVAL:OVAL385
+ URL:http://oval.mitre.org/oval/definitions/data/oval385.html
+Description: 
+ Linux 2.4.x allows remote attackers to spoof the bridge Forwarding table
+ via forged packets whose source addresses are the same as the target.
+Notes: 
+Bugs: 
+upstream: released (2.4.22-pre3)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-10)
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.14.1)
+2.4.18-woody-security-hppa: released (62.4)
diff --git a/retired/CVE-2003-0643 b/retired/CVE-2003-0643
new file mode 100644
index 00000000..64a7d8b1
--- /dev/null
+++ b/retired/CVE-2003-0643
@@ -0,0 +1,25 @@
+Candidate: CVE-2003-0643
+References: 
+ http://www.ultramonkey.org/bugs/cve/CAN-2003-0643.shtml
+ http://www.ultramonkey.org/bugs/cve-patch/CAN-2003-0643.patch
+ http://gentoo.kems.net/gentoo-x86-portage/sys-kernel/gentoo-sources/ChangeLog
+ http://mirror.clarkson.edu/pub/distributions/gentoo-portage/sys-kernel/wolk-sources/ChangeLog
+ http://ftp.belnet.be/linux/gentoo-portage/sys-kernel/gentoo-sources/files/gentoo-sources-2.4.CAN-2003-0643.patch
+Description:
+ Integer signedness error in the Linux Socket Filter implementation (filter.c)
+ in Linux 2.4.3-pre3 to 2.4.22-pre10 allows attackers to cause a denial of
+ service (crash).
+Notes: 
+ Fixed before 2.6.0:
+  http://linux.bkbits.net:8080/linux-2.4/cset@3f216072qjoeL8BVUjH-swPkd1CRgA?nav=index.html|src/|src/net|src/net/core|related/net/core/filter.c
+Bugs: 
+upstream: released (2.4.22-pre10)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
diff --git a/retired/CVE-2003-0699 b/retired/CVE-2003-0699
new file mode 100644
index 00000000..615d0588
--- /dev/null
+++ b/retired/CVE-2003-0699
@@ -0,0 +1,24 @@
+Candidate: CVE-2003-0699
+References: 
+ http://www.redhat.com/support/errata/RHSA-2003-198.html
+ http://www.redhat.com/support/errata/RHSA-2003-238.html
+ http://oval.mitre.org/oval/definitions/data/oval387.html
+Description: 
+ The C-Media PCI sound driver in Linux before 2.4.21 does not use the get_user
+ function to access userspace, which crosses security boundaries and may
+ facilitate the exploitation of vulnerabilities, a different vulnerability than
+ CVE-2003-0700.
+Notes: 
+ Fixed before 2.6.0.  2.4 patch:
+   http://linux.bkbits.net:8080/linux-2.4/cset@3eb6f77bdzIdwwIbhYPVK6Cu16OhBQ?nav=index.html|src/|src/drivers|src/drivers/sound|related/drivers/sound/cmpci.c
+Bugs: 
+upstream: released (2.4.21-rc2)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
diff --git a/retired/CVE-2003-0700 b/retired/CVE-2003-0700
new file mode 100644
index 00000000..9e0299e5
--- /dev/null
+++ b/retired/CVE-2003-0700
@@ -0,0 +1,24 @@
+Candidate: CVE-2003-0700
+References: 
+ http://www.redhat.com/support/errata/RHSA-2003-238.html
+ http://www.redhat.com/support/errata/RHSA-2004-044.html
+ http://oval.mitre.org/oval/definitions/data/oval401.html
+Description: 
+ The C-Media PCI sound driver in Linux before 2.4.22 does not use the get_user
+ function to access userspace in certain conditions, which crosses security
+ boundaries and may facilitate the exploitation of vulnerabilities, a different
+ vulnerability than CVE-2003-0699.
+Notes: 
+ Fixed before 2.6.0.  2.4 patch:
+   http://linux.bkbits.net:8080/linux-2.4/cset@3f0350ec7Wnpix3ihDCUMMnS-czskg?nav=index.html|src/|src/drivers|src/drivers/sound|related/drivers/sound/cmpci.c
+Bugs: 
+upstream: released (2.4.22-pre3)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
diff --git a/retired/CVE-2003-0961 b/retired/CVE-2003-0961
new file mode 100644
index 00000000..6db82f64
--- /dev/null
+++ b/retired/CVE-2003-0961
@@ -0,0 +1,67 @@
+Candidate: CVE-2003-0961
+References: 
+ BUGTRAQ:20031204 [iSEC] Linux kernel do_brk() vulnerability details
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107064798706473&w=2
+ MISC:http://isec.pl/papers/linux_kernel_do_brk.pdf
+ REDHAT:RHSA-2003:368
+ URL:http://www.redhat.com/support/errata/RHSA-2003-368.html
+ REDHAT:RHSA-2003:389
+ URL:http://www.redhat.com/support/errata/RHSA-2003-389.html
+ DEBIAN:DSA-403
+ URL:http://www.debian.org/security/2003/dsa-403
+ DEBIAN:DSA-417
+ URL:http://www.debian.org/security/2004/dsa-417
+ DEBIAN:DSA-423
+ URL:http://www.debian.org/security/2004/dsa-423
+ DEBIAN:DSA-433
+ URL:http://www.debian.org/security/2004/dsa-433
+ DEBIAN:DSA-439
+ URL:http://www.debian.org/security/2004/dsa-439
+ DEBIAN:DSA-440
+ URL:http://www.debian.org/security/2004/dsa-440
+ DEBIAN:DSA-442
+ URL:http://www.debian.org/security/2004/dsa-442
+ DEBIAN:DSA-450
+ URL:http://www.debian.org/security/2004/dsa-450
+ DEBIAN:DSA-470
+ URL:http://www.debian.org/security/2004/dsa-470
+ DEBIAN:DSA-475
+ URL:http://www.debian.org/security/2004/dsa-475
+ MANDRAKE:MDKSA-2003:110
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:110
+ CONECTIVA:CLA-2003:796
+ URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000796
+ SUSE:SuSE-SA:2003:049
+ URL:http://www.novell.com/linux/security/advisories/2003_049_kernel.html
+ BUGTRAQ:20031204 Hot fix for do_brk bug
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107064830206816&w=2
+ BUGTRAQ:20040112 SmoothWall Project Security Advisory SWP-2004:001
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107394143105081&w=2
+ CERT-VN:VU#301156
+ URL:http://www.kb.cert.org/vuls/id/301156
+ SECUNIA:10328
+ URL:http://secunia.com/advisories/10328
+ SECUNIA:10329
+ URL:http://secunia.com/advisories/10329
+ SECUNIA:10330
+ URL:http://secunia.com/advisories/10330
+ SECUNIA:10333
+ URL:http://secunia.com/advisories/10333
+ SECUNIA:10338
+ URL:http://secunia.com/advisories/10338
+Description: 
+ Integer overflow in the do_brk function for the brk system call in Linux
+ kernel 2.4.22 and earlier allows local users to gain root privileges.
+Notes: 
+Bugs: 
+upstream: released (2.4.23-pre7)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: released (2.4.19-4.woody1)
+2.4.18-woody-security: released (2.4.18-14)
+2.4.17-woody-security: released (2.4.17-1woody2)
+2.4.16-woody-security: released (2.4.16-1woody2)
+2.4.17-woody-security-hppa: released (32.3)
+2.4.17-woody-security-ia64: released (011226.14.1)
+2.4.18-woody-security-hppa: released (62.2)
diff --git a/retired/CVE-2003-0984 b/retired/CVE-2003-0984
new file mode 100644
index 00000000..73760da7
--- /dev/null
+++ b/retired/CVE-2003-0984
@@ -0,0 +1,46 @@
+Candidate: CVE-2003-0984
+References: 
+ SUSE:SuSE-SA:2003:049
+ URL:http://www.novell.com/linux/security/advisories/2003_049_kernel.html
+ CONECTIVA:CLA-2004:799
+ URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000799
+ ENGARDE:ESA-20040105-001
+ URL:http://www.linuxsecurity.com/advisories/engarde_advisory-3904.html
+ REDHAT:RHSA-2003:417
+ URL:http://www.redhat.com/support/errata/RHSA-2003-417.html
+ REDHAT:RHSA-2004:188
+ URL:http://www.redhat.com/support/errata/RHSA-2004-188.html
+ MANDRAKE:MDKSA-2004:001
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:001
+ BUGTRAQ:20040112 SmoothWall Project Security Advisory SWP-2004:001
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107394143105081&w=2
+ XF:linux-rtc-memory-leak(13943)
+ URL:http://xforce.iss.net/xforce/xfdb/13943
+ OVAL:OVAL1013
+ URL:http://oval.mitre.org/oval/definitions/data/oval1013.html
+ OVAL:OVAL859
+ URL:http://oval.mitre.org/oval/definitions/data/oval859.html
+Description: 
+ Real time clock (RTC) routines in Linux kernel 2.4.23 and earlier do not
+ properly initialize their structures, which could leak kernel data to user
+ space.
+Notes: 
+ backport from dilinger; though it isn't quite what appears to have gone
+ upstream:
+   http://linux.bkbits.net:8080/linux-2.4/cset@3fd7827aNFUTifwp7_u4babSUA8Bkg?nav=index.html|src/|src/drivers|src/drivers/sbus|src/drivers/sbus/char|related/drivers/sbus/char/rtc.c
+  http://linux.bkbits.net:8080/linux-2.4/cset@3ff8697bFIYfsvIbsqw27h6C_rbCEA?nav=index.html|src/|src/drivers|src/drivers/sbus|src/drivers/sbus/char|related/drivers/sbus/char/rtc.c
+ jmm> This was fixed upstream in 2.4.24-rc1:
+ jmm> | <trini:mvista.com>:
+ jmm> | o /dev/rtc can leak parts of kernel memory to unpriviledged users
+Bugs: 
+upstream: released (2.4.24-rc1, 2.6.2)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.18)
+2.4.18-woody-security-hppa: released (62.4)
diff --git a/retired/CVE-2003-0985 b/retired/CVE-2003-0985
new file mode 100644
index 00000000..16f58f01
--- /dev/null
+++ b/retired/CVE-2003-0985
@@ -0,0 +1,54 @@
+Candidate: CVE-2003-0985
+References: 
+ BUGTRAQ:20040105 Linux kernel mremap vulnerability
+ MISC:http://isec.pl/vulnerabilities/isec-0013-mremap.txt
+ BUGTRAQ:20040105 Linux kernel do_mremap() proof-of-concept exploit code
+ BUGTRAQ:20040106 Linux mremap bug correction
+ DEBIAN:DSA-423
+ DEBIAN:DSA-450
+ SUSE:SuSE-SA:2004:001
+ SUSE:SuSE-SA:2004:003
+ CONECTIVA:CLA-2004:799
+ ENGARDE:ESA-20040105-001
+ REDHAT:RHSA-2003:416
+ REDHAT:RHSA-2003:417
+ REDHAT:RHSA-2003:418
+ REDHAT:RHSA-2003:419
+ DEBIAN:DSA-413
+ DEBIAN:DSA-417
+ DEBIAN:DSA-427
+ DEBIAN:DSA-439
+ DEBIAN:DSA-440
+ DEBIAN:DSA-442
+ DEBIAN:DSA-470
+ DEBIAN:DSA-475
+ IMMUNIX:IMNX-2004-73-001-01
+ MANDRAKE:MDKSA-2004:001
+ SGI:20040102-01-U
+ TRUSTIX:2004-0001
+ BUGTRAQ:20040107 [slackware-security] Kernel security update (SSA:2004-006-01)
+ BUGTRAQ:20040108 [slackware-security] Slackware 8.1 kernel security update (SSA:2004-008-01)
+ BUGTRAQ:20040112 SmoothWall Project Security Advisory SWP-2004:001
+ XF:linux-domremap-gain-privileges(14135)
+ OSVDB:3315
+ OVAL:OVAL860
+ OVAL:OVAL867
+Description: 
+ The mremap system call (do_mremap) in Linux kernel 2.4.x before 2.4.21
+ does not properly perform bounds checks, which allows local users to
+ cause a denial of service and possibly gain privileges by causing a
+ remapping of a virtual memory area (VMA) to create a zero length VMA,
+ a different vulnerability than CAN-2004-0077.
+Notes: 
+Bugs: 
+upstream: released (2.4.24-rc1), released (2.6.1)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: released (2.4.19-4.woody1)
+2.4.18-woody-security: released (2.4.18-14.1)
+2.4.17-woody-security: released (2.4.17-1woody2)
+2.4.16-woody-security: released (2.4.16-1woody2)
+2.4.17-woody-security-hppa: released (32.3, 62.3)
+2.4.17-woody-security-ia64: released (011226.15)
+2.4.18-woody-security-hppa: released (62.2)
diff --git a/retired/CVE-2003-1040 b/retired/CVE-2003-1040
new file mode 100644
index 00000000..b4e7a03e
--- /dev/null
+++ b/retired/CVE-2003-1040
@@ -0,0 +1,28 @@
+Candidate: CVE-2003-1040
+References: 
+ ftp://patches.sgi.com/support/free/security/advisories/20040204-01-U.asc
+ http://www.novell.com/linux/security/advisories/2003_049_kernel.html
+ http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000820
+ http://www.redhat.com/support/errata/RHSA-2004-065.html
+ http://www.redhat.com/support/errata/RHSA-2004-069.html
+ http://www.redhat.com/support/errata/RHSA-2004-106.html
+ http://www.redhat.com/support/errata/RHSA-2004-188.html
+ http://linux.bkbits.net:8080/linux-2.4/diffs/kernel/kmod.c@1.6?nav=index.html|src/|src/kernel|hist/kernel/kmod.c
+ http://xforce.iss.net/xforce/xfdb/15577
+Description: 
+ kmod in the Linux kernel does not set its uid, suid, gid, or sgid to 0, which
+ allows local users to cause a denial of service (crash) by sending certain
+ signals to kmod.
+Notes: 
+ fixed before 2.6 released
+Bugs: 
+upstream: released (2.4.23)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: needed
+2.4.18-woody-security: needed
+2.4.17-woody-security: needed
+2.4.16-woody-security: needed
+2.4.17-woody-security-hppa: needed
+2.4.17-woody-security-ia64: needed
diff --git a/retired/CVE-2004-0003 b/retired/CVE-2004-0003
new file mode 100644
index 00000000..73002472
--- /dev/null
+++ b/retired/CVE-2004-0003
@@ -0,0 +1,89 @@
+Candidate: CVE-2004-0003
+References: 
+ CONFIRM:http://www.linuxcompatible.org/print25630.html
+ DEBIAN:DSA-479
+ URL:http://www.debian.org/security/2004/dsa-479
+ DEBIAN:DSA-480
+ URL:http://www.debian.org/security/2004/dsa-480
+ DEBIAN:DSA-481
+ URL:http://www.debian.org/security/2004/dsa-481
+ DEBIAN:DSA-482
+ URL:http://www.debian.org/security/2004/dsa-482
+ DEBIAN:DSA-489
+ URL:http://www.debian.org/security/2004/dsa-489
+ DEBIAN:DSA-491
+ URL:http://www.debian.org/security/2004/dsa-491
+ DEBIAN:DSA-495
+ URL:http://www.debian.org/security/2004/dsa-495
+ MANDRAKE:MDKSA-2004:029
+ URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:029
+ REDHAT:RHSA-2004:044
+ URL:http://www.redhat.com/support/errata/RHSA-2004-044.html
+ REDHAT:RHSA-2004:065
+ URL:http://www.redhat.com/support/errata/RHSA-2004-065.html
+ REDHAT:RHSA-2004:106
+ URL:http://www.redhat.com/support/errata/RHSA-2004-106.html
+ REDHAT:RHSA-2004:166
+ URL:http://www.redhat.com/support/errata/RHSA-2004-166.html
+ SUSE:SuSE-SA:2004:005
+ URL:http://www.novell.com/linux/security/advisories/2004_05_linux_kernel.html
+ TURBO:TLSA-2004-14
+ URL:http://www.turbolinux.com/security/2004/TLSA-2004-14.txt
+ CIAC:O-082
+ URL:http://www.ciac.org/ciac/bulletins/o-082.shtml
+ CIAC:O-121
+ URL:http://www.ciac.org/ciac/bulletins/o-121.shtml
+ CIAC:O-126
+ URL:http://www.ciac.org/ciac/bulletins/o-126.shtml
+ CIAC:O-127
+ URL:http://www.ciac.org/ciac/bulletins/o-127.shtml
+ CIAC:O-145
+ URL:http://www.ciac.org/ciac/bulletins/o-145.shtml
+ BID:9570
+ URL:http://www.securityfocus.com/bid/9570
+ SECUNIA:10782
+ URL:http://secunia.com/advisories/10782
+ SECUNIA:10911
+ URL:http://secunia.com/advisories/10911
+ SECUNIA:10912
+ URL:http://secunia.com/advisories/10912
+ SECUNIA:11202
+ URL:http://secunia.com/advisories/11202
+ SECUNIA:11361
+ URL:http://secunia.com/advisories/11361
+ SECUNIA:11362
+ URL:http://secunia.com/advisories/11362
+ SECUNIA:11369
+ URL:http://secunia.com/advisories/11369
+ SECUNIA:11370
+ URL:http://secunia.com/advisories/11370
+ SECUNIA:11376
+ URL:http://secunia.com/advisories/11376
+ SECUNIA:11464
+ URL:http://secunia.com/advisories/11464
+ SECUNIA:11891
+ URL:http://secunia.com/advisories/11891
+ SECUNIA:12075
+ URL:http://secunia.com/advisories/12075
+ OVAL:OVAL1017
+ URL:http://oval.mitre.org/oval/definitions/data/oval1017.html
+ OVAL:OVAL834
+ URL:http://oval.mitre.org/oval/definitions/data/oval834.html
+ XF:linux-r128-gain-priviliges(15029)
+ URL:http://xforce.iss.net/xforce/xfdb/15029 
+Description: 
+ Unknown vulnerability in Linux kernel before 2.4.22 allows local users to
+ gain privileges, related to "R128 DRI limits checking."
+Notes: 
+Bugs: 
+upstream: released (2.4.26-rc4, 2.6.4)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: released (2.4.19-4.woody2)
+2.4.18-woody-security: released (2.4.18-14.3)
+2.4.17-woody-security: released (2.4.17-1woody3)
+2.4.16-woody-security: released (2.4.16-1woody2)
+2.4.17-woody-security-hppa: released (32.4, 62.3)
+2.4.17-woody-security-ia64: released (011226.17)
+2.4.18-woody-security-hppa: released (62.3)
diff --git a/retired/CVE-2004-0010 b/retired/CVE-2004-0010
new file mode 100644
index 00000000..5420ca92
--- /dev/null
+++ b/retired/CVE-2004-0010
@@ -0,0 +1,16 @@
+Candidate: CVE-2004-0010
+References: 
+Description: 
+Notes: 
+Bugs: 
+upstream: released (2.4.25-pre7), released (2.6.3)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: released (2.4.19-4.woody2)
+2.4.18-woody-security: released (2.4.18-14.3)
+2.4.17-woody-security: released (2.4.17-1woody3)
+2.4.16-woody-security: released (2.4.16-1woody2)
+2.4.17-woody-security-hppa: released (32.4, 62.3)
+2.4.17-woody-security-ia64: released (011226.17)
+2.4.18-woody-security-hppa: released (62.3)
diff --git a/retired/CVE-2004-0077 b/retired/CVE-2004-0077
new file mode 100644
index 00000000..02f16cd4
--- /dev/null
+++ b/retired/CVE-2004-0077
@@ -0,0 +1,57 @@
+Candidate: CVE-2004-0077
+References: 
+ BUGTRAQ:20040218 Second critical mremap() bug found in all Linux kernels
+ VULNWATCH:20040218 Second critical mremap() bug found in all Linux kernels
+ MISC:http://isec.pl/vulnerabilities/isec-0014-mremap-unmap.txt
+ CONECTIVA:CLA-2004:820
+ DEBIAN:DSA-438
+ DEBIAN:DSA-439
+ DEBIAN:DSA-440
+ DEBIAN:DSA-441
+ DEBIAN:DSA-442
+ DEBIAN:DSA-444
+ DEBIAN:DSA-450
+ DEBIAN:DSA-453
+ DEBIAN:DSA-454
+ DEBIAN:DSA-456
+ DEBIAN:DSA-466
+ DEBIAN:DSA-470
+ DEBIAN:DSA-514
+ DEBIAN:DSA-475
+ REDHAT:RHSA-2004:065
+ REDHAT:RHSA-2004:066
+ REDHAT:RHSA-2004:069
+ REDHAT:RHSA-2004:106
+ SLACKWARE:SSA:2004-049
+ SUSE:SuSE-SA:2004:005
+ TRUSTIX:2004-0007
+ TRUSTIX:2004-0008
+ GENTOO:GLSA-200403-02
+ CERT-VN:VU#981222
+ XF:linux-mremap-gain-privileges(15244)
+ BID:9686
+ OSVDB:3986
+ OVAL:OVAL825
+ OVAL:OVAL837 
+Description: 
+ The do_mremap function for the mremap system call in Linux 2.2 to 2.2.25, 2.4
+ to 2.4.24, and 2.6 to 2.6.2, does not properly check the return value from the
+ do_munmap function when the maximum number of VMA descriptors is exceeded,
+ which allows local users to gain root privileges, a different vulnerability
+ than CAN-2003-0985.
+Notes: 
+ dannf> we think these are the patches:
+  2.6: http://www.kernel.org/git/?p=linux/kernel/git/tglx/history.git;a=commitdiff;h=59287e5eef8d33dcd842852a898b43a81fe0b2c2
+  2.4: http://linux.bkbits.net:8080/linux-2.4/cset@40327d9fxQLz7BU9yAATPsFlWiSG0A?nav=index.html|src/|src/mm|related/mm/mremap.c
+Bugs: 
+upstream: released (2.4.25-rc4, 2.6.3)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: released (2.4.19-4.woody1)
+2.4.18-woody-security: released (2.4.18-14.2)
+2.4.17-woody-security: released (2.4.17-1woody2)
+2.4.16-woody-security: released (2.4.16-1woody2)
+2.4.17-woody-security-hppa: released (32.3, 62.3)
+2.4.17-woody-security-ia64: released (011226.16)
+2.4.18-woody-security-hppa: released (62.2)
diff --git a/retired/CVE-2004-0109 b/retired/CVE-2004-0109
new file mode 100644
index 00000000..fc67f753
--- /dev/null
+++ b/retired/CVE-2004-0109
@@ -0,0 +1,16 @@
+Candidate: 
+References: 
+Description: 
+Notes: 
+Bugs: 
+upstream: released (2.4.26-rc4), released (2.6.6)
+linux-2.6: N/A 
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: released (2.4.19-4.woody2)
+2.4.18-woody-security: released (2.4.18-14.3)
+2.4.17-woody-security: released (2.4.17-1woody3)
+2.4.16-woody-security: released (2.4.16-1woody2)
+2.4.17-woody-security-hppa: released (32.4, 62.3)
+2.4.17-woody-security-ia64: released (011226.17)
+2.4.18-woody-security-hppa: released (62.3)
diff --git a/retired/CVE-2004-0133 b/retired/CVE-2004-0133
new file mode 100644
index 00000000..dd6420aa
--- /dev/null
+++ b/retired/CVE-2004-0133
@@ -0,0 +1,29 @@
+Candidate: CVE-2004-0133
+References:
+ http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html
+ http://security.gentoo.org/glsa/glsa-200407-02.xml
+ http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:029
+ ftp://patches.sgi.com/support/free/security/advisories/20040405-01-U.asc
+ http://marc.theaimsgroup.com/?l=bugtraq&m=108213675028441&w=2
+ http://www.securityfocus.com/bid/10151
+ http://secunia.com/advisories/11362
+ http://xforce.iss.net/xforce/xfdb/15901
+Description:
+ The XFS file system code in Linux 2.4.x has an information leak in which
+ in-memory data is written to the device for the XFS file system, which
+ allows local users to obtain sensitive information by reading the raw device.
+Notes: 
+ jmm> Woody is not affected, as XFS was only added to the kernel in 2.4.25
+ dannf> I never did find the actual patch - upstream fixed versions are
+ dannf> based on the securityfocus page above.
+Bugs: 
+upstream: released (2.4.26-rc2, 2.6.5) 
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
diff --git a/retired/CVE-2004-0136 b/retired/CVE-2004-0136
new file mode 100644
index 00000000..77047ee2
--- /dev/null
+++ b/retired/CVE-2004-0136
@@ -0,0 +1,46 @@
+Candidate: CVE-2004-0136
+References: 
+ REDHAT:RHSA-2004:549
+ URL:http://www.redhat.com/support/errata/RHSA-2004-549.html
+ SGI:20040601-01-P
+ URL:ftp://patches.sgi.com/support/free/security/advisories/20040601-01-P.asc
+ XF:irix-mapelf32exec-dos(16416)
+ URL:http://xforce.iss.net/xforce/xfdb/16416
+ BID:10547
+ URL:http://www.securityfocus.com/bid/10547
+Description: 
+ The mapelf32exec function call in IRIX 6.5.20 through 6.5.24 allows local
+ users to cause a denial of service (system crash) via a "corrupted binary."
+Notes: 
+ Strange description, but I think this is actually a Linux issue; note the
+ RedHat URLs above.
+ dannf> I think I've traced this issue back to a flawed bug report, and that
+ dannf> this is really CAN-2004-0138.
+  + mitre references a RedHat advisory for this, RHSA-2004:504-13
+  + RHSA-2004:504-13 does in fact reference CVE-2004-0136
+  + RedHat notes that their fixed src.rpm is kernel-2.4.18-e.52.src.rpm
+  + The changelog in the spec file in the above .src.rpm contains the following
+    entry:
+    * Tue Nov 16 2004 Jim Paradis <jparadis@redhat.com>
+    - Fixes for security holes in binfmt_elf loader (Dave Anderson,
+      Jim Paradis), bugs 127916, 134876
+  + https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127916 references
+    CVE-2004-0136, but the patches it links to are the fixes for
+    CVE-2004-0138
+ jmm> Red Hat accidentally used CVE-2004-0138 for this in an advisory, pulling
+ jmm> over the entries from it
+ jmm> I've verified that the fix from
+ jmm> http://linux.bkbits.net:8080/linux-2.4/gnupatch@4021346f79nBb-4X_usRikR3Iyb4Vg
+ jmm> is included in 2.6.8, thus marking 2.6.8 and linux-2.6 N/A
+Bugs: 
+upstream: released (2.4.25-rc1)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.18)
+2.4.18-woody-security-hppa: released (62.4)
diff --git a/retired/CVE-2004-0138 b/retired/CVE-2004-0138
new file mode 100644
index 00000000..e2f1e3b5
--- /dev/null
+++ b/retired/CVE-2004-0138
@@ -0,0 +1,23 @@
+Candidate: CVE-2004-0138
+References: 
+Description: 
+Notes: 
+ Still marked **RESERVED**
+ dannf> However, it was already fixed in woody, whose changelog says:
+  * Applied patch by Chris Wright to denial of service in the ELF loader
+    when the interpreter architecture doesn't match the current one
+    <http://linux.bkbits.net:8080/linux-2.4/cset@4021346f79nBb-4X_usRikR3Iyb4Vg>
+    [fs/binfmt_elf.c, CAN-2004-0138]
+ jmm> This was a previous Red Hat internal name for CVE-2004-0136, so
+ jmm> Red hat advisories, which fix this are in fact for CVE-2004-0136
+Bugs: 
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
+2.4.18-woody-security-hppa: N/A
diff --git a/retired/CVE-2004-0177 b/retired/CVE-2004-0177
new file mode 100644
index 00000000..f42298e4
--- /dev/null
+++ b/retired/CVE-2004-0177
@@ -0,0 +1,28 @@
+Candidate: CVE-2004-0177
+References: 
+Description: 
+Notes: 
+ jmm> This is resolved by the following patch by tytso:
+ jmm>--- kernel-source-2.4.18-2.4.18.orig/fs/jbd/journal.c
+ jmm>+++ kernel-source-2.4.18-2.4.18/fs/jbd/journal.c
+ jmm>@@ -671,6 +671,7 @@
+ jmm>
+ jmm>        bh = getblk(journal->j_dev, blocknr, journal->j_blocksize);
+ jmm>        lock_buffer(bh);
+ jmm>+       memset(bh->b_data, 0, journal->j_blocksize);
+ jmm>        BUFFER_TRACE(bh, "return this buffer");
+ jmm>        return journal_add_journal_head(bh);
+ jmm> }
+ jmm> This fix is present in 2.4.27 and 2.6.8, so marking them and l-2.6 N/A
+Bugs: 
+upstream: released (2.4.26-pre4)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: released (2.4.19-4.woody2)
+2.4.18-woody-security: released (2.4.18-14.3)
+2.4.17-woody-security: released (2.4.17-1woody3)
+2.4.16-woody-security: released (2.4.16-1woody2)
+2.4.17-woody-security-hppa: released (32.4, 62.3)
+2.4.17-woody-security-ia64: released (011226.17)
+2.4.18-woody-security-hppa: released (62.3)
diff --git a/retired/CVE-2004-0178 b/retired/CVE-2004-0178
new file mode 100644
index 00000000..3594c976
--- /dev/null
+++ b/retired/CVE-2004-0178
@@ -0,0 +1,40 @@
+Candidate: CVE-2004-0178
+References: 
+ http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846
+ http://www.debian.org/security/2004/dsa-479
+ http://www.debian.org/security/2004/dsa-480
+ http://www.debian.org/security/2004/dsa-481
+ http://www.debian.org/security/2004/dsa-482
+ http://www.debian.org/security/2004/dsa-489
+ http://www.debian.org/security/2004/dsa-491
+ http://www.debian.org/security/2004/dsa-495
+ http://security.gentoo.org/glsa/glsa-200407-02.xml
+ http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:029
+ http://www.redhat.com/support/errata/RHSA-2004-413.html
+ http://www.redhat.com/support/errata/RHSA-2004-437.html
+ ftp://patches.sgi.com/support/free/security/advisories/20040804-01-U.asc
+ http://linux.bkbits.net:8080/linux-2.4/cset@404ce5967rY2Ryu6Z_uNbYh643wuFA
+ http://www.ciac.org/ciac/bulletins/o-121.shtml
+ http://www.ciac.org/ciac/bulletins/o-127.shtml
+ http://www.ciac.org/ciac/bulletins/o-193.shtml
+ http://www.securityfocus.com/bid/9985
+ http://xforce.iss.net/xforce/xfdb/15868
+Description: 
+ The OSS code for the Sound Blaster (sb16) driver in Linux 2.4.x
+ before 2.4.26, when operating in 16 bit mode, does not properly
+ handle certain sample sizes, which allows local users to cause a
+ denial of service (crash) via a sample with an odd number of bytes.
+Notes: 
+ jmm> I've verified that above patch is included in 2.6.8
+Bugs: 
+upstream: released (2.4.26-pre3)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: released (2.4.19-4.woody2)
+2.4.18-woody-security: released (2.4.18-14.3)
+2.4.17-woody-security: released (2.4.17-1woody3)
+2.4.16-woody-security: released (2.4.16-1woody2)
+2.4.17-woody-security-hppa: released (32.4, 62.3)
+2.4.17-woody-security-ia64: released (011226.17)
+2.4.18-woody-security-hppa: released (62.3)
diff --git a/retired/CVE-2004-0181 b/retired/CVE-2004-0181
new file mode 100644
index 00000000..0d56ff39
--- /dev/null
+++ b/retired/CVE-2004-0181
@@ -0,0 +1,27 @@
+Candidate: CVE-2004-0181
+References: 
+ http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html
+ http://security.gentoo.org/glsa/glsa-200407-02.xml
+ http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:029
+ http://marc.theaimsgroup.com/?l=bugtraq&m=108213675028441&w=2
+ http://www.turbolinux.com/security/2004/TLSA-2004-14.txt
+ http://www.securityfocus.com/bid/10143
+ http://xforce.iss.net/xforce/xfdb/15902
+Description: 
+ The JFS file system code in Linux 2.4.x has an information leak in which
+ in-memory data is written to the device for the JFS file system, which allows
+ local users to obtain sensitive information by reading the raw device.
+Notes: 
+ jmm> JFS was merged into the 2.4 kernel in 2.4.20-pre4 and into 2.6 at 2.6.5-rc2,
+ jmm> so I'm marking all versions N/A
+Bugs: 
+upstream: released (2.4.26-pre5), released (2.6.5-rc2)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
diff --git a/retired/CVE-2004-0228 b/retired/CVE-2004-0228
new file mode 100644
index 00000000..4b6758bb
--- /dev/null
+++ b/retired/CVE-2004-0228
@@ -0,0 +1,33 @@
+Candidate: CVE-2004-0228
+References: 
+ http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000852
+ http://www.redhat.com/archives/fedora-announce-list/2004-April/msg00010.html
+ http://security.gentoo.org/glsa/glsa-200407-02.xml
+ http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:050
+ http://www.novell.com/linux/security/advisories/2004_10_kernel.html
+ http://secunia.com/advisories/11429
+ http://secunia.com/advisories/11464
+ http://secunia.com/advisories/11486
+ http://secunia.com/advisories/11491
+ http://secunia.com/advisories/11683
+ http://xforce.iss.net/xforce/xfdb/15951
+Description: 
+ Integer signedness error in the cpufreq proc handler (cpufreq_procctl) in 
+ Linux kernel 2.6 allows local users to gain privileges.
+Notes: 
+ jmm> 2.4 does not have cpufreq
+ jmm> In 2.6 the affected code has changed to drivers/cpufreq/cpufreq_userspace.c
+ jmm> I've verified that the isolated patch from 
+ jmm> http://www.ultramonkey.org/bugs/cve-patch/CAN-2004-0228.patch
+ jmm> is included in 2.6.8
+Bugs: 
+upstream:
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A 
+2.4.17-woody-security-ia64: N/A
diff --git a/retired/CVE-2004-0229 b/retired/CVE-2004-0229
new file mode 100644
index 00000000..08ee5079
--- /dev/null
+++ b/retired/CVE-2004-0229
@@ -0,0 +1,16 @@
+Candidate: CVE-2004-0229
+References: 
+Description: 
+Notes: 
+ jmm> 2.4 is not affected by this problem.
+Bugs: 
+upstream: released (2.6.6)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
diff --git a/retired/CVE-2004-0394 b/retired/CVE-2004-0394
new file mode 100644
index 00000000..438a4600
--- /dev/null
+++ b/retired/CVE-2004-0394
@@ -0,0 +1,39 @@
+Candidate: CVE-2004-0394
+References: 
+ CONECTIVA:CLA-2004:846
+ URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846
+ GENTOO:GLSA-200407-02
+ URL:http://security.gentoo.org/glsa/glsa-200407-02.xml
+ MANDRAKE:MDKSA-2004:037
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:037
+ MLIST:[fedora-announce] 20040422 Fedora alert FEDORA-2004-111 (kernel)
+ URL:http://lwn.net/Articles/81773/
+ ENGARDE:ESA-20040428-004
+ URL:http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html
+ SGI:20040504-01-U
+ URL:ftp://patches.sgi.com/support/free/security/advisories/20040504-01-U.asc
+ SGI:20040505-01-U
+ URL:ftp://patches.sgi.com/support/free/security/advisories/20040505-01-U.asc
+ SUSE:SuSE-SA:2004:010
+ URL:http://www.novell.com/linux/security/advisories/2004_10_kernel.html
+ XF:linux-panic-bo(15953)
+ URL:http://xforce.iss.net/xforce/xfdb/15953
+Description: 
+ A "potential" buffer overflow exists in the panic() function in Linux 2.4.x,
+ although it may not be exploitable due to the functionality of panic.
+Notes: 
+ jmm> I've verified 2.6.8 to contain the correct vsnprintf() call
+ jmm> For 2.4 it's fixed in 2.4.32, but unfixed in 2.4.27. I'm marking it
+ jmm> needed, although I guess it's not exploitable
+Bugs: 
+upstream: released (2.4.28-pre1)
+linux-2.6: N/A 
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: released (2.4.27-1)
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.18)
+2.4.18-woody-security-hppa: released (62.4)
diff --git a/retired/CVE-2004-0415 b/retired/CVE-2004-0415
new file mode 100644
index 00000000..89c5fdc0
--- /dev/null
+++ b/retired/CVE-2004-0415
@@ -0,0 +1,42 @@
+Candidate: CVE-2004-0415
+References: 
+ CONECTIVA:CLA-2004:879
+ URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000879
+ GENTOO:GLSA-200408-24
+ URL:http://www.gentoo.org/security/en/glsa/glsa-200408-24.xml
+ MANDRAKE:MDKSA-2004:087
+ URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:087
+ REDHAT:RHSA-2004:413
+ URL:http://www.redhat.com/support/errata/RHSA-2004-413.html
+ REDHAT:RHSA-2004:418
+ URL:http://www.redhat.com/support/errata/RHSA-2004-418.html
+ SGI:20040804-01-U
+ URL:ftp://patches.sgi.com/support/free/security/advisories/20040804-01-U.asc
+ XF:linux-pointer-info-disclosure(16877)
+ URL:http://xforce.iss.net/xforce/xfdb/16877
+Description: 
+ Linux kernel does not properly convert 64-bit file offset pointers to 32 bits,
+ which allows local users to access portions of kernel memory.
+Notes: 
+ dannf> Based on the 2.4.27 changelog, I think this is the 2.4 fix:
+  http://linux.bkbits.net:8080/linux-2.4/cset@411064f7uz3rKDb73dEb4vCqbjEIdw?nav=index.html|src/|src/drivers|src/drivers/char|related/drivers/char/i8k.c
+    and
+  http://linux.bkbits.net:8080/linux-2.4/cset@41113629fBqsXgKVAey-EzhZOkS2Lw?nav=index.html|src/|src/net|src/net/atm|related/net/atm/br2684.c
+ Which doesn't look like it ever made 2.6.
+ .
+ dannf> I've asked Al Viro & Marcelo for more info
+ dannf> Marcelo says:
+   2.6 avoids the file offset race by having a copy of it at the high
+   level VFS functions, its safe.
+Bugs: 
+upstream: released (2.4.27-rc5)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2004-0427 b/retired/CVE-2004-0427
new file mode 100644
index 00000000..048cc7e6
--- /dev/null
+++ b/retired/CVE-2004-0427
@@ -0,0 +1,70 @@
+Candidate: CVE-2004-0427
+References: 
+ MLIST:[linux-kernel] 20040408 [PATCH]: 2.4/2.6 do_fork() error path memory leak
+ URL:http://marc.theaimsgroup.com/?l=linux-kernel&m=108139073506983&w=2
+ CONECTIVA:CLA-2004:846
+ URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846
+ ENGARDE:ESA-20040428-004
+ FEDORA:FEDORA-2004-111
+ URL:http://fedoranews.org/updates/FEDORA-2004-111.shtml
+ GENTOO:GLSA-200407-02
+ URL:http://security.gentoo.org/glsa/glsa-200407-02.xml
+ MANDRAKE:MDKSA-2004:037
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:037
+ REDHAT:RHSA-2004:255
+ URL:http://www.redhat.com/support/errata/RHSA-2004-255.html
+ REDHAT:RHSA-2004:260
+ URL:http://www.redhat.com/support/errata/RHSA-2004-260.html
+ REDHAT:RHSA-2004:327
+ URL:http://www.redhat.com/support/errata/RHSA-2004-327.html
+ SGI:20040504-01-U
+ URL:ftp://patches.sgi.com/support/free/security/advisories/20040504-01-U.asc
+ SGI:20040505-01-U
+ URL:ftp://patches.sgi.com/support/free/security/advisories/20040505-01-U.asc
+ SUSE:SuSE-SA:2004:010
+ URL:http://www.novell.com/linux/security/advisories/2004_10_kernel.html
+ TURBO:TLSA-2004-14
+ URL:http://www.turbolinux.com/security/2004/TLSA-2004-14.txt
+ MISC:http://linux.bkbits.net:8080/linux-2.4/cset@407bf20eDeeejm8t36_tpvSE-8EFHA
+ MISC:http://linux.bkbits.net:8080/linux-2.6/cset@407b1217x4jtqEkpFW2g_-RcF0726A
+ CIAC:O-164
+ URL:http://www.ciac.org/ciac/bulletins/o-164.shtml
+ BID:10221
+ URL:http://www.securityfocus.com/bid/10221
+ SECUNIA:11429
+ URL:http://secunia.com/advisories/11429
+ SECUNIA:11464
+ URL:http://secunia.com/advisories/11464
+ SECUNIA:11486
+ URL:http://secunia.com/advisories/11486
+ SECUNIA:11541
+ URL:http://secunia.com/advisories/11541
+ SECUNIA:11861
+ URL:http://secunia.com/advisories/11861
+ SECUNIA:11891
+ URL:http://secunia.com/advisories/11891
+ SECUNIA:11892
+ URL:http://secunia.com/advisories/11892
+ OVAL:OVAL2819
+ URL:http://oval.mitre.org/oval/definitions/data/oval2819.html
+ XF:linux-dofork-memory-leak(16002)
+ URL:http://xforce.iss.net/xforce/xfdb/16002 
+Description: 
+ The do_fork function in Linux 2.4.x before 2.4.26, and 2.6.x before 2.6.6,
+ does not properly decrement the mm_count counter when an error occurs after
+ the mm_struct for a child process has been activated, which triggers a memory
+ leak that allows local users to cause a denial of service (memory exhaustion)
+ via the clone (CLONE_VM) system call.
+Notes: 
+Bugs: 
+upstream: released (2.4.26, 2.6.6)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.18)
+2.4.18-woody-security-hppa: released (62.4)
diff --git a/retired/CVE-2004-0447 b/retired/CVE-2004-0447
new file mode 100644
index 00000000..b3c51eef
--- /dev/null
+++ b/retired/CVE-2004-0447
@@ -0,0 +1,37 @@
+Candidate: CVE-2004-0447
+References: 
+ MLIST:[owl-users] 20040619 Linux 2.4.26-ow2
+ URL:http://archives.neohapsis.com/archives/linux/owl/2004-q2/0038.html
+ GENTOO:GLSA-200407-16
+ URL:http://security.gentoo.org/glsa/glsa-200407-16.xml
+ REDHAT:RHSA-2004:413
+ URL:http://www.redhat.com/support/errata/RHSA-2004-413.html
+ SGI:20040804-01-U
+ URL:ftp://patches.sgi.com/support/free/security/advisories/20040804-01-U.asc
+ CIAC:O-193
+ URL:http://www.ciac.org/ciac/bulletins/o-193.shtml
+ BID:10783
+ URL:http://www.securityfocus.com/bid/10783
+ XF:linux-ia64-dos(16661)
+ URL:http://xforce.iss.net/xforce/xfdb/16661
+Description: 
+ Unknown vulnerability in Linux before 2.4.26 for IA64 allows local users to
+ cause a denial of service, with unknown impact. NOTE: due to a typo, this
+ issue was accidentally assigned CVE-2004-0477. This is the proper candidate to
+ use for the Linux local DoS.
+Notes: 
+ jmm> I've verified that the patch from David Mosberger available at
+ jmm> http://marc.theaimsgroup.com/?l=linux-ia64&m=108026377907667&w=2
+ jmm> is included in stock 2.4.27 and 2.6.8, so it's N/A.
+Bugs: 
+upstream: 
+linux-2.6: N/A 
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.18)
+2.4.18-woody-security-hppa: released (62.4)
diff --git a/retired/CVE-2004-0491 b/retired/CVE-2004-0491
new file mode 100644
index 00000000..245dac3b
--- /dev/null
+++ b/retired/CVE-2004-0491
@@ -0,0 +1,27 @@
+Candidate: CVE-2004-0491
+References: 
+ CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=126411
+ MLIST:[linux-kernel] 20040402 Re: disable-cap-mlock
+ URL:http://marc.theaimsgroup.com/?l=linux-kernel&m=108087017610947&w=2
+ OVAL:OVAL1117
+ URL:http://oval.mitre.org/oval/definitions/data/oval1117.html
+Description: 
+ The linux-2.4.21-mlock.patch in Red Hat Enterprise Linux 3 does not properly
+ maintain the mlock page count when one process unlocks pages that belong to
+ another process, which allows local users to mlock more memory than specified
+ by the rlimit.
+Notes: 
+ dannf> It doesn't look like the code in linux-2.4.21-mlock.patch was ever
+ dannf> accepted upstream in 2.4 or 2.6, so it doesn't apply to us.
+Bugs: 
+upstream: N/A
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
+2.4.18-woody-security-hppa: N/A
diff --git a/retired/CVE-2004-0495 b/retired/CVE-2004-0495
new file mode 100644
index 00000000..d0aed8aa
--- /dev/null
+++ b/retired/CVE-2004-0495
@@ -0,0 +1,48 @@
+Candidate: CVE-2004-0495
+References: 
+ CONECTIVA:CLA-2004:845
+ URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000845
+ CONECTIVA:CLA-2004:846
+ URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846
+ FEDORA:FEDORA-2004-186
+ URL:http://lwn.net/Articles/91155/
+ GENTOO:GLSA-200407-02
+ URL:http://security.gentoo.org/glsa/glsa-200407-02.xml
+ MANDRAKE:MDKSA-2004:066
+ URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:066
+ REDHAT:RHSA-2004:255
+ URL:http://www.redhat.com/support/errata/RHSA-2004-255.html
+ REDHAT:RHSA-2004:260
+ URL:http://www.redhat.com/support/errata/RHSA-2004-260.html
+ SUSE:SUSE-SA:2004:020
+ URL:http://www.novell.com/linux/security/advisories/2004_20_kernel.html
+ OVAL:OVAL2961
+ URL:http://oval.mitre.org/oval/definitions/data/oval2961.html
+ XF:linux-drivers-gain-privileges(16449)
+ URL:http://xforce.iss.net/xforce/xfdb/16449
+ BID:10566
+ URL:http://www.securityfocus.com/bid/10566
+Description: 
+ Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow local users
+ to gain privileges or access kernel memory, as found by the Sparse source code
+ checking tool.
+Notes: 
+ dannf> 2.4 patches:
+   http://linux.bkbits.net:8080/linux-2.4/cset@40d972a19cY-Al1qQickpmg8z_gxmg?nav=index.html|src/|src/net|src/net/decnet|related/net/decnet/dn_dev.c
+   http://linux.bkbits.net:8080/linux-2.4/cset@40d97303iUWCFF5wizAKNT5CC5ctJg?nav=index.html|src/|src/drivers|src/drivers/sound|related/drivers/sound/mpu401.c
+   http://linux.bkbits.net:8080/linux-2.4/cset@40d973835aLERLaEv4dP6Hjw31Nn5A?nav=index.html|src/|src/drivers|src/drivers/sound|related/drivers/sound/msnd.h
+   http://linux.bkbits.net:8080/linux-2.4/cset@40d973d9FCCgP1ZDVGknBTDKgDXw6w?nav=index.html|src/|src/drivers|src/drivers/sound|related/drivers/sound/pss.c
+   http://linux.bkbits.net:8080/linux-2.4/cset@40d9743al24lCKKm8wbRs-S_2CgWTA?nav=index.html|src/|src/drivers|src/drivers/net|src/drivers/net/wireless|related/drivers/net/wireless/airo.c
+   http://linux.bkbits.net:8080/linux-2.4/cset@40d975a2Ttlhd2amhkcgbfzndDMUZA?nav=index.html|src/|src/drivers|src/drivers/acpi|related/drivers/acpi/asus_acpi.c
+Bugs: 
+upstream: released (2.4.27-rc2, 2.6.7)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2004-0496 b/retired/CVE-2004-0496
new file mode 100644
index 00000000..762a0bb0
--- /dev/null
+++ b/retired/CVE-2004-0496
@@ -0,0 +1,26 @@
+Candidate: CVE-2004-0496
+References: 
+ http://www.novell.com/linux/security/advisories/2004_20_kernel.html
+ http://xforce.iss.net/xforce/xfdb/16625
+Description: 
+ Multiple unknown vulnerabilities in Linux kernel 2.6 allow local users to gain
+ privileges or access kernel memory, a different set of vulnerabilities than
+ those identified in CVE-2004-0495, as found by the Sparse source code checking
+ tool. 
+Notes: 
+ dannf> I wasn't able to find the patches for this, but the description and
+ dannf> vendor advisories only note 2.6, so I'm assuming these are 2.6-only.
+ dannf> The description says this affects < 2.6.7.  2.6.7 contains a bunch
+ dannf> of sparse fixes in the changelog, so I'll label upstream 
+ dannf> as fixed in 2.6.7.
+Bugs: 
+upstream: released (2.6.7)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
diff --git a/retired/CVE-2004-0497 b/retired/CVE-2004-0497
new file mode 100644
index 00000000..2addb710
--- /dev/null
+++ b/retired/CVE-2004-0497
@@ -0,0 +1,33 @@
+Candidate: CVE-2004-0497
+References: 
+ CONECTIVA:CLA-2004:852
+ URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000852
+ MANDRAKE:MDKSA-2004:066
+ URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:066
+ REDHAT:RHSA-2004:354
+ URL:http://www.redhat.com/support/errata/RHSA-2004-354.html
+ REDHAT:RHSA-2004:360
+ URL:http://www.redhat.com/support/errata/RHSA-2004-360.html
+ SUSE:SUSE-SA:2004:020
+ URL:http://www.novell.com/linux/security/advisories/2004_20_kernel.html
+ XF:linux-fchown-groupid-modify(16599)
+ URL:http://xforce.iss.net/xforce/xfdb/16599
+Description: 
+ Unknown vulnerability in Linux kernel 2.x may allow local users to modify the
+ group ID of files, such as NFS exported files in kernel 2.4.
+Notes: 
+ Changelog shows fixed in 2.4.26-3
+ 2.6 patch:
+   http://linux.bkbits.net:8080/linux-2.6/cset@40e62e18vom8K1fHgbJfe1oQ6mdkkQ?nav=index.html|src/|src/fs|related/fs/attr.c
+Bugs: 
+upstream: released (2.4.27, 2.6.8)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: released (2.4.27-1)
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2004-0535 b/retired/CVE-2004-0535
new file mode 100644
index 00000000..63948c79
--- /dev/null
+++ b/retired/CVE-2004-0535
@@ -0,0 +1,44 @@
+Candidate: CVE-2004-0535
+References: 
+ CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.4/testing/patch-2.4.27.log
+ CONFIRM:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=125168
+ CONECTIVA:CLA-2004:845
+ URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000845
+ FEDORA:FEDORA-2004-186
+ URL:http://lwn.net/Articles/91155/
+ GENTOO:GLSA-200407-02
+ URL:http://security.gentoo.org/glsa/glsa-200407-02.xml
+ MANDRAKE:MDKSA-2004:062
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:062
+ REDHAT:RHSA-2004:413
+ URL:http://www.redhat.com/support/errata/RHSA-2004-413.html
+ REDHAT:RHSA-2004:418
+ URL:http://www.redhat.com/support/errata/RHSA-2004-418.html
+ SGI:20040804-01-U
+ URL:ftp://patches.sgi.com/support/free/security/advisories/20040804-01-U.asc
+ SUSE:SUSE-SA:2004:020
+ URL:http://www.novell.com/linux/security/advisories/2004_20_kernel.html
+ XF:linux-e1000-bo(16159)
+ URL:http://xforce.iss.net/xforce/xfdb/16159
+ BID:10352
+ URL:http://www.securityfocus.com/bid/10352
+Description: 
+ The e1000 driver for Linux kernel 2.4.26 and earlier does not properly
+ initialize memory before using it, which allows local users to read portions
+ of kernel memory. NOTE: this issue was originally incorrectly reported as a
+ "buffer overflow" by some sources.
+Notes: 
+ Patch:
+   http://linux.bkbits.net:8080/linux-2.6/cset@4084025a6AP3ORKQ7iaTFCmOGvTJXw?nav=index.html|src/|src/drivers|src/drivers/net|src/drivers/net/e1000|related/drivers/net/e1000/e1000_ethtool.c
+Bugs: 
+upstream: released (2.4.27, 2.6.6)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: needed
+2.4.18-woody-security-hppa: N/A
diff --git a/retired/CVE-2004-0554 b/retired/CVE-2004-0554
new file mode 100644
index 00000000..6e11727f
--- /dev/null
+++ b/retired/CVE-2004-0554
@@ -0,0 +1,54 @@
+Candidate: CVE-2004-0554
+References: 
+ MISC:http://gcc.gnu.org/bugzilla/show_bug.cgi?id=15905
+ MISC:http://linuxreviews.org/news/2004-06-11_kernel_crash/index.html
+ MLIST:[linux-kernel] 20040609 timer + fpu stuff locks my console race
+ URL:http://marc.theaimsgroup.com/?l=linux-kernel&m=108681568931323&w=2
+ CONECTIVA:CLA-2004:845
+ URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000845
+ ENGARDE:ESA-20040621-005
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108793699910896&w=2
+ FEDORA:FEDORA-2004-186
+ URL:http://lwn.net/Articles/91155/
+ GENTOO:GLSA-200407-02
+ URL:http://security.gentoo.org/glsa/glsa-200407-02.xml
+ MANDRAKE:MDKSA-2004:062
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:062
+ REDHAT:RHSA-2004:255
+ URL:http://www.redhat.com/support/errata/RHSA-2004-255.html
+ REDHAT:RHSA-2004:260
+ URL:http://www.redhat.com/support/errata/RHSA-2004-260.html
+ SUSE:SuSE-SA:2004:017
+ URL:http://www.novell.com/linux/security/advisories/2004_17_kernel.html
+ TRUSTIX:2004-0034
+ URL:http://www.trustix.net/errata/2004/0034/
+ BUGTRAQ:20040620 TSSA-2004-011 - kernel
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108786114032681&w=2
+ CERT-VN:VU#973654
+ URL:http://www.kb.cert.org/vuls/id/973654
+ OVAL:OVAL2915
+ URL:http://oval.mitre.org/oval/definitions/data/oval2915.html
+ XF:linux-dos(16412)
+ URL:http://xforce.iss.net/xforce/xfdb/16412
+ BID:10566
+ URL:http://www.securityfocus.com/bid/10566
+Description: 
+ Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a denial of
+ service (system crash), possibly via an infinite loop that triggers a signal
+ handler with a certain sequence of fsave and frstor instructions, as
+ originally demonstrated using a "crash.c" program.
+Notes: 
+ jmm> I don't know at which version this was merged, but I've verified that
+ jmm> the stock 2.4.27 and 2.6.8 contain the fix
+Bugs: 261521
+upstream: 
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.18)
+2.4.18-woody-security-hppa: released (62.4)
diff --git a/retired/CVE-2004-0565 b/retired/CVE-2004-0565
new file mode 100644
index 00000000..a49abb1f
--- /dev/null
+++ b/retired/CVE-2004-0565
@@ -0,0 +1,30 @@
+Candidate: CVE-2004-0565
+References: 
+ MISC:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=124734
+ MLIST:[owl-users] 20040619 Linux 2.4.26-ow2
+ URL:http://archives.neohapsis.com/archives/linux/owl/2004-q2/0038.html
+ MANDRAKE:MDKSA-2004:066
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:066
+ XF:linux-ia64-info-disclosure(16644)
+ URL:http://xforce.iss.net/xforce/xfdb/16644
+Description: 
+ Floating point information leak in the context switch code for Linux 2.4.x
+ only checks the MFH bit but does not verify the FPH owner, which allows local
+ users to read register values of other processes by setting the MFH bit.
+Notes: 
+ jmm> I've verified that the check for FPH ownership is included in stock 2.6.8:
+ jmm> # define switch_to(prev,next,last) do {                                         \
+ jmm>         if (ia64_psr(ia64_task_regs(prev))->mfh && ia64_is_local_fpu_owner(prev)) {
+ jmm> So it's N/A, but I don't know at which time it was fixed upstream
+Bugs: 
+upstream: released (2.4.27)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.18)
+2.4.18-woody-security-hppa: released (62.4)
diff --git a/retired/CVE-2004-0587 b/retired/CVE-2004-0587
new file mode 100644
index 00000000..72028b0d
--- /dev/null
+++ b/retired/CVE-2004-0587
@@ -0,0 +1,41 @@
+Candidate: CVE-2004-0587
+References: 
+ FEDORA:FEDORA-2004-186
+ URL:http://lwn.net/Articles/91155/
+ MANDRAKE:MDKSA-2004:066
+ URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:066
+ REDHAT:RHSA-2004:413
+ URL:http://www.redhat.com/support/errata/RHSA-2004-413.html
+ REDHAT:RHSA-2004:418
+ URL:http://www.redhat.com/support/errata/RHSA-2004-418.html
+ SGI:20040804-01-U
+ URL:ftp://patches.sgi.com/support/free/security/advisories/20040804-01-U.asc
+ SUSE:SuSE-SA:2004:010
+ URL:http://www.novell.com/linux/security/advisories/2004_10_kernel.html
+ BID:10279
+ URL:http://www.securityfocus.com/bid/10279
+ SECTRACK:1010057
+ URL:http://securitytracker.com/id?1010057
+ XF:suse-hbaapinode-dos(16062)
+ URL:http://xforce.iss.net/xforce/xfdb/16062
+Description: 
+ Insecure permissions for the /proc/scsi/qla2300/HbaApiNode file in Linux
+ allows local users to cause a denial of service.
+Notes: 
+ 2.4.26-3 has the note:
+  CVE-2004-0587 code is not present, not vulnerable
+ So the question is, did the code get added when we moved to 2.4.27, and
+ was it still vulnerable?
+ dannf> Nope; qla2xxx isn't in 2.4.27
+Bugs: 
+upstream: 
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: needed
+2.4.18-woody-security-hppa: N/A
diff --git a/retired/CVE-2004-0596 b/retired/CVE-2004-0596
new file mode 100644
index 00000000..1ab8f835
--- /dev/null
+++ b/retired/CVE-2004-0596
@@ -0,0 +1,24 @@
+Candidate: CVE-2004-0596
+References: 
+ CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@40d4aa72hPLWy-jMLr0eJAXMxHcNZg
+ XF:linux-eql-dos(16694)
+ URL:http://xforce.iss.net/xforce/xfdb/16694
+ BID:10730
+ URL:http://www.securityfocus.com/bid/10730
+Description: 
+ The Equalizer Load-balancer for serial network interfaces (eql.c) in Linux
+ kernel 2.6.x up to 2.6.7 allows local users to cause a denial of service via a
+ non-existent device name that triggers a null dereference.
+Notes: 
+Bugs: 
+upstream: released (2.4.27-rc2)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2004-0619 b/retired/CVE-2004-0619
new file mode 100644
index 00000000..1cb869e3
--- /dev/null
+++ b/retired/CVE-2004-0619
@@ -0,0 +1,28 @@
+Candidate: CVE-2004-0619
+References: 
+ http://marc.theaimsgroup.com/?l=bugtraq&m=108802653409053&w=2
+ http://www.redhat.com/support/errata/RHSA-2004-549.html
+ http://www.redhat.com/support/errata/RHSA-2005-283.html
+ http://www.ciac.org/ciac/bulletins/p-047.shtml
+ http://www.securityfocus.com/bid/10599
+ http://secunia.com/advisories/11936
+ http://xforce.iss.net/xforce/xfdb/16459
+Description: 
+ Integer overflow in the ubsec_keysetup function for Linux Broadcom 5820
+ cryptonet driver allows local users to cause a denial of service (crash)
+ and possibly execute arbitrary code via a negative add_dsa_buf_bytes
+ variable, which leads to a buffer overflow.
+Notes: 
+ jmm> I've checked 2.6.8, 2.4.27 and 2.6.14, this is not included in the
+ jmm> stock kernel, only in Red Hat's. I'm marking Woody N/A as well.
+Bugs: 
+upstream: N/A
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
diff --git a/retired/CVE-2004-0626 b/retired/CVE-2004-0626
new file mode 100644
index 00000000..8f50960d
--- /dev/null
+++ b/retired/CVE-2004-0626
@@ -0,0 +1,27 @@
+Candidate: CVE-2004-0626
+References: 
+ http://marc.theaimsgroup.com/?l=bugtraq&m=108861141304495&w=2
+ http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000852
+ http://lwn.net/Articles/91964/
+ http://www.gentoo.org/security/en/glsa/glsa-200407-12.xml
+ http://www.novell.com/linux/security/advisories/2004_20_kernel.html
+ http://xforce.iss.net/xforce/xfdb/16554
+Description: 
+ The tcp_find_option function of the netfilter subsystem in Linux kernel 2.6,
+ when using iptables and TCP options rules, allows remote attackers to cause a
+ denial of service (CPU consumption by infinite loop) via a large option length
+ that produces a negative integer after a casting operation to the char type.
+Notes:
+ jmm> The bug was introduced during a rewrite of the code that accesses the skb's
+ jmm> during earlier 2.6 kernels. 2.4 has the correct u_int8_t declaration.
+Bugs: 
+upstream: released (2.6.8)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
diff --git a/retired/CVE-2004-0685 b/retired/CVE-2004-0685
new file mode 100644
index 00000000..131c021d
--- /dev/null
+++ b/retired/CVE-2004-0685
@@ -0,0 +1,36 @@
+Candidate: CVE-2004-0685
+References: 
+ FEDORA:FLSA:2336
+ URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336
+ GENTOO:GLSA-200408-24
+ URL:http://www.gentoo.org/security/en/glsa/glsa-200408-24.xml
+ TRUSTIX:2004-0041
+ URL:http://www.trustix.net/errata/2004/0041/
+ CONFIRM:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127921
+ CERT-VN:VU#981134
+ URL:http://www.kb.cert.org/vuls/id/981134
+ BID:10892
+ URL:http://www.securityfocus.com/bid/10892
+ XF:linux-usb-gain-privileges(16931)
+ URL:http://xforce.iss.net/xforce/xfdb/16931
+ MISC:http://www.securityspace.com/smysecure/catid.html?id=14580
+Description: 
+ Certain USB drivers in the Linux 2.4 kernel use the copy_to_user function on
+ uninitialized structures, which could allow local users to obtain sensitive
+ information by reading memory that was not cleared from previous usage.
+Notes: 
+ jmm> This was commited into the 2.5/2.6 version before in this changeset:
+ jmm> http://linux.bkbits.net:8080/linux-2.6/cset@3f986b35LyBKc-OxB8G6k22oOjgYTQ
+ jmm> So I'm marking all 2.6 versions N/A 
+Bugs: 
+upstream: released (2.4.27)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.18)
+2.4.18-woody-security-hppa: released (62.4)
diff --git a/retired/CVE-2004-0790 b/retired/CVE-2004-0790
new file mode 100644
index 00000000..765295f8
--- /dev/null
+++ b/retired/CVE-2004-0790
@@ -0,0 +1,44 @@
+Candidate: CVE-2004-0790
+References: 
+ MISC:http://www.watersprings.org/pub/id/draft-gont-tcpm-icmp-attacks-03.txt
+ MISC:http://www.uniras.gov.uk/niscc/docs/al-20050412-00308.html?lang=en
+ MISC:http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html
+ HP:HPSBTU01210
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=112861397904255&w=2
+ HP:SSRT4743
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=112861397904255&w=2
+ HP:SSRT4884
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=112861397904255&w=2
+ MS:MS05-019
+ URL:http://www.microsoft.com/technet/security/bulletin/ms05-019.mspx
+ SUNALERT:57746
+ URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-57746-1
+ OVAL:OVAL3458
+ URL:http://oval.mitre.org/oval/definitions/data/oval3458.html
+ OVAL:OVAL1910
+ URL:http://oval.mitre.org/oval/definitions/data/oval1910.html
+ OVAL:OVAL4804
+ URL:http://oval.mitre.org/oval/definitions/data/oval4804.html
+Description: 
+ Multiple TCP/IP and ICMP implementations allow remote attackers to cause a
+ denial of service (reset TCP connections) via spoofed ICMP error messages, aka
+ the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and
+ CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065,
+ CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that
+ are SPLIT based on the underlying vulnerability. While CVE normally SPLITs
+ based on vulnerability, the attack-based identifiers exist due to the variety
+ and number of affected implementations and solutions that address the attacks
+ instead of the underlying vulnerabilities.
+Notes: 
+Bugs: 305655 305664
+upstream: 
+linux-2.6: 
+2.6.8-sarge-security: released (2.6.8-16) [net-ipv4-icmp-quench.dpatch]
+2.4.27-sarge-security: released (2.4.27-10) [164_net-ipv4-icmp-quench.diff]
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2004-0812 b/retired/CVE-2004-0812
new file mode 100644
index 00000000..f6fba4ae
--- /dev/null
+++ b/retired/CVE-2004-0812
@@ -0,0 +1,36 @@
+Candidate: CVE-2004-0812
+References: 
+ REDHAT:RHSA-2004:549
+ URL:http://www.redhat.com/support/errata/RHSA-2004-549.html
+ CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@3fad673ber4GuU7iWppydzNIyLntEQ
+ CIAC:P-047
+ URL:http://www.ciac.org/ciac/bulletins/p-047.shtml
+ BID:11794
+ URL:http://www.securityfocus.com/bid/11794
+ SECUNIA:13359
+ URL:http://secunia.com/advisories/13359
+ XF:linux-tss-gain-privilege(18346)
+ URL:http://xforce.iss.net/xforce/xfdb/18346
+Description: 
+ Unknown vulnerability in the Linux kernel before 2.4.23, on the AMD AMD64 and
+ Intel EM64T architectures, associated with "setting up TSS limits," allows
+ local users to cause a denial of service (crash) and possibly execute
+ arbitrary code.
+Notes: 
+ jmm> I've verified that above bkbits fixed is included in 2.6.8, so I'm
+ jmm> marking 2.6 N/A
+ jmm> The vulnerable code doesn't seem to be present in 2.4.27. Plus, 2.4
+ jmm> is unsupported for amd64 anyway, so I'm marking it N/A as well for
+ jmm> the 2.4 kernels
+Bugs: 
+upstream: released (2.6.0-test10)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
+2.4.18-woody-security-hppa: N/A
diff --git a/retired/CVE-2004-0814 b/retired/CVE-2004-0814
new file mode 100644
index 00000000..6623e502
--- /dev/null
+++ b/retired/CVE-2004-0814
@@ -0,0 +1,38 @@
+Candidate: CVE-2004-0814
+References: 
+ BUGTRAQ:20041020 CVE-2004-0814: Linux terminal layer races
+ URL:http://www.securityfocus.com/archive/1/379005
+ CONFIRM:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=131672
+ CONFIRM:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=133110
+ FEDORA:FLSA:2336
+ URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336
+ MANDRAKE:MDKSA-2005:022
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022
+ BUGTRAQ:20041214 [USN-38-1] Linux kernel vulnerabilities
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110306397320336&w=2
+ BID:11491
+ URL:http://www.securityfocus.com/bid/11491
+ BID:11492
+ URL:http://www.securityfocus.com/bid/11492
+ XF:linux-tiocsetd-race-condition(17816)
+ URL:http://xforce.iss.net/xforce/xfdb/17816
+Description: 
+ Multiple race conditions in the terminal layer in Linux 2.4.x, and 2.6.x
+ before 2.6.9, allow (1) local users to obtain portions of kernel data via a
+ TIOCSETD ioctl call to a terminal interface that is being accessed by another
+ thread, or (2) remote attackers to cause a denial of service (panic) by
+ switching from console to PPP line discipline, then quickly sending data that
+ is received during the switch.
+Notes: 
+Bugs: 
+upstream: released (2.6.9)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-8) [tty-locking-fixes.dpatch, tty-locking-fixes2.dpatch, tty-locking-fixes3.dpatch, tty-locking-fixes4.dpatch, tty-locking-fixes5.dpatch, tty-locking-fixes6.dpatch, tty-locking-fixes7.dpatch, tty-locking-fixes8.dpatch]
+2.4.27-sarge-security: released (2.4.27-7) [093_tty_lockup.diff, 093_tty_lockup-2.diff, 115_tty_lockup-3.diff, 093-tty_lockup-3.diff]
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2004-0816 b/retired/CVE-2004-0816
new file mode 100644
index 00000000..db95f003
--- /dev/null
+++ b/retired/CVE-2004-0816
@@ -0,0 +1,35 @@
+Candidate: CVE-2004-0816
+References: 
+ MANDRAKE:MDKSA-2005:022
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022
+ SUSE:SUSE-SA:2004:037
+ URL:http://www.novell.com/linux/security/advisories/2004_37_kernel.html
+ BID:11488
+ URL:http://www.securityfocus.com/bid/11488
+ SECUNIA:11202
+ URL:http://secunia.com/advisories/11202/
+ XF:linux-ip-packet-dos(17800)
+ URL:http://xforce.iss.net/xforce/xfdb/17800
+Description: 
+ Integer underflow in the firewall logging rules for iptables in Linux before
+ 2.6.8 allows remote attackers to cause a denial of service (application crash)
+ via a malformed IP packet.
+Notes:
+ jmm> Quoting from http://groups.google.com/group/nz.comp/msg/71ec927b491f247d: 
+ jmm>   The bug, discovered by Richard Hart, does not affect the 2.4 series kernel
+ jmm> Quoting from http://www.novell.com/linux/security/advisories/2004_37_kernel.html:
+ jmm>   This problem has already been fixed in the 2.6.8 upstream Linux kernel,
+ jmm>   this update contains a backport of the fix.
+ jmm> So I'm marking all kernels N/A
+Bugs: 
+upstream: 
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
+2.4.18-woody-security-hppa: N/A
diff --git a/retired/CVE-2004-0883 b/retired/CVE-2004-0883
new file mode 100644
index 00000000..fc843e97
--- /dev/null
+++ b/retired/CVE-2004-0883
@@ -0,0 +1,48 @@
+Candidate: CVE-2004-0883
+References: 
+ BUGTRAQ:20041117 Advisory 14/2004: Linux 2.x smbfs multiple remote vulnerabilities
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110072140811965&w=2
+ MISC:http://security.e-matters.de/advisories/142004.html
+ BUGTRAQ:20041118 [USN-30-1] Linux kernel vulnerabilities
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110082989725345&w=2
+ FEDORA:FLSA:2336
+ URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336
+ MANDRAKE:MDKSA-2005:022
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022
+ REDHAT:RHSA-2004:537
+ URL:http://www.redhat.com/support/errata/RHSA-2004-537.html
+ CERT-VN:VU#726198
+ URL:http://www.kb.cert.org/vuls/id/726198
+ SECUNIA:13232
+ URL:http://secunia.com/advisories/13232/
+ BID:11695
+ URL:http://www.securityfocus.com/bid/11695
+ XF:linux-smbprocreadxdata-dos(18135)
+ URL:http://xforce.iss.net/xforce/xfdb/18135
+ XF:linux-smb-response-dos(18134)
+ URL:http://xforce.iss.net/xforce/xfdb/18134
+ XF:linux-smbreceivetrans2-dos(18136)
+ URL:http://xforce.iss.net/xforce/xfdb/18136
+Description: 
+ Multiple vulnerabilities in the samba filesystem (smbfs) in Linux kernel 2.4
+ and 2.6 allow remote samba servers to cause a denial of service (crash) or
+ gain sensitive information from kernel memory via a samba server (1) returning
+ more data than requested to the smb_proc_read function, (2) returning a data
+ offset from outside the samba packet to the smb_proc_readX function, (3)
+ sending a certain TRANS2 fragmented packet to the smb_receive_trans2 function,
+ (4) sending a samba packet with a certain header size to the
+ smb_proc_readX_data function, or (5) sending a certain packet based offset for
+ the data in a packet to the smb_receive_trans2 function.
+Notes: 
+Bugs: 
+upstream: released (2.4.28-rc3), released (2.6.10)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-9) [smbfs-overflow-fixes-2.dpatch]
+2.4.27-sarge-security: released (2.4.27-6) [111-smb-client-overflow-fix-1.diff, 111-smb-client-overflow-fix-2.diff]
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.18)
+2.4.18-woody-security-hppa: released (62.4)
diff --git a/retired/CVE-2004-0887 b/retired/CVE-2004-0887
new file mode 100644
index 00000000..a9b4ef2e
--- /dev/null
+++ b/retired/CVE-2004-0887
@@ -0,0 +1,23 @@
+Candidate: CVE-2004-0887
+References: 
+ http://www.novell.com/linux/security/advisories/2004_37_kernel.html
+ http://www.securityfocus.com/bid/11489
+ http://xforce.iss.net/xforce/xfdb/17801
+Description: 
+ SUSE Linux Enterprise Server 9 on the S/390 platform does not properly
+ handle a certain privileged instruction, which allows local users to
+ gain root privileges.
+Notes: 
+ dannf> 2.4 looks vulnerable; I've asked waldi's advice on applying it.
+Bugs: 
+upstream: 
+linux-2.6: 
+2.6.8-sarge-security: released (2.6.8-10) [s390-sacf-fix.dpatch]
+2.4.27-sarge-security: released (2.4.27-10sarge2) [206_s390-sacf-fix.diff]
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2004-0949 b/retired/CVE-2004-0949
new file mode 100644
index 00000000..8c716e2d
--- /dev/null
+++ b/retired/CVE-2004-0949
@@ -0,0 +1,40 @@
+Candidate: CVE-2004-0949
+References: 
+ BUGTRAQ:20041117 Advisory 14/2004: Linux 2.x smbfs multiple remote vulnerabilities
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110072140811965&w=2
+ MISC:http://security.e-matters.de/advisories/142004.html
+ FEDORA:FLSA:2336
+ URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336
+ MANDRAKE:MDKSA-2005:022
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022
+ REDHAT:RHSA-2004:537
+ URL:http://www.redhat.com/support/errata/RHSA-2004-537.html
+ TRUSTIX:2004-0061
+ URL:http://www.trustix.org/errata/2004/0061/
+ UBUNTU:USN-30-1
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110082989725345&w=2
+ XF:linux-smbrecvtrans2-memory-leak(18137)
+ URL:http://xforce.iss.net/xforce/xfdb/18137
+ BID:11695
+ URL:http://www.securityfocus.com/bid/11695
+ SECUNIA:13232
+ URL:http://secunia.com/advisories/13232/
+Description: 
+ The smb_recv_trans2 function call in the samba filesystem (smbfs) in Linux
+ kernel 2.4 and 2.6 does not properly handle the re-assembly of fragmented
+ packets correctly, which could allow remote samba servers to (1) read
+ arbitrary kernel information or (2) raise a counter value to an arbitrary
+ number by sending the first part of the fragmented packet multiple times.
+Notes: 
+Bugs: 
+upstream: released (2.4.28-rc3), released (2.6.10)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-13) [smbfs-overrun.dpatch]
+2.4.27-sarge-security: released (2.4.27-6) [111-smb-client-overflow-fix-1.diff, 111-smb-client-overflow-fix-2.diff]
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.18)
+2.4.18-woody-security-hppa: released (62.4)
diff --git a/retired/CVE-2004-1016 b/retired/CVE-2004-1016
new file mode 100644
index 00000000..191860c5
--- /dev/null
+++ b/retired/CVE-2004-1016
@@ -0,0 +1,36 @@
+Candidate: CVE-2004-1016
+References: 
+ VULNWATCH:20041214 Linux kernel scm_send local DoS
+ MISC:http://isec.pl/vulnerabilities/isec-0019-scm.txt
+ UBUNTU:USN-38-1
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110306397320336&w=2
+ FEDORA:FLSA:2336
+ URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336
+ MANDRAKE:MDKSA-2005:022
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022
+ REDHAT:RHSA-2004:689
+ URL:http://www.redhat.com/support/errata/RHSA-2004-689.html
+ XF:linux-scmsend-dos(18483)
+ URL:http://xforce.iss.net/xforce/xfdb/18483
+Description: 
+ The scm_send function in the scm layer for Linux kernel 2.4.x up to 2.4.28,
+ and 2.6.x up to 2.6.9, allows local users to cause a denial of service (system
+ hang) via crafted auxiliary messages that are passed to the sendmsg function,
+ which causes a deadlock condition.
+Notes: 
+ dannf> 2.4.27 has a reference to CVE-2004-1016 in the changelog, but it looks
+        like it referred to the wrong issue - our 2.4.27 may still be
+        vulnerable.
+ dannf> on second review, those patches look correct
+Bugs: 
+upstream: 
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-11) [scm_send-dos-fix.dpatch, scm_send-dos-fix2.dpatch]
+2.4.27-sarge-security: released (2.4.27-7) [116-cmsg-validation-checks.patch, 118-cmsg-validation-checks-compat.patch]
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.18)
+2.4.18-woody-security-hppa: released (62.4)
diff --git a/retired/CVE-2004-1017 b/retired/CVE-2004-1017
new file mode 100644
index 00000000..20d4709b
--- /dev/null
+++ b/retired/CVE-2004-1017
@@ -0,0 +1,27 @@
+Candidate: CVS-2004-1017
+References: 
+ FEDORA:FLSA:2336
+ URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336
+ REDHAT:RHSA-2004:689
+ URL:http://www.redhat.com/support/errata/RHSA-2004-689.html
+ XF:linux-ioedgeport-bo(18433)
+ URL:http://xforce.iss.net/xforce/xfdb/18433
+Description: 
+ Multiple "overflows" in the io_edgeport driver for Linux kernel 2.4.x have
+ unknown impact and unknown attack vectors.
+Notes: 
+ jmm> I've checked 2.6.14, but I didn't find the exact upstream version when
+ jmm> this was fixed
+ jmm> The fix is required for 2.6.8
+Bugs: 
+upstream: 
+linux-2.6: released (2.4.31-rc1, 2.6.10)
+2.6.8-sarge-security: released (2.6.8-16sarge2) [io_edgeport_overflow.dpatch]
+2.4.27-sarge-security: released (2.4.27-9) [137_io_edgeport_overflow.diff]
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.18)
+2.4.18-woody-security-hppa: released (62.4)
diff --git a/retired/CVE-2004-1056 b/retired/CVE-2004-1056
new file mode 100644
index 00000000..e768cfaa
--- /dev/null
+++ b/retired/CVE-2004-1056
@@ -0,0 +1,27 @@
+Candidate: CVE-2004-1056
+References: 
+ UBUNTU:USN-38-1
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110306397320336&w=2
+ FEDORA:FLSA:2336
+ URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336
+ REDHAT:RHSA-2005:092
+ URL:http://www.redhat.com/support/errata/RHSA-2005-092.html
+ XF:linux-i810-dma-dos(15972)
+ URL:http://xforce.iss.net/xforce/xfdb/15972
+Description: 
+ Direct Rendering Manager (DRM) driver in Linux kernel 2.6 does not properly
+ check the DMA lock, which could allow remote attackers or local users to cause
+ a denial of service (X Server crash) and possibly modify the video output.
+Notes: 
+Bugs: 
+upstream: 
+linux-2.6: 
+2.6.8-sarge-security: released (2.6.8-11) [drm-locking-fixes.dpatch]
+2.4.27-sarge-security: released (2.4.27-8) [121_drm-locking-checks-1.diff, 121_drm-locking-checks-2.diff]
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2004-1057 b/retired/CVE-2004-1057
new file mode 100644
index 00000000..fab0fac1
--- /dev/null
+++ b/retired/CVE-2004-1057
@@ -0,0 +1,27 @@
+Candidate: CVE-2004-1057
+References: 
+ MISC:http://www.kernel.org/pub/linux/kernel/people/andrea/kernels/v2.4/2.4.23aa3/00_VM_IO-4
+ REDHAT:RHSA-2005:016
+ URL:http://www.redhat.com/support/errata/RHSA-2005-016.html
+ CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=137821
+ XF:linux-kernel-vmio-dos(19275)
+ URL:http://xforce.iss.net/xforce/xfdb/19275
+Description: 
+ Multiple drivers in Linux kernel 2.4.19 and earlier do not properly mark
+ memory with the VM_IO flag, which causes incorrect reference counts and may
+ lead to a denial of service (kernel panic) when accessing freed kernel pages.
+Notes: 
+ dannf> I see the PageReserved() check in the 2.6 code, going back to 2.4.0
+ dannf> so I'll mark 2.6 N/A
+Bugs: 
+upstream: 
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: released (2.4.27-10) [165_VM_IO.diff]
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2004-1058 b/retired/CVE-2004-1058
new file mode 100644
index 00000000..b5445d34
--- /dev/null
+++ b/retired/CVE-2004-1058
@@ -0,0 +1,28 @@
+Candidate: CVE-2004-1058
+References: 
+ FEDORA:FLSA:152532
+ URL:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152532
+ GENTOO:GLSA-200408-24
+ URL:http://www.gentoo.org/security/en/glsa/glsa-200408-24.xml
+ MANDRAKE:MDKSA-2005:022
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022
+ UBUNTU:USN-38-1
+ URL:http://www.ubuntulinux.org/support/documentation/usn/usn-38-1
+ XF:linux-spawning-race-condition(17151)
+ URL:http://xforce.iss.net/xforce/xfdb/17151
+Description: 
+ Race condition in Linux kernel 2.6 allows local users to read the environment
+ variables of another process that is still spawning via /proc/.../cmdline.
+Notes: 
+Bugs: 
+upstream: released (2.4.33-pre2)
+linux-2.6: 
+2.6.8-sarge-security: released (2.6.8-14) [proc-cmdline-mmput-leak.dpatch]
+2.4.27-sarge-security: released (2.4.27-10sarge2) [203_proc_pid_cmdline_race.diff]
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2004-1068 b/retired/CVE-2004-1068
new file mode 100644
index 00000000..55015143
--- /dev/null
+++ b/retired/CVE-2004-1068
@@ -0,0 +1,33 @@
+Candidate: CVE-2004-1068
+References: 
+ BUGTRAQ:20041119 Addendum, recent Linux <= 2.4.27 vulnerabilities
+ URL:http://www.securityfocus.com/archive/1/381689
+ FEDORA:FLSA:2336
+ URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336
+ MANDRAKE:MDKSA-2005:022
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022
+ REDHAT:RHSA-2004:537
+ URL:http://www.redhat.com/support/errata/RHSA-2004-537.html
+ BUGTRAQ:20041214 [USN-38-1] Linux kernel vulnerabilities
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110306397320336&w=2
+ BID:11715
+ URL:http://www.securityfocus.com/bid/11715
+ XF:linux-afunix-race-condition(18230)
+ URL:http://xforce.iss.net/xforce/xfdb/18230
+Description: 
+ A "missing serialization" error in the unix_dgram_recvmsg function in Linux
+ 2.4.27 and earlier, and 2.6.x up to 2.6.9, allows local users to gain
+ privileges via a race condition.
+Notes: 
+Bugs: 
+upstream: released (2.4.27, 2.6.9)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-11)
+2.4.27-sarge-security: released (2.4.27-7)
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.18)
+2.4.18-woody-security-hppa: released (62.4)
diff --git a/retired/CVE-2004-1069 b/retired/CVE-2004-1069
new file mode 100644
index 00000000..ea4e901e
--- /dev/null
+++ b/retired/CVE-2004-1069
@@ -0,0 +1,24 @@
+Candidate: CVE-2004-1069
+References: 
+ http://marc.theaimsgroup.com/?l=linux-kernel&m=110045613004761
+ http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022
+ http://marc.theaimsgroup.com/?l=bugtraq&m=110306397320336&w=2
+ http://xforce.iss.net/xforce/xfdb/18312
+Description: 
+ Race condition in SELinux 2.6.x through 2.6.9 allows local users to
+ cause a denial of service (kernel crash) via SOCK_SEQPACKET unix
+ domain sockets, which are not properly handled in the sock_dgram_sendmsg
+ function.
+Notes: 
+Bugs: 
+upstream: 
+linux-2.6: 
+2.6.8-sarge-security: released (2.6.8-11)
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2004-1070 b/retired/CVE-2004-1070
new file mode 100644
index 00000000..cb13be15
--- /dev/null
+++ b/retired/CVE-2004-1070
@@ -0,0 +1,30 @@
+Candidate: CVE-2004-1070
+References: 
+ MISC:http://www.isec.pl/vulnerabilities/isec-0017-binfmt_elf.txt
+ FEDORA:FLSA:2336
+ URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336
+ MANDRAKE:MDKSA-2005:022
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022
+ REDHAT:RHSA-2004:549
+ URL:http://www.redhat.com/support/errata/RHSA-2004-549.html
+ XF:linux-elf-setuid-gain-privileges(18025)
+ URL:http://xforce.iss.net/xforce/xfdb/18025
+Description: 
+ The load_elf_binary function in the binfmt_elf loader (binfmt_elf.c) in Linux
+ kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8 , does not properly check
+ return values from calls to the kernel_read function, which may allow local
+ users to modify sensitive memory in a setuid program and execute arbitrary
+ code.
+Notes: 
+Bugs: 
+upstream: 
+linux-2.6: 
+2.6.8-sarge-security: released (2.6.8-9) [elf-loader-fixes.dpatch, elf-loader-fixes-the-return.dpatch]
+2.4.27-sarge-security: released (2.4.27-6) [097-elf_loader_overflow-1.diff, 097-elf_loader_overflow-2.diff, 097-elf_loader_overflow-3.diff, 097-elf_loader_overflow-4.diff]
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.18)
+2.4.18-woody-security-hppa: released (62.4)
diff --git a/retired/CVE-2004-1071 b/retired/CVE-2004-1071
new file mode 100644
index 00000000..14325cbb
--- /dev/null
+++ b/retired/CVE-2004-1071
@@ -0,0 +1,29 @@
+Candidate: CVE-2004-1071
+References: 
+ MISC:http://www.isec.pl/vulnerabilities/isec-0017-binfmt_elf.txt
+ FEDORA:FLSA:2336
+ URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336
+ MANDRAKE:MDKSA-2005:022
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022
+ REDHAT:RHSA-2004:537
+ URL:http://www.redhat.com/support/errata/RHSA-2004-537.html
+ XF:linux-elf-setuid-gain-privileges(18025)
+ URL:http://xforce.iss.net/xforce/xfdb/18025
+Description: 
+ The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and
+ 2.6.x up to 2.6.8, does not properly handle a failed call to the mmap
+ function, which causes an incorrect mapped image and may allow local users to
+ execute arbitrary code.
+Notes: 
+Bugs: 
+upstream: 
+linux-2.6: 
+2.6.8-sarge-security: released (2.6.8-9) [elf-loader-fixes.dpatch, elf-loader-fixes-the-return.dpatch]
+2.4.27-sarge-security: released (2.4.27-6) [097-elf_loader_overflow-1.diff, 097-elf_loader_overflow-2.diff, 097-elf_loader_overflow-3.diff, 097-elf_loader_overflow-4.diff]
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.18)
+2.4.18-woody-security-hppa: released (62.4)
diff --git a/retired/CVE-2004-1072 b/retired/CVE-2004-1072
new file mode 100644
index 00000000..822e3a63
--- /dev/null
+++ b/retired/CVE-2004-1072
@@ -0,0 +1,32 @@
+Candidate: CVE-2004-1072
+References: 
+ MISC:http://www.isec.pl/vulnerabilities/isec-0017-binfmt_elf.txt
+ FEDORA:FLSA:2336
+ URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336
+ MANDRAKE:MDKSA-2005:022
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022
+ REDHAT:RHSA-2004:537
+ URL:http://www.redhat.com/support/errata/RHSA-2004-537.html
+ REDHAT:RHSA-2005:275
+ URL:http://www.redhat.com/support/errata/RHSA-2005-275.html
+ XF:linux-elf-setuid-gain-privileges(18025)
+ URL:http://xforce.iss.net/xforce/xfdb/18025
+Description: 
+ The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and
+ 2.6.x up to 2.6.8, may create an interpreter name string that is not NULL
+ terminated, which could cause strings longer than PATH_MAX to be used, leading
+ to buffer overflows that allow local users to cause a denial of service (hang)
+ and possibly execute arbitrary code.
+Notes: 
+Bugs: 
+upstream: 
+linux-2.6: 
+2.6.8-sarge-security: released (2.6.8-9) [elf-loader-fixes.dpatch, elf-loader-fixes-the-return.dpatch]
+2.4.27-sarge-security: released (2.4.27-6) [097-elf_loader_overflow-1.diff, 097-elf_loader_overflow-2.diff, 097-elf_loader_overflow-3.diff, 097-elf_loader_overflow-4.diff]
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.18)
+2.4.18-woody-security-hppa: released (62.4)
diff --git a/retired/CVE-2004-1073 b/retired/CVE-2004-1073
new file mode 100644
index 00000000..21cc9e6c
--- /dev/null
+++ b/retired/CVE-2004-1073
@@ -0,0 +1,28 @@
+Candidate: CVE-2004-1073
+References: 
+ MISC:http://www.isec.pl/vulnerabilities/isec-0017-binfmt_elf.txt
+ FEDORA:FLSA:2336
+ URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336
+ MANDRAKE:MDKSA-2005:022
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022
+ REDHAT:RHSA-2004:549
+ URL:http://www.redhat.com/support/errata/RHSA-2004-549.html
+ XF:linux-elf-setuid-gain-privileges(18025)
+ URL:http://xforce.iss.net/xforce/xfdb/18025
+Description: 
+ The open_exec function in the execve functionality (exec.c) in Linux kernel
+ 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, allows local users to read
+ non-readable ELF binaries by using the interpreter (PT_INTERP) functionality.
+Notes: 
+Bugs: 
+upstream: 
+linux-2.6: 
+2.6.8-sarge-security: released (2.6.8-9) [elf-loader-fixes.dpatch, elf-loader-fixes-the-return.dpatch]
+2.4.27-sarge-security: released (2.4.27-6) [097-elf_loader_overflow-1.diff, 097-elf_loader_overflow-2.diff, 097-elf_loader_overflow-3.diff, 097-elf_loader_overflow-4.diff]
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.18)
+2.4.18-woody-security-hppa: released (62.4)
diff --git a/retired/CVE-2004-1137 b/retired/CVE-2004-1137
new file mode 100644
index 00000000..de8f91b6
--- /dev/null
+++ b/retired/CVE-2004-1137
@@ -0,0 +1,39 @@
+Candidate: CVE-2004-1137
+References: 
+ VULNWATCH:20041214 Linux kernel IGMP vulnerabilities
+ BUGTRAQ:20041214 Linux kernel IGMP vulnerabilities
+ MISC:http://isec.pl/vulnerabilities/isec-0018-igmp.txt
+ CONECTIVA:CLA-2005:930
+ URL:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930
+ FEDORA:FLSA:2336
+ URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336
+ MANDRAKE:MDKSA-2005:022
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022
+ REDHAT:RHSA-2005:092
+ URL:http://www.redhat.com/support/errata/RHSA-2005-092.html
+ BUGTRAQ:20041214 [USN-38-1] Linux kernel vulnerabilities
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110306397320336&w=2
+ XF:linux-igmpmarksources-dos(18482)
+ URL:http://xforce.iss.net/xforce/xfdb/18482
+ XF:linux-ipmcsource-code-execution(18481)
+ URL:http://xforce.iss.net/xforce/xfdb/18481
+Description: 
+ Multiple vulnerabilities in the IGMP functionality for Linux kernel 2.4.22 to
+ 2.4.28, and 2.6.x to 2.6.9, allow local and remote attackers to cause a denial
+ of service or execute arbitrary code via (1) the ip_mc_source function, which
+ decrements a counter to -1, or (2) the igmp_marksources function, which does
+ not properly validate IGMP message parameters and performs an out-of-bounds
+ read.
+Notes: 
+Bugs: 
+upstream: 
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-11) [igmp-src-list-fix.dpatch]
+2.4.27-sarge-security: released (2.4.27-7) [117-igmp-source-filter-fixes.patch]
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2004-1144 b/retired/CVE-2004-1144
new file mode 100644
index 00000000..84734f73
--- /dev/null
+++ b/retired/CVE-2004-1144
@@ -0,0 +1,27 @@
+Candidate: CVE-2004-1144
+References: 
+ REDHAT:RHSA-2004:689
+ URL:http://www.redhat.com/support/errata/RHSA-2004-689.html
+ SUSE:SUSE-SA:2004:046
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110376890429798&w=2
+ XF:linux-32bit-emulation-gain-privileges(18686)
+ URL:http://xforce.iss.net/xforce/xfdb/18686
+Description: 
+ Unknown vulnerability in the 32bit emulation code in Linux 2.4 on AMD64
+ systems allows local users to gain privileges.
+Notes: 
+ jmm> 2.6 is not affected, see the comment by Andi Kleen from the patch:
+ jmm> # The problem only occurs on 2.4 x86-64 kernels, 2.6 doesn't have this
+ jmm> # hole because some unrelated changes in 2.5 fixed it as a side effect.
+Bugs: 
+upstream: 
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: released (2.4.27-9) [138_amd64_syscall_vuln.diff]
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2004-1151 b/retired/CVE-2004-1151
new file mode 100644
index 00000000..a5f83c36
--- /dev/null
+++ b/retired/CVE-2004-1151
@@ -0,0 +1,28 @@
+Candidate: CVE-2004-1151
+References: 
+ MLIST:[linux-kernel] 20041130 Buffer overrun in arch/x86_64/sys_ia32.c:sys32_ni_syscall()
+ URL:http://www.ussg.iu.edu/hypermail/linux/kernel/0411.3/1467.html
+ MISC:http://linux.bkbits.net:8080/linux-2.6/cset@1.2079
+ MISC:http://linux.bkbits.net:8080/linux-2.6/gnupatch@41ae6af1cR3mJYlW6D8EHxCKSxuJiQ
+ MANDRAKE:MDKSA-2005:022
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022
+ BUGTRAQ:20041214 [USN-38-1] Linux kernel vulnerabilities
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110306397320336&w=2
+Description: 
+ Multiple buffer overflows in the (1) sys32_ni_syscall and (2)
+ sys32_vm86_warning functions in sys_ia32.c for Linux 2.6.x may allow local
+ attackers to modify kernel memory and gain privileges.
+Notes: 
+ <= 2.4.27 doesn't look vulnerable, and we don't have 2.4/x86_64 anyway.
+Bugs: 
+upstream: released (2.6.10)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-11) [arch-x86_64-sys32_ni-overflow.dpatch]
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
+2.4.18-woody-security-hppa: N/A
diff --git a/retired/CVE-2004-1234 b/retired/CVE-2004-1234
new file mode 100644
index 00000000..b262dcc7
--- /dev/null
+++ b/retired/CVE-2004-1234
@@ -0,0 +1,35 @@
+Candidate: CVE-2004-1234
+References: 
+ FEDORA:FLSA:2336
+ URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336
+ REDHAT:RHSA-2004:689
+ URL:http://www.redhat.com/support/errata/RHSA-2004-689.html
+ CONFIRM:http://linux.bkbits.net:8080/linux-2.4/cset@4076466d_SqUm4azg4_v3FIG2-X6XQ
+ CONFIRM:http://linux.bkbits.net:8080/linux-2.4/cset@4076466d_SqUm4azg4_v3FIG2-X6XQ
+ CONFIRM:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=142965
+ BID:12101
+ URL:http://www.securityfocus.com/bid/12101
+ XF:linux-loadelfbinary-dos(18687)
+ URL:http://xforce.iss.net/xforce/xfdb/18687
+Description: 
+ load_elf_binary in Linux before 2.4.26 allows local users to cause a denial of
+ service (system crash) via an ELF binary in which the interpreter is NULL.
+Notes: 
+ jmm> I don't know at which version this was merged into 2.6, but I've verified
+ jmm> that above-mentioned fix is included in 2.6.8's binfmt_elf.c:
+ jmm>  out_free_dentry:
+ jmm>         allow_write_access(interpreter);
+ jmm>       if (interpreter)
+ jmm>            fput(interpreter);
+Bugs: 
+upstream: released (2.4.26-rc3)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.18)
+2.4.18-woody-security-hppa: released (62.4)
diff --git a/retired/CVE-2004-1235 b/retired/CVE-2004-1235
new file mode 100644
index 00000000..122bb271
--- /dev/null
+++ b/retired/CVE-2004-1235
@@ -0,0 +1,43 @@
+Candidate: CVE-2004-1235
+References: 
+ BUGTRAQ:20050107 Linux kernel sys_uselib local root vulnerability
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110512575901427&w=2
+ MISC:http://isec.pl/vulnerabilities/isec-0021-uselib.txt
+ CONECTIVA:CLA-2005:930
+ URL:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930
+ FEDORA:FEDORA-2005-013
+ URL:http://www.securityfocus.com/advisories/7806
+ FEDORA:FEDORA-2005-014
+ URL:http://www.securityfocus.com/advisories/7805
+ FEDORA:FLSA:2336
+ URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336
+ MANDRAKE:MDKSA-2005:022
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022
+ REDHAT:RHSA-2005:043
+ URL:http://www.redhat.com/support/errata/RHSA-2005-043.html
+ REDHAT:RHSA-2005:092
+ URL:http://www.redhat.com/support/errata/RHSA-2005-092.html
+ TRUSTIX:2005-0001
+ URL:http://www.trustix.org/errata/2005/0001/
+ CONFIRM:http://www.securityfocus.com/advisories/7804
+ BID:12190
+ URL:http://www.securityfocus.com/bid/12190
+ XF:linux-uselib-gain-privileges(18800)
+ URL:http://xforce.iss.net/xforce/xfdb/18800
+Description: 
+ Race condition in the (1) load_elf_library and (2) binfmt_aout function calls
+ for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows
+ local users to execute arbitrary code by manipulating the VMA descriptor.
+Notes: 
+Bugs: 
+upstream: 
+linux-2.6: 
+2.6.8-sarge-security: released (2.6.8-12) [028-do_brk_security_fixes.dpatch]
+2.4.27-sarge-security: released (2.4.27-8) [122_sec_brk-locked.diff]
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.18)
+2.4.18-woody-security-hppa: released (62.4)
diff --git a/retired/CVE-2004-1237 b/retired/CVE-2004-1237
new file mode 100644
index 00000000..099e2cf7
--- /dev/null
+++ b/retired/CVE-2004-1237
@@ -0,0 +1,28 @@
+Candidate: CVE-2004-1237
+References: 
+ http://www.redhat.com/support/errata/RHSA-2005-043.html
+ https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=132245
+ https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=141996
+ https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=142091
+ https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=142442
+ https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=143886
+ https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=144048
+Description: 
+ Unknown vulnerability in the system call filtering code in the audit
+ subsystem for Red Hat Enterprise Linux 3 allows local users to cause
+ a denial of service (system crash) via unknown vectors.
+Notes: 
+ jmm> What a remarkably concrete description :-)
+ jmm> I found the Bugzilla entries above and this seems RHEL specific.
+ jmm> I'm marking it at such, but please double-check someone
+Bugs: 
+upstream: N/A
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
diff --git a/retired/CVE-2004-1333 b/retired/CVE-2004-1333
new file mode 100644
index 00000000..9f40c436
--- /dev/null
+++ b/retired/CVE-2004-1333
@@ -0,0 +1,32 @@
+Candidate: CVE-2004-1333
+References: 
+ FULLDISC:20041215 fun with linux kernel
+ URL:http://www.securitytrap.com/mail/full-disclosure/2004/Dec/0323.html
+ MISC:http://www.guninski.com/where_do_you_want_billg_to_go_today_2.html
+ FEDORA:FLSA:152532
+ URL:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152532
+ SUSE:SUSE-SA:2005:018
+ URL:http://www.novell.com/linux/security/advisories/2005_18_kernel.html
+ UBUNTU:USN-47-1
+ URL:http://www.ubuntulinux.org/support/documentation/usn/usn-47-1
+ BID:11956
+ URL:http://www.securityfocus.com/bid/11956
+ XF:linux-vcresize-dos(18523)
+ URL:http://xforce.iss.net/xforce/xfdb/18523
+Description: 
+ Integer overflow in the vc_resize function in the Linux kernel 2.4 and 2.6
+ before 2.6.10 allows local users to cause a denial of service (kernel crash)
+ via a short new screen value, which leads to a buffer overflow.
+Notes: 
+Bugs: 
+upstream: released (2.6.10)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-11) [vt-of-death.dpatch]
+2.4.27-sarge-security: released (2.4.27-9) [136_vc_resizing_overflow.diff]
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.18)
+2.4.18-woody-security-hppa: released (62.4)
diff --git a/retired/CVE-2004-1334 b/retired/CVE-2004-1334
new file mode 100644
index 00000000..6ac0f8dd
--- /dev/null
+++ b/retired/CVE-2004-1334
@@ -0,0 +1,25 @@
+Candidate: CVE-2004-1334
+References: 
+ http://www.securitytrap.com/mail/full-disclosure/2004/Dec/0323.html
+ http://marc.theaimsgroup.com/?l=bugtraq&m=110383108211524&w=2
+ http://www.guninski.com/where_do_you_want_billg_to_go_today_2.html
+ http://www.securityfocus.com/bid/11956
+ http://xforce.iss.net/xforce/xfdb/18522
+Description: 
+ Integer overflow in the ip_options_get function in the Linux kernel before
+ 2.6.10 allows local users to cause a denial of service (kernel crash) via a
+ cmsg_len that contains a -1, which leads to a buffer overflow.
+Notes: 
+ dannf> This is a duplicate of CAN-2004-1016
+Bugs: 
+upstream: 
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-11) [scm_send-dos-fix.dpatch, scm_send-dos-fix2.dpatch]
+2.4.27-sarge-security: released (2.4.27-7) [116-cmsg-validation-checks.patch, 118-cmsg-validation-checks-compat.patch]
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.18)
+2.4.18-woody-security-hppa: released (62.4)
diff --git a/retired/CVE-2004-1335 b/retired/CVE-2004-1335
new file mode 100644
index 00000000..70b11309
--- /dev/null
+++ b/retired/CVE-2004-1335
@@ -0,0 +1,28 @@
+Candidate: CVE-2004-1335
+References: 
+ FULLDISC:20041215 fun with linux kernel
+ URL:http://www.securitytrap.com/mail/full-disclosure/2004/Dec/0323.html
+ MISC:http://www.guninski.com/where_do_you_want_billg_to_go_today_2.html
+ BUGTRAQ:20041215 [USN-47-1] Linux kernel vulnerabilities
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110383108211524&w=2
+ BID:11956
+ URL:http://www.securityfocus.com/bid/11956
+ XF:linux-ipoptionsget-memory-leak(18524)
+ URL:http://xforce.iss.net/xforce/xfdb/18524
+Description: 
+ Memory leak in the ip_options_get function in the Linux kernel before 2.6.10
+ allows local users to cause a denial of service (memory consumption) by
+ repeatedly calling the ip_cmsg_send function.
+Notes: 
+Bugs: 
+upstream: released (2.6.10)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-11) [fix-ip-options-leak.dpatch]
+2.4.27-sarge-security: released (2.4.27-9) [135_fix_ip_options_leak.diff]
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.18)
+2.4.18-woody-security-hppa: released (62.4)
diff --git a/retired/CVE-2004-1337 b/retired/CVE-2004-1337
new file mode 100644
index 00000000..53542701
--- /dev/null
+++ b/retired/CVE-2004-1337
@@ -0,0 +1,28 @@
+Candidate: 
+References: 
+ BUGTRAQ:20041223 Linux 2.6 Kernel Capability LSM Module Local Privilege Elevation
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110384535113035&w=2
+ CONECTIVA:CLA-2005:930
+ URL:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930
+ BID:12093
+ URL:http://www.securityfocus.com/bid/12093
+ XF:linux-security-module-gain-privileges(18673)
+ URL:http://xforce.iss.net/xforce/xfdb/18673
+Description: 
+ The POSIX Capability Linux Security Module (LSM) for Linux kernel 2.6 does not
+ properly handle the credentials of a process that is launched before the
+ module is loaded, which allows local users to gain privileges.
+Notes: 
+ dannf> This code isn't in <= 2.4.27
+Bugs: 
+upstream: released (2.6.11)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-14) [025-track_dummy_capability.dpatch, 027-track_dummy_capability.dpatch]
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
+2.4.18-woody-security-hppa: N/A
diff --git a/retired/CVE-2004-2013 b/retired/CVE-2004-2013
new file mode 100644
index 00000000..d965a45b
--- /dev/null
+++ b/retired/CVE-2004-2013
@@ -0,0 +1,27 @@
+Candidate: CVE-2004-2013
+References: 
+ http://archives.neohapsis.com/archives/bugtraq/2004-05/0091.html
+ http://lists.netsys.com/pipermail/full-disclosure/2004-May/021223.html 
+ http://marc.theaimsgroup.com/?l=bugtraq&m=108456230815842&w=2
+ http://www.securityfocus.com/bid/10326
+ http://xforce.iss.net/xforce/xfdb/16117
+Description: 
+ Integer overflow in the SCTP_SOCKOPT_DEBUG_NAME SCTP socket option in socket.c
+ in the Linux kernel 2.4.25 and earlier allows local users to execute arbitrary
+ code via an optlen value of -1, which causes kmalloc to allocate 0 bytes of
+ memory.
+Notes: 
+ jmm> http://archives.neohapsis.com/archives/bugtraq/2004-05/0091.html
+ jmm> The vulnerable socket option was removed entirely in 2.4.26 and 2.6.*,
+ jmm> Woody could be affected, though
+Bugs: 
+upstream: released (2.4.26)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
diff --git a/retired/CVE-2004-2302 b/retired/CVE-2004-2302
new file mode 100644
index 00000000..f39ee81f
--- /dev/null
+++ b/retired/CVE-2004-2302
@@ -0,0 +1,25 @@
+Candidate: CVE-2004-2302
+References: 
+ http://linux.bkbits.net:8080/linux-2.6/cset%404186a4deVoR88JjTwMa3ZnIp-_YJsA
+ http://kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.10-rc1/2.6.10-rc1-mm1/broken-out/fix-race-in-sysfs_read_file-and-sysfs_write_file.patch
+ http://frontal2.mandriva.com/security/advisories?name=MDKSA-2005:218
+ http://frontal2.mandriva.com/security/advisories?name=MDKSA-2005:219
+ http://www.novell.com/linux/security/advisories/2005_44_kernel.html
+Description: 
+ Race condition in the sysfs_read_file and sysfs_write_file functions in Linux
+ kernel before 2.6.10 allows local users to read kernel memory and cause a
+ denial of service (crash) via large offsets in sysfs files.
+Notes: 
+ dannf> sysfs is only in 2.6, so marking 2.4 N/A
+Bugs: 322339
+upstream: released (2.6.10)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-16sarge1) [fs-sysfs-read-write-race.dpatch]
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
+2.4.18-woody-security-hppa: N/A
diff --git a/retired/CVE-2004-2536 b/retired/CVE-2004-2536
new file mode 100644
index 00000000..5ae37d27
--- /dev/null
+++ b/retired/CVE-2004-2536
@@ -0,0 +1,28 @@
+Candidate: CVE-2004-2536
+References: 
+ http://www.ussg.iu.edu/hypermail/linux/kernel/0405.0/1242.html
+ http://www.ussg.iu.edu/hypermail/linux/kernel/0405.0/1265.html
+ http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.6
+Description: 
+ The exit_thread function (process.c) in Linux kernel 2.6 through
+ 2.6.5 does not invalidate the per-TSS io_bitmap pointers if a
+ process obtains IO access permissions from the ioperm function but
+ does not drop those permissions when it exits, which allows other
+ processes to access the per-TSS pointers, access restricted memory
+ locations, and possibly gain privileges.
+Notes: 
+ Horms> Tested against kernel-image-2.4.27-2-686 2.4.27-11 which does not
+ seem to exhibit the problem, although the code suggests it might.  I guess
+ its just a 2.6 problem. I marked 2.4.27 and the woody kernels N/A
+Bugs: 
+upstream: released (2.6.6)
+linux-2.6: N/A 
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
+2.4.18-woody-security-hppa: N/A
diff --git a/retired/CVE-2004-2607 b/retired/CVE-2004-2607
new file mode 100644
index 00000000..ec1da937
--- /dev/null
+++ b/retired/CVE-2004-2607
@@ -0,0 +1,30 @@
+Candidate: CVE-2004-2607 
+References: 
+ http://www.uwsg.iu.edu/hypermail/linux/kernel/0404.2/0313.html
+ http://www.kernel.org/git/?p=linux/kernel/git/tglx/history.git;a=commitdiff;h=98cd917c1ac348d5cd94beabecc3011dcaa0a0f2
+Description: 
+ A numeric casting discrepancy in sdla_xfer in Linux kernel 2.6.x up to
+ 2.6.5 and 2.4 up to 2.4.29-rc1 allows local users to read portions of
+ kernel memory via a large len argument, which is received as an int but
+ cast to a short, which prevents a read loop from filling a buffer.
+Notes: 
+ jmm> The referenced patch was applied by Jeff Garzik on 2004-04-16,
+ jmm> 2.6.6 was released on 2004-05-09, so Sarge seems not affected, should
+ jmm> be double-checked against the source though, but my bandwidth is currently
+ jmm> too slim to download 2.6.8
+ jmm>
+ jmm> The fix below is for a completely different issue, I've split it out
+ horms> Fix was included in 2.6.6. Checked source and 2.6.8 is not vulnerable
+ horms> 2.4.27 is vulnerable, added fix to SVN. Woody is likely vulnerable
+Bugs: 
+upstream: released (2.4.33-pre2), released (2.6.6)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: released (2.4.27-10sarge2) [200_net_sdla_xfer_leak.diff]
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2005-0001 b/retired/CVE-2005-0001
new file mode 100644
index 00000000..97943e59
--- /dev/null
+++ b/retired/CVE-2005-0001
@@ -0,0 +1,42 @@
+Candidate: CVE-2005-0001
+References: 
+ BUGTRAQ:20050112 Linux kernel i386 SMP page fault handler privilege escalation
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110554694522719&w=2
+ FULLDISC:20050112 Linux kernel i386 SMP page fault handler privilege escalation
+ URL:http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030826.html
+ MISC:http://isec.pl/vulnerabilities/isec-0022-pagefault.txt
+ CONECTIVA:CLA-2005:930
+ URL:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930
+ FEDORA:FLSA:2336
+ URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336
+ MANDRAKE:MDKSA-2005:022
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022
+ REDHAT:RHSA-2005:043
+ URL:http://www.redhat.com/support/errata/RHSA-2005-043.html
+ REDHAT:RHSA-2005:092
+ URL:http://www.redhat.com/support/errata/RHSA-2005-092.html
+ TRUSTIX:2005-0001
+ URL:http://www.trustix.org/errata/2005/0001/
+ BUGTRAQ:20050114 [USN-60-0] Linux kernel vulnerabilities
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110581146702951&w=2
+ XF:linux-fault-handler-gain-privileges(18849)
+ URL:http://xforce.iss.net/xforce/xfdb/18849
+Description: 
+ Race condition in the page fault handler (fault.c) for Linux kernel 2.2.x to
+ 2.2.7, 2.4 to 2.4.29, and 2.6 to 2.6.10, when running on multiprocessor
+ machines, allows local users to execute arbitrary code via concurrent threads
+ that share the same virtual memory space and simultaneously request stack
+ expansion.
+Notes: 
+Bugs: 
+upstream: 
+linux-2.6: 
+2.6.8-sarge-security: released (2.6.8-13) [034-stack_resize_exploit.dpatch]
+2.4.27-sarge-security: released (2.4.27-8) [131_expand_stack_race.diff]
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.18)
+2.4.18-woody-security-hppa: released (62.4)
diff --git a/retired/CVE-2005-0003 b/retired/CVE-2005-0003
new file mode 100644
index 00000000..77071990
--- /dev/null
+++ b/retired/CVE-2005-0003
@@ -0,0 +1,34 @@
+Candidate: CVE-2005-0003
+References: 
+ CONFIRM:http://linux.bkbits.net:8080/linux-2.4/cset@41c36fb6q1Z68WUzKQFjJR-40Ev3tw
+ MANDRAKE:MDKSA-2005:022
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022
+ REDHAT:RHSA-2005:043
+ URL:http://www.redhat.com/support/errata/RHSA-2005-043.html
+ SUSE:SUSE-SA:2005:018
+ URL:http://www.novell.com/linux/security/advisories/2005_18_kernel.html
+ TRUSTIX:2005-0001
+ URL:http://www.trustix.org/errata/2005/0001/
+ MISC:http://linux.bkbits.net:8080/linux-2.6/cset@41a6721cce-LoPqkzKXudYby_3TUmg
+ BID:12261
+ URL:http://www.securityfocus.com/bid/12261
+ XF:linux-vma-gain-privileges(18886)
+ URL:http://xforce.iss.net/xforce/xfdb/18886
+Description: 
+ The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit
+ architectures, does not properly check for overlapping VMA (virtual memory
+ address) allocations, which allows local users to cause a denial of service
+ (system crash) or execute arbitrary code via a crafted ELF or a.out file.
+Notes: 
+Bugs: 
+upstream: released (2.6.10)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-11) [binfmt-huge-vma-dos2.dpatch]
+2.4.27-sarge-security: released (2.4.27-9) [145_insert_vm_struct-no-BUG.patch]
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.18)
+2.4.18-woody-security-hppa: released (62.4)
diff --git a/retired/CVE-2005-0090 b/retired/CVE-2005-0090
new file mode 100644
index 00000000..3a6ff8b0
--- /dev/null
+++ b/retired/CVE-2005-0090
@@ -0,0 +1,22 @@
+Candidate: CVE-2005-0090
+References: 
+ A regression error in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split
+ patch omits an "access check," which allows local users to cause a denial
+ of service (crash).
+Description:
+ http://www.redhat.com/support/errata/RHSA-2005-092.html
+ http://www.securityfocus.com/bid/12599
+ http://xforce.iss.net/xforce/xfdb/20618
+Notes:
+ Red Hat specific vulnerability
+Bugs: 
+upstream: 
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
diff --git a/retired/CVE-2005-0091 b/retired/CVE-2005-0091
new file mode 100644
index 00000000..589abd45
--- /dev/null
+++ b/retired/CVE-2005-0091
@@ -0,0 +1,22 @@
+Candidate: CVE-2005-0091
+References: 
+ http://www.redhat.com/support/errata/RHSA-2005-092.html
+ http://www.securityfocus.com/bid/12599
+ http://xforce.iss.net/xforce/xfdb/20619
+Description: 
+ Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split
+ patch, when using the hugemem kernel, allows local users to read and write to
+ arbitrary kernel memory and gain privileges via certain syscalls.
+Notes:
+ Red Hat specific. 
+Bugs: 
+upstream: N/A
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
diff --git a/retired/CVE-2005-0092 b/retired/CVE-2005-0092
new file mode 100644
index 00000000..426e1b21
--- /dev/null
+++ b/retired/CVE-2005-0092
@@ -0,0 +1,22 @@
+Candidate: CVE-2005-0092
+References: 
+ http://www.redhat.com/support/errata/RHSA-2005-092.html
+ http://www.securityfocus.com/bid/12599
+ http://xforce.iss.net/xforce/xfdb/20620
+Description: 
+ Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split
+ patch, when running on x86 with the hugemem kernel, allows local users to
+ cause a denial of service (crash).
+Notes:
+ Red Hat specific. 
+Bugs: 
+upstream: N/A
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
diff --git a/retired/CVE-2005-0135 b/retired/CVE-2005-0135
new file mode 100644
index 00000000..372db1a5
--- /dev/null
+++ b/retired/CVE-2005-0135
@@ -0,0 +1,28 @@
+Candidate: CVE-2005-0135
+References: 
+ REDHAT:RHSA-2005:284
+ URL:http://www.redhat.com/support/errata/RHSA-2005-284.html
+ REDHAT:RHSA-2005:366
+ URL:http://www.redhat.com/support/errata/RHSA-2005-366.html
+ CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=148868
+ CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@41f2beablXVnAs_6fznhhITh1j5hZg
+ SECUNIA:15019
+ URL:http://secunia.com/advisories/15019
+Description: 
+ The unw_unwind_to_user function in unwind.c on Itanium (ia64) architectures in
+ Linux kernel 2.6 allows local users to cause a denial of service (system
+ crash).
+Notes: 
+ dannf> This is fixed in kernel-patch-2.4.27-ia64
+Bugs: 
+upstream: released (linux-2.4.29-ia64-050312.diff, 2.6.11)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-14) [ia64-unwind-fix.dpatch]
+2.4.27-sarge-security: released (2.4.27-10)
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.18)
+2.4.18-woody-security-hppa: released (62.4)
diff --git a/retired/CVE-2005-0136 b/retired/CVE-2005-0136
new file mode 100644
index 00000000..b17e5920
--- /dev/null
+++ b/retired/CVE-2005-0136
@@ -0,0 +1,18 @@
+Candidate: CVE-2005-0136
+References: 
+ ** RESERVED **
+Description: 
+Notes: 
+ dannf> This is fixed in kernel-patch-2.4.27-ia64
+Bugs: 
+upstream: released (linux-2.4.29-ia64-050312.diff, 2.6.11)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-14) [ia64-ptrace-fixes.dpatch, ia64-ptrace-speedup.dpatch]
+2.4.27-sarge-security: released (2.4.27-10)
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2005-0137 b/retired/CVE-2005-0137
new file mode 100644
index 00000000..d20391d8
--- /dev/null
+++ b/retired/CVE-2005-0137
@@ -0,0 +1,23 @@
+Candidate: CVE-2005-0137
+References: 
+ REDHAT:RHSA-2005:284
+ URL:http://www.redhat.com/support/errata/RHSA-2005-284.html
+ REDHAT:RHSA-2005:293
+ URL:http://www.redhat.com/support/errata/RHSA-2005-293.html
+Description: 
+ Linux kernel 2.6 on Itanium (ia64) architectures allows local users to cause a
+ denial of service via a "missing Itanium syscall table entry."
+Notes: 
+ dannf> This is actually 2.4 specific - the mitre description is incorrect.
+Bugs: 
+upstream: released (2.4.30-rc2)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: released (2.4.27-10) [165_arch-ia64-kernel-missing-sysctl.diff]
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2005-0176 b/retired/CVE-2005-0176
new file mode 100644
index 00000000..87dd16a6
--- /dev/null
+++ b/retired/CVE-2005-0176
@@ -0,0 +1,27 @@
+Candidate: CVE-2005-0176
+References: 
+ http://marc.theaimsgroup.com/?l=full-disclosure&m=110846102231365&w=2
+ http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930
+ http://www.redhat.com/support/errata/RHSA-2005-092.html
+ http://oval.mitre.org/oval/definitions/data/oval1225.html
+ http://www.kernel.org/git/?p=linux/kernel/git/tglx/history.git;a=commit;h=2637792e3d9ae50079238615fd16384a0d393b30
+Description: 
+ The shmctl function in Linux 2.6.9 and earlier allows local users to unlock
+ the memory of other processes, which could cause sensitive memory to be swapped
+ to disk, which could allow it to be read by other users once it has been released.
+Notes: 
+ It appears that 2.6.8 and earlier are not vulnerable as prior to the
+ following patch, local users could not effect lock or unlock
+ http://www.kernel.org/git/?p=linux/kernel/git/tglx/history.git;a=commit;h=16698c49bbb42567c0bbc528d3820d18885e4642
+ That is, only 2.6.10 is effected.
+Bugs: 
+upstream: 
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
diff --git a/retired/CVE-2005-0177 b/retired/CVE-2005-0177
new file mode 100644
index 00000000..c87b5954
--- /dev/null
+++ b/retired/CVE-2005-0177
@@ -0,0 +1,26 @@
+Candidate: CVE-2005-0177
+References: 
+ CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@41e2bfbeOiXFga62XrBhzm7Kv9QDmQ
+ CONECTIVA:CLA-2005:930
+ URL:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930
+ REDHAT:RHSA-2005:092
+ URL:http://www.redhat.com/support/errata/RHSA-2005-092.html
+ BUGTRAQ:20050215 [USN-82-1] Linux kernel vulnerabilities
+ URL:http://marc.theaimsgroup.com/?l=full-disclosure&m=110846102231365&w=2
+Description: 
+ nls_ascii.c in Linux before 2.6.8.1 uses an incorrect table size, which allows
+ attackers to cause a denial of service (kernel crash) via a buffer overflow.
+Notes: 
+ dannf> nls_ascii.c isn't in <= 2.4.27
+Bugs: 
+upstream: released (2.6.8.1, 2.6.11)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-14) [nls-table-overflow.dpatch]
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
+2.4.18-woody-security-hppa: N/A
diff --git a/retired/CVE-2005-0178 b/retired/CVE-2005-0178
new file mode 100644
index 00000000..eb3a56dd
--- /dev/null
+++ b/retired/CVE-2005-0178
@@ -0,0 +1,30 @@
+Candidate: CVE-2005-0178
+References: 
+ CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@41ddda70CWJb5nNL71T4MOlG2sMG8A
+ CONECTIVA:CLA-2005:930
+ URL:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930
+ REDHAT:RHSA-2005:092
+ URL:http://www.redhat.com/support/errata/RHSA-2005-092.html
+ BUGTRAQ:20050215 [USN-82-1] Linux kernel vulnerabilities
+ URL:http://marc.theaimsgroup.com/?l=full-disclosure&m=110846102231365&w=2
+Description: 
+ Race condition in the setsid function in Linux before 2.6.8.1 allows local
+ users to cause a denial of service (crash) and possibly access portions of
+ kernel memory, related to TTY changes, locking, and semaphores.
+Notes:
+ dannf> Alan Cox suggested that this is not a 2.4 issue:
+ Alan> Is it actually needed for 2.4. In the 2.4 case your controlling tty is
+ Alan> private not thread group so a setsid() can't race because you can't
+ Alan> setsid in the same thread as is opening current->tty. 
+Bugs: 
+upstream: released (2.6.8.1, 2.6.11)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-14) [setsid-race.dpatch]
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
+2.4.18-woody-security-hppa: N/A
diff --git a/retired/CVE-2005-0180 b/retired/CVE-2005-0180
new file mode 100644
index 00000000..01275bf5
--- /dev/null
+++ b/retired/CVE-2005-0180
@@ -0,0 +1,28 @@
+Candidate: CVE-2005-0180
+References: 
+ http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030660.html
+ http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930
+ http://frontal2.mandriva.com/security/advisories?name=MDKSA-2005:218
+ http://frontal2.mandriva.com/security/advisories?name=MDKSA-2005:219
+ http://www.redhat.com/support/errata/RHSA-2005-092.html
+Description: 
+ Multiple integer signedness errors in the sg_scsi_ioctl function in 
+ scsi_ioctl.c for Linux 2.6.x allow local users to read or modify kernel
+ memory via negative integers in arguments to the scsi ioctl, which
+ bypass a maximum length check before calling the copy_from_user and
+ copy_to_user functions.
+Notes: 
+ jmm> The 2.4.27 version, scsi_ioctl_send_command(), is not affected, as
+ jmm> intlen and outlen are unsigned ints
+Bugs: 
+upstream: 
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-12) [031-sg_scsi_ioctl_int_overflows.dpatch]
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2005-0204 b/retired/CVE-2005-0204
new file mode 100644
index 00000000..d663b2ed
--- /dev/null
+++ b/retired/CVE-2005-0204
@@ -0,0 +1,23 @@
+Candidate: CVE-2005-0204
+References: 
+ REDHAT:RHSA-2005:092
+ URL:http://www.redhat.com/support/errata/RHSA-2005-092.html
+Description: 
+ Linux kernel before 2.6.9, when running on the AMD64 and Intel EM64T
+ architectures, allows local users to write to privileged IO ports via the OUTS
+ instruction.
+Notes: 
+ jmm> 190_outs-2.diff had regressions
+Bugs: 296700
+upstream: 
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-14) [outs.dpatch]
+2.4.27-sarge-security: released (2.4.27-9) [143_outs.diff]
+2.4.27-sid: released (2.4.27-12) [190_outs-2.diff]
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2005-0207 b/retired/CVE-2005-0207
new file mode 100644
index 00000000..effeab57
--- /dev/null
+++ b/retired/CVE-2005-0207
@@ -0,0 +1,27 @@
+Candidate: CVE-2005-0207
+References: 
+ CONECTIVA:CLA-2005:930
+ URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000930
+ SUSE:SUSE-SA:2005:003
+ URL:http://www.securityfocus.com/advisories/7880
+ BID:12330
+ URL:http://www.securityfocus.com/bid/12330
+ http://www.acm.cs.rpi.edu/~dilinger/patches/2.6.10/as2/linux-2.6.10-as2/026-nfs_o_direct_error.patch
+ http://linux.bkbits.net:8080/linux-2.6/cset@41db2d65wbgJvuXTv4x9_quExW0vEA
+Description: 
+ Unknown vulnerability in Linux kernel 2.4.x, 2.5.x, and 2.6.x allows NFS
+ clients to cause a denial of service via O_DIRECT.
+Notes: 
+ dannf> The vulnerable code doesn't exist in <= 2.4.27
+Bugs: 
+upstream: released (2.6.11)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-14) [nfs-O_DIRECT-fix.dpatch]
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
+2.4.18-woody-security-hppa: N/A
diff --git a/retired/CVE-2005-0209 b/retired/CVE-2005-0209
new file mode 100644
index 00000000..7c5941a6
--- /dev/null
+++ b/retired/CVE-2005-0209
@@ -0,0 +1,25 @@
+Candidate: CVE-2005-0209
+References: 
+ BUGTRAQ:20050315 [USN-95-1] Linux kernel vulnerabilities
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=111091402626556&w=2
+ CONECTIVA:CLA-2005:945
+ URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000945
+ SUSE:SUSE-SA:2005:018
+ URL:http://www.novell.com/linux/security/advisories/2005_18_kernel.html
+ http://oss.sgi.com/archives/netdev/2005-01/msg01072.html
+Description: 
+ Netfilter in Linux kernel 2.6.8.1 allows remote attackers to cause a denial of
+ service (kernel crash) via crafted IP packet fragments.
+Notes: 
+Bugs: 
+upstream: 
+linux-2.6: 
+2.6.8-sarge-security: released (2.6.8-14) [skb-reset-ip_summed.dpatch]
+2.4.27-sarge-security: released (2.4.27-9) [134_skb_reset_ip_summed.diff]
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2005-0210 b/retired/CVE-2005-0210
new file mode 100644
index 00000000..804e62c1
--- /dev/null
+++ b/retired/CVE-2005-0210
@@ -0,0 +1,25 @@
+Candidate: CVE-2005-0210
+References: 
+ BUGTRAQ:20050315 [USN-95-1] Linux kernel vulnerabilities
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=111091402626556&w=2
+ CONECTIVA:CLA-2005:945
+ URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000945
+ SUSE:SUSE-SA:2005:018
+ URL:http://www.novell.com/linux/security/advisories/2005_18_kernel.html
+Description: 
+ Netfilter in the Linux kernel 2.6.8.1 allows local users to cause a denial of
+ service (memory consumption) via certain packet fragments that are reassembled
+ twice, which causes a data structure to be allocated twice.
+Notes: 
+Bugs: 
+upstream: 
+linux-2.6: 
+2.6.8-sarge-security: released (2.6.8-15) [ip_copy_metadata_leak.dpatch, ip6_copy_metadata_leak.dpatch]
+2.4.27-sarge-security: released (2.4.27-9) [146_ip6_copy_metadata_leak.diff, 147_ip_copy_metadata_leak.diff]
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2005-0384 b/retired/CVE-2005-0384
new file mode 100644
index 00000000..133e2209
--- /dev/null
+++ b/retired/CVE-2005-0384
@@ -0,0 +1,31 @@
+Candidate: CVE-2005-0384
+References: 
+ FEDORA:FLSA:152532
+ URL:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152532
+ REDHAT:RHSA-2005:283
+ URL:http://www.redhat.com/support/errata/RHSA-2005-283.html
+ REDHAT:RHSA-2005:284
+ URL:http://www.redhat.com/support/errata/RHSA-2005-284.html
+ SUSE:SUSE-SA:2005:018
+ URL:http://www.novell.com/linux/security/advisories/2005_18_kernel.html
+ TRUSTIX:2005-0009
+ URL:http://www.trustix.org/errata/2005/0009/
+ UBUNTU:USN-95-1
+ URL:http://www.ubuntulinux.org/support/documentation/usn/usn-95-1
+Description: 
+ Unknown vulnerability in the PPP driver for the Linux kernel 2.6.8.1 allows
+ remote attackers to cause a denial of service (kernel crash) via a pppd
+ client.
+Notes: 
+Bugs: 
+upstream: 
+linux-2.6: 
+2.6.8-sarge-security: released (2.6.8-15) [drivers-net-ppp_async-fix-dos.dpatch]
+2.4.27-sarge-security: released (2.4.27-9) [153_ppp_async_dos.diff]
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.18)
+2.4.18-woody-security-hppa: released (62.4)
diff --git a/retired/CVE-2005-0400 b/retired/CVE-2005-0400
new file mode 100644
index 00000000..84063342
--- /dev/null
+++ b/retired/CVE-2005-0400
@@ -0,0 +1,32 @@
+Candidate: CVE-2005-0400
+References: 
+ BUGTRAQ:20050401 Information leak in the Linux kernel ext2 implementation
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=111238764720696&w=2
+ MISC:http://arkoon.net/advisories/ext2-make-empty-leak.txt
+ FEDORA:FLSA:152532
+ URL:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152532
+ UBUNTU:USN-103-1
+ URL:http://www.ubuntulinux.org/support/documentation/usn/usn-103-1
+ XF:kernel-ext2-information-disclosure(19866)
+ URL:http://xforce.iss.net/xforce/xfdb/19866
+ CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.6
+ SECUNIA:14713
+ URL:http://secunia.com/advisories/14713/
+Description: 
+ The ext2_make_empty function call in the Linux kernel before 2.6.11.6 does not
+ properly initialize memory when creating a block for a new directory entry,
+ which allows local users to obtain potentially sensitive information by
+ reading the block.
+Notes: 
+Bugs: 301799 303294
+upstream: released (2.6.11.6)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-16) [fs-ext2-info-leak.dpatch]
+2.4.27-sarge-security: released (2.4.27-10) [156_fs-ext2-info-leak.diff]
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2005-0449 b/retired/CVE-2005-0449
new file mode 100644
index 00000000..62875ef2
--- /dev/null
+++ b/retired/CVE-2005-0449
@@ -0,0 +1,20 @@
+Candidate: CVE-2005-0449
+References: 
+ http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0449
+ http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1e01441051dda3bb01c455b6e20bce6d00563\d82
+ http://oss.sgi.com/archives/netdev/2005-01/msg01107.html
+Description: 
+ The netfilter/iptables module in Linux before 2.6.8.1 allows remote attackers to
+ cause a denial of service (kernel crash) or bypass firewall rules via crafted
+ packets, which are not properly handled by the skb_checksum_help function.
+Notes: 
+ ** CHANGES ABI **
+ ipv4-fragment-queues-[1,2,2.1].dpatch are in sarge's 2.6.8.
+ ipv4-fragment-queues-[3,4].dpatch are awaiting an ABI event
+ .
+ 150_private_fragment_queues-[1,2].diff are awaiting a 2.4.27 ABI event
+Bugs: 
+upstream: released (2.6.8.1)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-16sarge2) [ipv4-fragment-queues-1.dpatch, ipv4-fragment-queues-2.dpatch, ipv4-fragment-queues-3.dpatch, ipv4-fragment-queues-4.dpatch]
+2.4.27-sarge-security: released (2.4.27-10sarge2) [150_private_fragment_queues-1.diff, 150_private_fragment_queues-2.diff]
diff --git a/retired/CVE-2005-0528 b/retired/CVE-2005-0528
new file mode 100644
index 00000000..d896c0f6
--- /dev/null
+++ b/retired/CVE-2005-0528
@@ -0,0 +1,28 @@
+Candidate: CVE-2005-0528
+References: 
+Description: 
+Notes: 
+ From Joey's 2.4.18-14.4 changelog:
+  * Applied patch by Andrea Arcangeli from 2.4.24 to fix privilege
+    escalation in the mremap() syscall [mm/mremap.c, CAN-2004-nnnn]
+ jmm> Isn't this CVE-2004-0077?
+ dannf> Looks like this is a different issue.  Joey's patch is here:
+  http://klecker.debian.org/~joey/security/kernel/patches/patch.CAN-2005-0528.mremap
+ dannf> But it doesn't look like mitre has released the details yet:
+  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0528
+ jmm> The patch is merged as of 2.4.27, but I'm not sure at which exact version
+ dannf> It looks like this would apply to 2.6, but isn't necessary because
+ dannf> its already fixed in a different way.  2.6 checks for a 0 new_len 
+ dannf> earlier and errors out
+ jmm> This turned out to be a dupe of CVE-2003-0985
+Bugs: 
+upstream: N/A
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.18)
diff --git a/retired/CVE-2005-0529 b/retired/CVE-2005-0529
new file mode 100644
index 00000000..c941380b
--- /dev/null
+++ b/retired/CVE-2005-0529
@@ -0,0 +1,31 @@
+Candidate: CVE-2005-0529
+References: 
+ FULLDISC:20050215 linux kernel 2.6 fun. windoze is a joke
+ URL:http://marc.theaimsgroup.com/?l=full-disclosure&m=110846727602817&w=2
+ MISC:http://www.guninski.com/where_do_you_want_billg_to_go_today_3.html
+ CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@4201818eC6aMn0x3GY_9rw3ueb2ZWQ
+ CONECTIVA:CLA-2005:930
+ URL:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930
+ SUSE:SUSE-SA:2005:018
+ URL:http://www.novell.com/linux/security/advisories/2005_18_kernel.html
+ BUGTRAQ:20050315 [USN-95-1] Linux kernel vulnerabilities
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=111091402626556&w=2
+Description: 
+ Linux kernel 2.6.10 and 2.6.11rc1-bk6 uses different size types for offset
+ arguments to the proc_file_read and locks_read_proc functions, which leads to
+ a heap-based buffer overflow when a signed comparison causes negative integers
+ to be used in a positive context.
+Notes: 
+ dannf> 2.4 doesn't do the signed cast, so it shouldn't be vulnerable
+Bugs: 
+upstream: released (2.6.11)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-14) [115-proc_file_read_nbytes_signedness_fix.dpatch]
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
+2.4.18-woody-security-hppa: N/A
diff --git a/retired/CVE-2005-0530 b/retired/CVE-2005-0530
new file mode 100644
index 00000000..042124ce
--- /dev/null
+++ b/retired/CVE-2005-0530
@@ -0,0 +1,38 @@
+Candidate: CVE-2005-0530
+References: 
+ FULLDISC:20050215 linux kernel 2.6 fun. windoze is a joke
+ URL:http://marc.theaimsgroup.com/?l=full-disclosure&m=110846727602817&w=2
+ MISC:http://www.guninski.com/where_do_you_want_billg_to_go_today_3.html
+ CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@420181322LZmhPTewcCOLkubGwOL3w
+ CONECTIVA:CLA-2005:930
+ URL:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930
+ SUSE:SUSE-SA:2005:018
+ URL:http://www.novell.com/linux/security/advisories/2005_18_kernel.html
+ BUGTRAQ:20050315 [USN-95-1] Linux kernel vulnerabilities
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=111091402626556&w=2
+Description: 
+ Signedness error in the copy_from_read_buf function in n_tty.c for Linux
+ kernel 2.6.10 and 2.6.11rc1 allows local users to read kernel memory via a
+ negative argument.
+Notes: 
+ dannf> This doesn't affect 2.4:
+  marcello> v2.4 does not suffer from the issue mentioned by Guninski because 
+  marcello> the first argument of the arithmetic comparison is not casted
+  marcello> to a "signed" value:
+ .
+  marcello> n = min((ssize_t)*nr, n);
+ .
+  marcello> That was the problem in v2.6, where an unsigned value bigger than
+  marcello> 2^31 would be treated as a negative signed.
+Bugs: 
+upstream: released (2.6.11)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-14) [116-n_tty_copy_from_read_buf_signedness_fixes.dpatch]
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
+2.4.18-woody-security-hppa: N/A
diff --git a/retired/CVE-2005-0531 b/retired/CVE-2005-0531
new file mode 100644
index 00000000..5a095abd
--- /dev/null
+++ b/retired/CVE-2005-0531
@@ -0,0 +1,20 @@
+Candidate: CVE-2005-0531
+References: 
+ FULLDISC:20050215 linux kernel 2.6 fun. windoze is a joke
+ URL:http://marc.theaimsgroup.com/?l=full-disclosure&m=110846727602817&w=2
+ MISC:http://www.guninski.com/where_do_you_want_billg_to_go_today_3.html
+ CONFIRM:http://linux.bkbits.net:8080/linux-2.6/gnupatch@4208e1fcfccuD-eH2OGM5mBhihmQ3A
+ CONECTIVA:CLA-2005:930
+ URL:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930
+ BUGTRAQ:20050315 [USN-95-1] Linux kernel vulnerabilities
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=111091402626556&w=2
+Description: 
+ The atm_get_addr function in addr.c for Linux kernel 2.6.10 and 2.6.11 before
+ 2.6.11-rc4 may allow local users to trigger a buffer overflow via negative
+ arguments.
+Notes: 
+Bugs: 
+upstream: released (2.6.11-rc4)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-14) [123-atm_get_addr_signedness_fix.dpatch]
+2.4.27-sarge-security: released (2.4.27-9) [151_atm_get_addr_signedness_fix.diff]
diff --git a/retired/CVE-2005-0532 b/retired/CVE-2005-0532
new file mode 100644
index 00000000..ec7873f6
--- /dev/null
+++ b/retired/CVE-2005-0532
@@ -0,0 +1,29 @@
+Candidate: CVE-2005-0532
+References: 
+ FULLDISC:20050215 linux kernel 2.6 fun. windoze is a joke
+ URL:http://marc.theaimsgroup.com/?l=full-disclosure&m=110846727602817&w=2
+ MISC:http://www.guninski.com/where_do_you_want_billg_to_go_today_3.html
+ CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@42018227TkNpHlX6BefnItV_GqMmzQ
+ SUSE:SUSE-SA:2005:018
+ URL:http://www.novell.com/linux/security/advisories/2005_18_kernel.html
+ BUGTRAQ:20050315 [USN-95-1] Linux kernel vulnerabilities
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=111091402626556&w=2
+Description: 
+ The reiserfs_copy_from_user_to_file_region function in reiserfs/file.c for
+ Linux kernel 2.6.10 and 2.6.11 before 2.6.11-rc4, when running on 64-bit
+ architectures, may allow local users to trigger a buffer overflow as a result
+ of casting discrepancies between size_t and int data types.
+Notes: 
+ dannf> Vulnerable code didn't exist in 2.4
+Bugs: 
+upstream: released (2.6.11-rc3)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-14) [117-reiserfs_file_64bit_size_t_fixes.dpatch]
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
+2.4.18-woody-security-hppa: N/A
diff --git a/retired/CVE-2005-0736 b/retired/CVE-2005-0736
new file mode 100644
index 00000000..d6d730db
--- /dev/null
+++ b/retired/CVE-2005-0736
@@ -0,0 +1,22 @@
+Candidate: CVE-2005-0736
+References: 
+ http://lists.grok.org.uk/pipermail/full-disclosure/2005-March/032314.html
+ http://linux.bkbits.net:8080/linux-2.6/cset@422dd06a1p5PsyFhoGAJseinjEq3ew?nav=index.html|ChangeSet@-1d
+ http://www.novell.com/linux/security/advisories/2005_18_kernel.html
+ http://www.ubuntulinux.org/support/documentation/usn/usn-95-1
+ http://www.securityfocus.com/bid/12763
+Description: 
+ Integer overflow in sys_epoll_wait in eventpoll.c for Linux kernel 2.6 to 2.6.11
+ allows local users to overwrite kernel memory via a large number of events.
+Notes: 2.4.* doesn't have epoll()
+Bugs: 
+upstream: released (2.6.11.2)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
diff --git a/retired/CVE-2005-0749 b/retired/CVE-2005-0749
new file mode 100644
index 00000000..44137f1c
--- /dev/null
+++ b/retired/CVE-2005-0749
@@ -0,0 +1,28 @@
+Candidate: CVE-2005-0749
+References: 
+ FEDORA:FLSA:152532
+ URL:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152532
+ UBUNTU:USN-103-1
+ URL:http://www.ubuntulinux.org/support/documentation/usn/usn-103-1
+ CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.6
+ SECUNIA:14713
+ URL:http://secunia.com/advisories/14713/
+ XF:kernel-loadelflibrary-dos(19867)
+ URL:http://xforce.iss.net/xforce/xfdb/19867
+Description: 
+ The load_elf_library in the Linux kernel before 2.6.11.6 allows local users to
+ cause a denial of service (kernel crash) via a crafted ELF library or
+ executable, which causes a free of an invalid pointer.
+Notes: 
+Bugs: 301799, 303498
+upstream: released (2.6.11.6)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-16) [fs-binfmt_elf-dos.dpatch]
+2.4.27-sarge-security: released (2.4.27-10) [158_fs-binfmt_elf-dos.diff]
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2005-0750 b/retired/CVE-2005-0750
new file mode 100644
index 00000000..7b2ad779
--- /dev/null
+++ b/retired/CVE-2005-0750
@@ -0,0 +1,32 @@
+Candidate: CVE-2005-0750
+References: 
+ BUGTRAQ:20050327 local root security bug in linux >= 2.4.6 <= 2.4.30-rc1 and 2.6.x.y <= 2.6.11.5
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=111204562102633&w=2
+ FULLDISC:20050327 local root security bug in linux >= 2.4.6 <= 2.4.30-rc1 and 2.6.x.y <= 2.6.11.5
+ URL:http://lists.grok.org.uk/pipermail/full-disclosure/2005-March/032913.html
+ FEDORA:FLSA:152532
+ URL:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152532
+ REDHAT:RHSA-2005:283
+ URL:http://www.redhat.com/support/errata/RHSA-2005-283.html
+ REDHAT:RHSA-2005:284
+ URL:http://www.redhat.com/support/errata/RHSA-2005-284.html
+ XF:kernel-bluezsockcreate-integer-underflow(19844)
+ URL:http://xforce.iss.net/xforce/xfdb/19844
+Description: 
+ The bluez_sock_create function in the Bluetooth stack for Linux kernel 2.4.6
+ through 2.4.30-rc1 and 2.6 through 2.6.11.5 allows local users to gain
+ privileges via (1) socket or (2) socketpair call with a negative protocol
+ value.
+Notes: 
+Bugs: 301799
+upstream: released (2.6.11.5)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-16) [net-bluetooth-signdness-fix.dpatch]
+2.4.27-sarge-security: released (2.4.27-10) [155_net-bluetooth-signdness-fix.diff]
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2005-0756 b/retired/CVE-2005-0756
new file mode 100644
index 00000000..de676ae1
--- /dev/null
+++ b/retired/CVE-2005-0756
@@ -0,0 +1,19 @@
+Candidate: CVE-2005-0756
+References: 
+ http://www.ubuntulinux.org/support/documentation/usn/usn-137-1 
+Description: 
+ ptrace 2.6.8.1 does not properly verify addresses on the amd64 platform,
+ which allows local users to cause a denial of service (kernel crash).
+Notes: 
+Bugs: 
+upstream: 
+linux-2.6: 
+2.6.8-sarge-security: released (2.6.8-16sarge1) [arch-x86_64-kernel-ptrace-canonical-rip-2.dpatch]
+2.4.27-sarge-security: released (2.4.27-10sarge1)
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2005-0757 b/retired/CVE-2005-0757
new file mode 100644
index 00000000..49061609
--- /dev/null
+++ b/retired/CVE-2005-0757
@@ -0,0 +1,21 @@
+Candidate: CVE-2005-0757
+References: 
+Description: 
+ source: Trawled out of Red Hat's kernel-2.4.21-32.0.1.EL.src.rpm by Horms
+ inclusion: upstream code has been reworked and doesn't appear vulnerable
+ descrition: on 64 bit architectures incorrect handling of xattr offsets
+             may cause a local DoS
+ revision date: Fri, 29 Jul 2005 12:04:57 +0900
+Notes: 
+Bugs: 
+upstream: 
+2.4.27-sarge-security: released (2.4.27-10sarge1)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-16sarge1) [fs-ext3-64bit-offset.dpatch]
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2005-0767 b/retired/CVE-2005-0767
new file mode 100644
index 00000000..48d7e737
--- /dev/null
+++ b/retired/CVE-2005-0767
@@ -0,0 +1,22 @@
+Candidate: CVE-2005-0767
+References: 
+ http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000945
+ http://www.ubuntulinux.org/support/documentation/usn/usn-95-1
+Description: 
+ Race condition in the Radeon DRI driver for Linux kernel 2.6.8.1 allows
+ local users with DRI privileges to execute arbitrary code as root.
+Notes: 
+ horms> For the record:
+ horms> The patch seems to already be present in 2.6.11.
+ horms> And the bug does not seem to be present in 2.4.27.
+Bugs: 297203
+upstream: released (2.6.11-rc4)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-15)
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
diff --git a/retired/CVE-2005-0815 b/retired/CVE-2005-0815
new file mode 100644
index 00000000..19302776
--- /dev/null
+++ b/retired/CVE-2005-0815
@@ -0,0 +1,28 @@
+Candidate: CVE-2005-0815
+References: 
+ BUGTRAQ:20050317 Linux ISO9660 handling flaws
+ URL:http://www.securityfocus.com/archive/1/393590
+ CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.12-rc1
+ FEDORA:FLSA:152532
+ URL:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152532
+ BID:12837
+ URL:http://www.securityfocus.com/bid/12837
+ XF:kernel-iso9660-filesystem(19741)
+ URL:http://xforce.iss.net/xforce/xfdb/19741
+Description: 
+ Multiple "range checking flaws" in the ISO9660 filesystem handler in Linux
+ 2.6.11 and earlier may allow attackers to cause a denial of service or corrupt
+ memory via a crafted filesystem.
+Notes: 
+Bugs: 301799
+upstream: released (2.6.12-rc1)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-16) [fs-isofs-range-check-1.dpatch, fs-isofs-range-check-2.dpatch, fs-isofs-range-check-3.dpatch]
+2.4.27-sarge-security: released (2.4.27-10) [157_fs-isofs-range-check-1.diff, 157_fs-isofs-range-check-2.diff, 157_fs-isofs-range-check-3.diff]
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2005-0839 b/retired/CVE-2005-0839
new file mode 100644
index 00000000..5a933031
--- /dev/null
+++ b/retired/CVE-2005-0839
@@ -0,0 +1,23 @@
+Candidate: CVE-2005-0839
+References: 
+ MLIST:[linux-kernel] 20050301 Re: Breakage from patch: Only root should be able to set the N_MOUSE line discipline.
+ URL:http://www.mail-archive.com/linux-kernel@vger.kernel.org/msg64704.html
+ MISC:http://linux.bkbits.net:8080/linux-2.6/cset@41fa6464E1UuGu6zmketEYxm73KSyQ
+Description: 
+ Linux kernel 2.6 before 2.6.11 does not restrict access to the N_MOUSE line
+ discipline for a TTY, which allows local users to gain privileges by injecting
+ mouse or keyboard events into other user sessions.
+Notes: 
+ dannf> This file isn't in <= 2.4.27
+Bugs: 301372
+upstream: released (2.6.11)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-16) [drivers-input-serio-nmouse.dpatch]
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
+2.4.18-woody-security-hppa: N/A
diff --git a/retired/CVE-2005-0867 b/retired/CVE-2005-0867
new file mode 100644
index 00000000..116d7497
--- /dev/null
+++ b/retired/CVE-2005-0867
@@ -0,0 +1,22 @@
+Candidate: CVE-2005-0867
+References: 
+ http://www.novell.com/linux/security/advisories/2005_18_kernel.html
+Description: 
+ Integer overflow in Linux kernel 2.6 allows local users to overwrite kernel
+ memory by writing to a sysfs file.
+Notes: 
+ horms> The Debian Packages for 2.6.8 and 2.6.11 do not appear to
+ horms> have this bug. 2.4.27 does not include sysfs, and thus
+ horma> also does not have this bug.
+ jmm> The patch for the vulnerability in question can be found in the BTS
+Bugs: 306137
+upstream: 
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
diff --git a/retired/CVE-2005-0916 b/retired/CVE-2005-0916
new file mode 100644
index 00000000..9ed5249f
--- /dev/null
+++ b/retired/CVE-2005-0916
@@ -0,0 +1,22 @@
+Candidate: CVE-2005-0916
+References: 
+ http://groups-beta.google.com/group/linux.kernel/browse_thread/thread/13b43bd5783842f6/7ce3c5a514a497ab
+ http://linux.bkbits.net:8080/linux-2.6/cset%404248c8c0es30_4YVdwa6vteKi7h_nw
+ http://www.novell.com/linux/security/advisories/2005_50_kernel.html
+Description: 
+ AIO in the Linux kernel 2.6.11 on the PPC64 or IA64 architectures with
+ CONFIG_HUGETLB_PAGE enabled allows local panic) via a process that executes
+ the io_queue_init function but exits without running io_queue_release, which
+ to fail.
+Notes: 
+Bugs: 
+upstream: released (2.6.12)
+linux-2.6: released (2.6.12-1)
+2.6.8-sarge-security: released (2.6.8-16) [arch-ppc64-hugepage-aio-panic.dpatch]
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
diff --git a/retired/CVE-2005-1041 b/retired/CVE-2005-1041
new file mode 100644
index 00000000..c27caac5
--- /dev/null
+++ b/retired/CVE-2005-1041
@@ -0,0 +1,22 @@
+Candidate: CVE-2005-1041
+References: 
+ http://marc.theaimsgroup.com/?l=bk-commits-head&m=111186506706769&w=2
+Description: 
+ The fib_seq_start function in fib_hash.c in Linux kernel allows local
+ users to cause a denial of service (system crash) via /proc/net/route.
+Notes: 
+ horms> 2.4.27 is not effected by 304548 as the buggy code is a complete
+ horms> rework for 2.6. I looked over the way that proc/route is handled
+ horms> for 2.4.27, and it seems fine.
+Bugs: 304548
+upstream: released (2.6.11.5)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-16)
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2005-1263 b/retired/CVE-2005-1263
new file mode 100644
index 00000000..4c749bfd
--- /dev/null
+++ b/retired/CVE-2005-1263
@@ -0,0 +1,28 @@
+Candidate: CVE-2005-1263
+References: 
+ BUGTRAQ:20050511 Linux kernel ELF core dump privilege elevation
+ URL:http://www.securityfocus.com/archive/1/397966
+ MISC:http://www.isec.pl/vulnerabilities/isec-0023-coredump.txt
+ FRSIRT:ADV-2005-0524
+ URL:http://www.frsirt.com/english/advisories/2005/0524
+ OVAL:OVAL1122
+ URL:http://oval.mitre.org/oval/definitions/data/oval1122.html
+Description: 
+ The elf_core_dump function in binfmt_elf.c for Linux kernel 2.x.x to
+ 2.2.27-rc2, 2.4.x to 2.4.31-pre1, and 2.6.x to 2.6.12-rc4 allows local users
+ to execute arbitrary code via an ELF binary that, in certain conditions
+ involving the create_elf_tables function, causes a negative length argument
+ to pass a signed integer comparison, leading to a buffer overflow.
+Notes: 
+Bugs: 
+upstream: released (2.2.27-rc2, 2.4.31-pre1, 2.6.12-rc4)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-16)
+2.4.27-sarge-security: released (2.4.27-10)
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2005-1368 b/retired/CVE-2005-1368
new file mode 100644
index 00000000..03933ce2
--- /dev/null
+++ b/retired/CVE-2005-1368
@@ -0,0 +1,23 @@
+Candidate: CVE-2005-1368
+References: 
+ http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.8
+ http://linux.bkbits.net:8080/linux-2.6/cset%40423078fafVa6mAyny23YZ87hDipmTw
+Description: 
+ The key_user_lookup function in security/keys/key.c in Linux kernel 2.6.10 to 2.6.11.8 may allow
+ attackers to cause a denial of service (oops) via SMP.
+Notes: 
+ horms> The fix for CAN-2005-1368 is in SVN for 2.6.11.
+ horms> The code that this bug manifests in is not present
+ horms> in 2.6.8 or 2.4.27.
+ jmm> The code in question isn't present in Woody either
+Bugs: 
+upstream: released (2.6.11.8)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
diff --git a/retired/CVE-2005-1369 b/retired/CVE-2005-1369
new file mode 100644
index 00000000..10d7dd87
--- /dev/null
+++ b/retired/CVE-2005-1369
@@ -0,0 +1,24 @@
+Candidate: CVE-2005-1369
+References: 
+ http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.8
+ http://lkml.org/lkml/2005/4/20/159
+Description: 
+ The (1) it87 and (2) via686a drivers in I2C for Linux 2.6.x before 2.6.11.8,
+ and 2.6.12 before 2.6.12-rc2, create the sysfs "alarms" file with write
+ permissions, which allows local users to cause a denial of service (CPU
+ consumption) by attempting to write to the file, which does not have an
+ associated store function.
+Notes: 
+ jmm> These drivers are not present in 2.4
+Bugs: 307552
+upstream: released (2.6.11.8)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-16)
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
+2.4.18-woody-security-hppa: N/A
diff --git a/retired/CVE-2005-1589 b/retired/CVE-2005-1589
new file mode 100644
index 00000000..da505ae3
--- /dev/null
+++ b/retired/CVE-2005-1589
@@ -0,0 +1,36 @@
+Candidate: CVE-2005-1589
+References: 
+ http://marc.theaimsgroup.com/?l=linux-kernel&m=111630531515901&w=2
+ http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0045.html
+ http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0046.html
+ http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0047.html
+ http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.10
+ http://frontal2.mandriva.com/security/advisories?name=MDKSA-2005:219
+ http://www.frsirt.com/english/advisories/2005/0557
+Description: 
+ The pkt_ioctl function in the pktcdvd block device ioctl handler (pktcdvd.c)
+ in Linux kernel 2.6.12-rc4 and earlier calls the wrong function before
+ passing an ioctl to the block device, which crosses security boundaries by
+ making kernel address space accessible from user space and allows local users
+ to cause a denial of service and possibly execute arbitrary code, a similar
+ vulnerability to CVE-2005-1264.
+Notes: 
+ horms> (discussing this and a similar problem):
+ horms> 2.6.8 is only vulnerable to the raw ioctl problem,
+ horms> which I believe is CAN-2005-1264.
+ horms> (unstable/testing-proposed-updates) and sarge-security
+ horms> (testing-security) branches and it should appear in 2.6.8-16 and
+ horms> 2.6.8-15sarge1 respectively.
+ horms> 2.4.27 does not appear to be vulnerable to either of these problems.
+Bugs: 309429
+upstream: released (2.6.11.10), released (2.6.12-rc5)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-16)
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
+2.4.18-woody-security-hppa: N/A
diff --git a/retired/CVE-2005-1761 b/retired/CVE-2005-1761
new file mode 100644
index 00000000..13f91713
--- /dev/null
+++ b/retired/CVE-2005-1761
@@ -0,0 +1,25 @@
+Candidate: CVE-2005-1761
+References: 
+ http://www.novell.com/linux/security/advisories/2005_44_kernel.html
+ http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4ea78729b8dbfc400fe165a57b90a394a7275a54
+Description: 
+ Linux kernel 2.6 and 2.4 on the IA64 architecture allows local users
+ to cause a denial of service (kernel crash) via ptrace and the
+ restore_sigcontext function.
+Notes: 
+ jmm> This uses arch-ia64-ptrace-restore_sigcontext.dpatch, correct?
+ dannf> 2.4 patch for ia64 from SuSE in: CVE-2005-1761-linux24.patch
+ dannf> Unfortunately, its against an older 2.4, so this doesn't apply
+ dannf> trivially
+Bugs: 
+upstream: released (2.6.12.1)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-16sarge1) [arch-x86_64-private-tss.dpatch, arch-x86_64-nmi.dpatch, arch-ia64-ptrace-getregs-putregs.dpatch, arch-ia64-ptrace-restore_sigcontext.dpatch]
+2.4.27-sarge-security: released (2.4.27-10sarge2) [204_arch-ia64-ptrace-getregs-putregs.diff, 205_arch-ia64-ptrace-restore_sigcontext.diff]
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2005-1762 b/retired/CVE-2005-1762
new file mode 100644
index 00000000..cdf20f53
--- /dev/null
+++ b/retired/CVE-2005-1762
@@ -0,0 +1,22 @@
+Candidate: CVE-2005-1762
+References: 
+ http://www.novell.com/linux/security/advisories/2005_29_kernel.html
+ http://www.ubuntulinux.org/support/documentation/usn/usn-143-1
+ http://secunia.com/advisories/15786
+Description: 
+ The ptrace call in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64
+ platform allows local users to cause a denial of service (kernel
+ crash) via a "non-canonical" address. 
+Notes: 
+Bugs: 
+upstream: released (2.6.12-rc5)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-16sarge1) [arch-x86_64-kernel-ptrace-canonical-rip-1.dpatch]
+2.4.27-sarge-security: released (2.4.27-10sarge1) [169_arch-x86_64-kernel-ptrace-canonical-rip-1.dpatch]
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2005-1764 b/retired/CVE-2005-1764
new file mode 100644
index 00000000..26a1a60b
--- /dev/null
+++ b/retired/CVE-2005-1764
@@ -0,0 +1,30 @@
+Candidate: CVE-2005-1764
+References: 
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1764
+ Final-Decision:
+ Interim-Decision:
+ Modified:
+ Proposed:
+ Assigned: 20050531
+ Category: SF
+ CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=637716a3825e186555361574aa1fa3c0ebf8018b
+ CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=637716a3825e186555361574aa1fa3c0ebf8018bReference: SUSE:SUSE-SA:2005:029
+ URL:http://freshmeat.net/articles/view/1678/
+Description: 
+ Linux 2.6.11 on 64-bit x86 (x86_64) platforms does not use a guard
+ page for the 47-bit address page to protect against an AMD K8 bug,
+ which allows local users to cause a denial of service.
+Notes: 
+ horms> I believe that only 2.6.11 is vulnerable to this
+upstream: released (2.6.11.11)
+2.6.8-sarge-security: N/A
+2.4.27-sid/sarge: N/A
+2.4.27-sarge-security: N/A
+linux-2.6: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
+2.4.18-woody-security-hppa: N/A
diff --git a/retired/CVE-2005-1765 b/retired/CVE-2005-1765
new file mode 100644
index 00000000..f17d7dbc
--- /dev/null
+++ b/retired/CVE-2005-1765
@@ -0,0 +1,24 @@
+Candidate: CVE-2005-1765
+References: 
+ http://www.novell.com/linux/security/advisories/2005_29_kernel.html
+ http://www.ubuntulinux.org/support/documentation/usn/usn-143-1
+Description: 
+ syscall in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 platform,
+ when running in 32-bit compatibility mode, allows local users to cause
+ a denial of service (kernel hang) via crafted arguments.
+Notes: 
+ jmm> I've extracted the patch from the Ubuntu update (CVE-2005-1765.patch)
+ dannf> This code was very different in 2.4, and we don't ship 2.4/amd64, so
+        I'll mark 2.4 N/A
+Bugs: 
+upstream: 
+linux-2.6: 
+2.6.8-sarge-security: released (2.6.8-16sarge1) [arch-x86_64-mm-mmap.dpatch]
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
+2.4.18-woody-security-hppa: N/A
diff --git a/retired/CVE-2005-1767 b/retired/CVE-2005-1767
new file mode 100644
index 00000000..e1cbe995
--- /dev/null
+++ b/retired/CVE-2005-1767
@@ -0,0 +1,23 @@
+Candidate: CVE-2005-1767
+References: 
+ CONFIRM:http://kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git;a=commit;h=51e31546a2fc46cb978da2ee0330a6a68f07541e
+ http://www.novell.com/linux/security/advisories/2005_44_kernel.html
+ http://www.ubuntu.com/usn/usn-187-1
+Description: 
+ traps.c in the Linux kernel 2.6.x and 2.4.x executes stack segment faults on an exception
+ stack, which allows local users to cause a denial of service (oops and stack fault exception).
+Notes: 
+ This is already fixed in 2.6 and added for completeness.
+ Horms> This is amd64 specific, and thus should not affect 2.4
+Bugs: 
+upstream: released (2.6.12, 2.4.32)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-16sarge1) [arch-x86_64-kernel-stack-faults.dpatch, arch-x86_64-nmi.dpatch, arch-x86_64-kernel-stack-faults.dpatch]
+2.4.27-sarge-security: released (2.4.27-10sarge1) [181_arch-x86_64-kernel-stack-faults.diff]
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
+2.4.18-woody-security-hppa: N/A
diff --git a/retired/CVE-2005-1768 b/retired/CVE-2005-1768
new file mode 100644
index 00000000..00eb2833
--- /dev/null
+++ b/retired/CVE-2005-1768
@@ -0,0 +1,34 @@
+Candidate: CVE-2005-1768
+References: 
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1768
+ Final-Decision:
+ Interim-Decision:
+ Modified:
+ Proposed:
+ Assigned: 20050531
+ Category: SF
+ BUGTRAQ:20050711 [ Suresec Advisories ] - Linux kernel ia32 compatibility (ia64/x86-64)
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=112110120216116&w=2
+ MISC:http://www.suresec.org/advisories/adv4.pdf
+Description: 
+ Race condition in the ia32 compatibility code for the execve system
+ call in Linux kernel 2.4 before 2.4.31 and 2.6 before 2.6.6 allows
+ local users to cause a denial of service (kernel panic) and possibly
+ execute arbitrary code via a concurrent thread that increments a
+ pointer count after the nargs function has counted the pointers, but
+ before the count is copied from user space to kernel space, which
+ leads to a buffer overflow.
+Notes: 
+ 167_arch-ia64-x86_64_execve.diff (note 2.4 is not supported for amd64)
+upstream: released (2.4.31, 2.6.6)
+2.6.8-sarge-security: N/A
+2.4.27-sid/sarge: released (2.4.27-11)
+2.4.27-sarge-security: released (2.4.27-10sarge1)
+linux-2.6: N/A
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2005-1913 b/retired/CVE-2005-1913
new file mode 100644
index 00000000..e3ccfe9f
--- /dev/null
+++ b/retired/CVE-2005-1913
@@ -0,0 +1,37 @@
+Candidate: CVE-2005-1913
+References: 
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1913
+ Final-Decision:
+ Interim-Decision:
+ Modified:
+ Proposed:
+ Assigned: 20050608
+ Category: SF
+ CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.1
+ UBUNTU:USN-178-1
+ URL:http://www.ubuntu.com/usn/usn-178-1
+ BID:14054
+ URL:http://www.securityfocus.com/bid/14054
+ SECUNIA:15786
+ URL:http://secunia.com/advisories/15786/
+ XF:kernel-subthread-dos(21138)
+ URL:http://xforce.iss.net/xforce/xfdb/21138
+Description: 
+ The Linux kernel 2.6 before 2.6.12.1 allows local users to cause a
+ denial of service (kernel panic) via a non group-leader thread
+ executing a different program than was pending in itimer, which causes
+ the signal to be delivered to the old group-leader task, which does
+ not exist.
+Notes: 
+upstream: released (2.6.12.1)
+2.6.8-sarge-security: N/A
+2.4.27-sid/sarge: N/A
+2.4.27-sarge-security: N/A
+linux-2.6: released (2.6.12-1) [linux-2.6.12.1.patch]
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2005-2098 b/retired/CVE-2005-2098
new file mode 100644
index 00000000..20aaf4f5
--- /dev/null
+++ b/retired/CVE-2005-2098
@@ -0,0 +1,33 @@
+Candidate: CVE-2005-2098
+References: 
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2098
+ Final-Decision:
+ Interim-Decision:
+ Modified:
+ Proposed:
+ Assigned: 20050630
+ Category: SF
+ CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.5
+ UBUNTU:USN-169-1
+ URL:http://www.ubuntulinux.org/support/documentation/usn/usn-169-1
+ SECUNIA:16355
+ URL:http://secunia.com/advisories/16355/
+Description: 
+ The KEYCTL_JOIN_SESSION_KEYRING operation in the Linux kernel before
+ 2.6.12.5 contains an error path that does not properly release the
+ session management semaphore, which allows local users or remote
+ attackers to cause a denial of service (semaphore hang) via a new
+ session keyring (1) with an empty name string, (2) with a long name
+ string, (3) with the key quota reached, or (4) ENOMEM.
+upstream: released (2.6.12.5)
+2.6.8-sarge-security: N/A
+2.4.27-sid/sarge: N/A
+2.4.27-sarge-security: N/A
+linux-2.6: released (2.6.12-3) [linux-2.6.12.5.patch]
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2005-2099 b/retired/CVE-2005-2099
new file mode 100644
index 00000000..15e33c8a
--- /dev/null
+++ b/retired/CVE-2005-2099
@@ -0,0 +1,32 @@
+Candidate: CVE-2005-2099
+References: 
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2099
+ Final-Decision:
+ Interim-Decision:
+ Modified:
+ Proposed:
+ Assigned: 20050630
+ Category: SF
+ CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.5
+ UBUNTU:USN-169-1
+ URL:http://www.ubuntulinux.org/support/documentation/usn/usn-169-1
+ SECUNIA:16355
+ URL:http://secunia.com/advisories/16355/
+Description: 
+ The Linux kernel before 2.6.12.5 does not properly destroy a keyring
+ that is not instantiated properly, which allows local users or remote
+ attackers to cause a denial of service (kernel oops) via a keyring
+ with a payload that is not empty, which causes the creation to fail,
+ leading toa null dereference in the keyring destructor.
+upstream: released (2.6.12.5)
+2.6.8-sarge-security: N/A
+2.4.27-sid/sarge: N/A
+2.4.27-sarge-security: N/A
+linux-2.6: released (2.6.12-3) [linux-2.6.12.5.patch]
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2005-2100 b/retired/CVE-2005-2100
new file mode 100644
index 00000000..343d09d6
--- /dev/null
+++ b/retired/CVE-2005-2100
@@ -0,0 +1,24 @@
+Candidate: CVE-2005-2100
+References: 
+ CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=165547
+ REDHAT:RHSA-2005:514
+ URL:http://www.redhat.com/support/errata/RHSA-2005-514.html
+Description: 
+ The rw_vm function in usercopy.c in the 4GB split patch for the Linux kernel in
+ Red Hat Enterprise Linux 4 does not perform proper bounds checking, which allows
+ local users to cause a denial of service (crash).
+Notes: 
+ horms> This is a bug in the Red Hat 4G/4G patch, and doesn't appear
+ in Upstream or Debian Kernels.
+Bugs: 
+upstream: 
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2005-2456 b/retired/CVE-2005-2456
new file mode 100644
index 00000000..90b2a29a
--- /dev/null
+++ b/retired/CVE-2005-2456
@@ -0,0 +1,32 @@
+Candidate: CVE-2005-2456
+References: 
+ http://www.mail-archive.com/netdev@vger.kernel.org/msg00520.html
+ http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a4f1bac62564049ea4718c4624b0fadc9f597c84
+ http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=blobdiff;h=8da3e25b2c4c1f305fd85428d3a9eb62b543bfba;hp=ecade4893a139cc35d4fe345ce70242ede5358c4;hb=a4f1bac62564049ea4718c4624b0fadc9f597c84;f=net/xfrm/xfrm_user.c
+ http://frontal2.mandriva.com/security/advisories?name=MDKSA-2005:219
+ http://frontal2.mandriva.com/security/advisories?name=MDKSA-2005:220
+ http://www.ubuntulinux.org/support/documentation/usn/usn-169-1
+ http://www.novell.com/linux/security/advisories/2005_50_kernel.html
+ http://www.securityfocus.com/bid/14477
+ http://secunia.com/advisories/16298
+ http://secunia.com/advisories/16500
+ http://xforce.iss.net/xforce/xfdb/21710
+Description: 
+ Array index overflow in the xfrm_sk_policy_insert function in xfrm_user.c
+ in Linux kernel 2.6 allows local users to cause a denial of service (oops
+ or deadlock) and possibly execute arbitrary code via a p->dir value that is
+ larger than XFRM_POLICY_OUT, which is used as an index in the sock->sk_policy
+ array.
+Notes: 
+Bugs: 321401
+upstream: 
+linux-2.6: released (2.6.12-2)
+2.6.8-sarge-security: released (2.6.8-16sarge1)
+2.4.27-sarge-security: released (2.4.27-10sarge1) [176_ipsec-array-overflow.diff]
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2005-2457 b/retired/CVE-2005-2457
new file mode 100644
index 00000000..06715f7f
--- /dev/null
+++ b/retired/CVE-2005-2457
@@ -0,0 +1,27 @@
+Candidate: CVE-2005-2457
+References: 
+ URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2457
+ CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.5
+ UBUNTU:USN-169-1
+ URL:http://www.ubuntulinux.org/support/documentation/usn/usn-169-1
+ BID:14614
+ URL:http://www.securityfocus.com/bid/14614
+ SECUNIA:16355
+ URL:http://secunia.com/advisories/16355/
+Description: 
+ The driver for compressed ISO file systems (zisofs) in the Linux
+ kernel before 2.6.12.5 allows local users and remote attackers to
+ cause a denial of service (kernel crash) via a crafted compressed ISO
+ file system.
+upstream: released (2.6.12.5)
+2.6.8-sarge-security: released (2.6.8-16sarge2) [zisofs.diff]
+2.4.27-sid/sarge: pending [187_zisofs-2.diff]
+2.4.27-sarge-security: released (2.4.27-10sarge2) [187_zisofs-2.diff]
+linux-2.6: released (2.6.12-3) [linux-2.6.12.5.patch]
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2005-2458 b/retired/CVE-2005-2458
new file mode 100644
index 00000000..6d7b55a2
--- /dev/null
+++ b/retired/CVE-2005-2458
@@ -0,0 +1,32 @@
+Candidate: CVE-2005-2458
+References: 
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2458
+ Final-Decision:
+ Interim-Decision:
+ Modified:
+ Proposed:
+ Assigned: 20050805
+ Category: SF
+ MLIST:[bug-gnu-utils] 19990625 Re: bug in gzip: segfault when doing "gzip -t" on a broken file
+ URL:http://sources.redhat.com/ml/bug-gnu-utils/1999-06/msg00183.html
+ CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.5
+ UBUNTU:USN-169-1
+ URL:http://www.ubuntulinux.org/support/documentation/usn/usn-169-1
+ SECUNIA:16355
+ URL:http://secunia.com/advisories/16355/
+Description: 
+ inflate.c in the zlib routines in the Linux kernel before 2.6.12.5
+ allows remote attackers to cause a denial of service (kernel crash)
+ via a compressed file with "improper tables".
+upstream: released (2.6.12.5)
+linux-2.6: released (2.6.12-3) [linux-2.6.12.5.patch]
+2.6.8-sarge-security: released (2.6.8-16sarge1) [linux-zlib-fixes.dpatch]
+2.4.27-sid/sarge: released (2.4.27-11) [182_linux-zlib-fixes.diff]
+2.4.27-sarge-security: released (2.4.27-10sarge1) [182_linux-zlib-fixes.diff]
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2005-2459 b/retired/CVE-2005-2459
new file mode 100644
index 00000000..2bdc6f42
--- /dev/null
+++ b/retired/CVE-2005-2459
@@ -0,0 +1,31 @@
+Candidate: CVE-2005-2459
+References: 
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2459
+ MISC:http://bugs.gentoo.org/show_bug.cgi?id=94584
+ CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.5
+ UBUNTU:USN-169-1
+ URL:http://www.ubuntulinux.org/support/documentation/usn/usn-169-1
+ SECUNIA:16355
+ URL:http://secunia.com/advisories/16355/
+Description: 
+ The huft_build function in inflate.c in the zlib routines in the Linux
+ kernel before 2.6.12.5 returns the wrong value, which allows remote
+ attackers to cause a denial of service (kernel crash) via a certain
+ compressed file that leads to a null pointer dereference, a different
+ vulnerability than CVE-2005-2458.
+Notes: 
+ This is a bogus fix that was applied in 2.6.12.5 and reverted in 2.6.12.6
+ http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.6
+ We included the broken fix in the sarge1 releases, so this backs it out.
+upstream: released (2.6.12.5)
+linux-2.6: released (2.6.12.3)
+2.6.8-sarge-security: released (2.6.8-16sarge1) [linux-zlib-fixes.dpatch]
+2.4.27-sid/sarge: released (2.4.27-11) [182_linux-zlib-fixes.diff]
+2.4.27-sarge-security: released (2.4.27-10sarge1) [182_linux-zlib-fixes.diff]
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2005-2490 b/retired/CVE-2005-2490
new file mode 100644
index 00000000..d06ca172
--- /dev/null
+++ b/retired/CVE-2005-2490
@@ -0,0 +1,36 @@
+Candidate: CVE-2005-2490
+References: 
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2490
+ Final-Decision:
+ Interim-Decision:
+ Modified:
+ Proposed:
+ Assigned: 20050808
+ Category: SF
+ MISC:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166248
+ CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.13.1
+ UBUNTU:USN-178-1
+ URL:http://www.ubuntu.com/usn/usn-178-1
+ BID:14785
+ URL:http://www.securityfocus.com/bid/14785
+ SECUNIA:16747
+ URL:http://secunia.com/advisories/16747/
+ XF:kernel-sendmsg-bo(22217)
+ URL:http://xforce.iss.net/xforce/xfdb/22217
+Description: 
+ Stack-based buffer overflow in the sendmsg function call in the Linux
+ kernel 2.6 before 2.6.13.1 allows local users execute arbitrary code
+ by calling sendmsg and modifying the message contents in another
+ thread.
+upstream: released (2.6.13.1), released (2.4.33-pre1)
+linux-2.6: released (2.6.12-7, 2.6.13-1) [sendmsg-stackoverflow.patch, linux-2.6.13.1.patch]
+2.6.8-sarge-security: released (2.6.8-16sarge2) [sendmsg-stackoverflow.dpatch]
+2.4.27-sid/sarge: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2005-2492 b/retired/CVE-2005-2492
new file mode 100644
index 00000000..efc21d41
--- /dev/null
+++ b/retired/CVE-2005-2492
@@ -0,0 +1,35 @@
+Candidate: CVE-2005-2492
+References: 
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2492
+ Final-Decision:
+ Interim-Decision:
+ Modified:
+ Proposed:
+ Assigned: 20050808
+ Category: SF
+ MISC:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166830
+ CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.13.1
+ UBUNTU:USN-178-1
+ URL:http://www.ubuntu.com/usn/usn-178-1
+ BID:14787
+ URL:http://www.securityfocus.com/bid/14787
+ SECUNIA:16747
+ URL:http://secunia.com/advisories/16747/
+ XF:kernel-rawsendmsg-obtain-information(22218)
+ URL:http://xforce.iss.net/xforce/xfdb/22218
+Description: 
+ The raw_sendmsg function in the Linux kernel 2.6 before 2.6.13.1
+ allows local users to cause a denial of service (change hardware
+ state) or read from arbitrary memory via crafted input.
+upstream: released (2.6.13.1)
+linux-2.6: released (2.6.12-7, 2.6.13-1) [sendmsg-DoS.patch, linux-2.6.13.1.patch]
+2.6.8-sarge-security: N/A
+2.4.27-sid/sarge: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2005-2548 b/retired/CVE-2005-2548
new file mode 100644
index 00000000..7aa9f590
--- /dev/null
+++ b/retired/CVE-2005-2548
@@ -0,0 +1,27 @@
+Candidate: CVE-2005-2548
+References: 
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2548
+ Final-Decision:
+ Interim-Decision:
+ Modified:
+ Proposed:
+ Assigned: 20050812
+ Category: SF
+ CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=309308
+Description: 
+ vlan_dev.c in Linux kernel 2.6.8 allows remote attackers to cause a
+ denial of service (kernel oops from null dereference) via certain UDP
+ packets that lead to a function call with the wrong argument, as
+ demonstrated using snmpwalk on snmpd.
+upstream: released (2.4.29)
+2.6.8-sarge-security: released (2.6.8-16sarge1) [vlan-mii-ioctl.dpatch]
+2.4.27-sid/sarge: N/A
+2.4.27-sarge-security: N/A
+linux-2.6: N/A
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2005-2553 b/retired/CVE-2005-2553
new file mode 100644
index 00000000..444d853c
--- /dev/null
+++ b/retired/CVE-2005-2553
@@ -0,0 +1,24 @@
+Candidate: CVE-2005-2553
+References: 
+ URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2553
+ CONFIRM:http://lkml.org/lkml/2005/1/5/245
+ CONFIRM:http://linux.bkbits.net:8080/linux-2.4/cset@41dd3455GwQPufrGvBJjcUOXQa3WXA
+Description: 
+ The find_target function in ptrace32.c in the Linux kernel 2.4.x
+ before 2.4.29 does not properly handle a NULL return value from
+ another function, which allows local users to cause a denial of
+ service (kernel crash/oops) by running a 32-bit ltrace program with
+ the -i option on a 64-bit executable program.
+Bugs: 
+upstream: released (2.4.29)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sid/sarge: pending [184_arch-x86_64-ia32-ptrace32-oops.diff]
+2.4.27-sarge-security: released (2.4.27-10sarge1) [184_arch-x86_64-ia32-ptrace32-oops.diff]
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2005-2555 b/retired/CVE-2005-2555
new file mode 100644
index 00000000..4c466519
--- /dev/null
+++ b/retired/CVE-2005-2555
@@ -0,0 +1,21 @@
+Candidate: CVE-2005-2555
+References: 
+ URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2555
+Description: 
+ Linux kernel 2.6.x does not properly restrict socket policy access to users
+ with the CAP_NET_ADMIN capability, which could allow local users to conduct
+ unauthorized activities via (1) ipv4/ip_sockglue.c and
+ (2) ipv6/ipv6_sockglue.c.
+Notes: 
+Bugs: 
+upstream: released (2.6.13)
+linux-2.6: released (2.6.13-1)
+2.6.8-sarge-security: released (2.6.8-16sarge2)
+2.4.27-sarge-security: released (2.4.27-10sarge2)
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2005-2708 b/retired/CVE-2005-2708
new file mode 100644
index 00000000..8c10fd12
--- /dev/null
+++ b/retired/CVE-2005-2708
@@ -0,0 +1,24 @@
+Candidate: CVE-2005-2708
+References: 
+ CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=161925
+Description: 
+ The search_binary_handler function in exec.c in Linux kernel on 64-bit x86
+ architectures does not check a return code for a particular function call when
+ virtual memory is low, which allows local users to cause a denial of service
+ (panic), as demonstrated by running a process using the bash ulimit -v
+ command.
+Notes:
+ This bug only affects 2.4 and AMD64, a combination that does not exist in
+ Debian
+Bugs: 
+upstream: released (2.4.33-pre1)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2005-2709 b/retired/CVE-2005-2709
new file mode 100644
index 00000000..12eb1c7e
--- /dev/null
+++ b/retired/CVE-2005-2709
@@ -0,0 +1,30 @@
+Candidate: CVE-2005-2709
+References: 
+ CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/chrisw/stable-queue.git;a=blob_plain;h=5dbbdc13a7bdbc132de44bc00e13079afaf033d0;f=2.6.14.1/cve-2005-2709-sysctl-unregistration-oops.patch
+Description: 
+ From: Al Viro <viro@zeniv.linux.org.uk>
+ .
+ You could open the /proc/sys/net/ipv4/conf/<if>/<whatever> file, then
+ wait for interface to go away, try to grab as much memory as possible in
+ hope to hit the (kfreed) ctl_table.  Then fill it with pointers to your
+ function. Then do read from file you've opened and if you are lucky,
+ you'll get it called as ->proc_handler() in kernel mode.
+Notes: 
+ CVE is reserved, so we can't take the description from there yet
+ .
+ dannf> arch/s390/appldata/appldata_base.c doesn't exist in 2.4, so I dropped
+ dannf> that hunk in my backport
+ .
+ **THIS IS AN ABI CHANGE**
+Bug: 
+upstream: released (2.6.14.1), released (2.4.33-pre1)
+linux-2.6: released (2.6.14-3)
+2.6.8-sarge-security: released (2.6.8-16sarge2) [sysctl-unregistration-oops.dpatch]
+2.4.27-sarge-security: released (2.4.27-10sarge2) [196_sysctl-unregistration-oops.patch]
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2005-2800 b/retired/CVE-2005-2800
new file mode 100644
index 00000000..6174e495
--- /dev/null
+++ b/retired/CVE-2005-2800
@@ -0,0 +1,24 @@
+Candidate: CVE-2005-2800
+References: 
+ URL:http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2005-2800
+Description: 
+ Memory leak in the seq_file implemenetation in the SCSI procfs interface
+ (sg.c) in Linux kernel 2.6.13 and earlier allows local users to cause a
+ denial of service (memory consumption) via certain repeated reads from the
+ /proc/scsi/sg/devices file, which is not properly handled when the next()
+ iterator returns NULL or an error.
+Notes: 
+ dannf> seq_file is a 2.6ism, so marking 2.4 as N/A
+ dannf> There's a trivial test case - can it be reproduce this on 2.4?
+Bugs: 
+upstream: released (2.6.12.6)
+linux-2.6: released (2.6.12-6)
+2.6.8-sarge-security: released (2.6.8-16sarge2)
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
+2.4.18-woody-security-hppa: N/A
diff --git a/retired/CVE-2005-2801 b/retired/CVE-2005-2801
new file mode 100644
index 00000000..975e4eec
--- /dev/null
+++ b/retired/CVE-2005-2801
@@ -0,0 +1,26 @@
+Candidate: CVE-2005-2801
+References: 
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2801
+ MLIST:[Acl-Devel] 20050205 [FIX] Long-standing xattr sharing bug
+ URL:http://acl.bestbits.at/pipermail/acl-devel/2005-February/001848.html
+ MLIST:[debian-kernel] 20050809 Re: ACL patches in Debian 2.4 series kernel.
+ URL:http://lists.debian.org/debian-kernel/2005/08/msg00238.html
+ SUSE:SUSE-SA:2005:018
+ URL:http://www.novell.com/linux/security/advisories/2005_18_kernel.html
+Description: 
+ xattr.c in the ext2 and ext3 file system code for Linux kernel 2.6
+ does not properly compare the name_index fields when sharing xattr
+ blocks, which could prevent default ACLs from being applied.
+Bugs: 332381
+upstream: released (2.6.11)
+2.6.8-sarge-security: released (2.6.8-16sarge1) [fs_ext2_ext3_xattr-sharing.dpatch]
+2.4.27-sarge-security: released (2.4.27-10sarge1) [178_fs_ext2_ext3_xattr-sharing.diff]
+2.4.27-sid: released (2.4.27-12) [178_fs_ext2_ext3_xattr-sharing.diff]
+linux-2.6: N/A
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2005-2872 b/retired/CVE-2005-2872
new file mode 100644
index 00000000..5fb79ff8
--- /dev/null
+++ b/retired/CVE-2005-2872
@@ -0,0 +1,31 @@
+Candidate: CVE-2005-2872
+References: 
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2872
+ Final-Decision:
+ Interim-Decision:
+ Modified:
+ Proposed:
+ Assigned: 20050909
+ Category: SF
+ Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=322237
+ Reference:
+ CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/chrisw/lsm-2.6.git;a=commit;h=bcfff0b471a60df350338bcd727fc9b8a6aa54b2
+Description: 
+ The ipt_recent kernel module (ipt_recent.c) in Linux kernel before
+ 2.6.12, when running on 64-bit processors such as AMD64, allows remote
+ attackers to cause a denial of service (kernel panic) via certain
+ attacks such as SSH brute force, which leads to memset calls using a
+ length based on the u_int32_t type, acting on an array of unsigned
+ long elements, a different vulnerability than CVE-2005-2873.
+upstream: released (2.6.12)
+2.6.8-sarge-security: released (2.6.8-16sarge1) [net-ipv4-netfilter-ip_recent-last_pkts.dpatch]
+2.4.27-sid/sarge: released (2.4.27-12) [179_net-ipv4-netfilter-ip_recent-last_pkts.diff]
+2.4.27-sarge-security: released (2.4.27-10sarge1) [179_net-ipv4-netfilter-ip_recent-last_pkts.diff]
+linux-2.6: N/A
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2005-2973 b/retired/CVE-2005-2973
new file mode 100644
index 00000000..ba46533d
--- /dev/null
+++ b/retired/CVE-2005-2973
@@ -0,0 +1,21 @@
+Candidate: CVE-2005-2973
+References: 
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2973
+ CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@4342df67SNhRx_3FGhUrrU-FXLlQIA
+Description: 
+ Fix infinite loop in udp_v6_get_port().
+Bugs: 
+Notes: 
+ submitted for inclusion in 2.4.32-rc2
+upstream: released (2.6.14-rc4)
+2.6.8-sarge-security: released (2.6.8-16sarge2) [net-ipv6-udp_v6_get_port-loop.patch]
+2.4.27-sarge-security: released (2.4.27-10sarge2) [195_net-ipv6-udp_v6_get_port-loop.diff]
+2.4.27-sarge/sid: pending (2.4.27-12)
+linux-2.6: released (2.6.13+2.6.14-rc4-0experimental.1)
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2005-3053 b/retired/CVE-2005-3053
new file mode 100644
index 00000000..27a385f0
--- /dev/null
+++ b/retired/CVE-2005-3053
@@ -0,0 +1,28 @@
+Candidate: CVE-2005-3053
+References: 
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3053
+ Final-Decision:
+ Interim-Decision:
+ Modified:
+ Proposed:
+ Assigned: 20050926
+ Category: SF
+ Reference: CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@42eef8b09C5r6iI0LuMe5Uy3k05c5g
+Description: 
+ The sys_set_mempolicy function in mempolicy.c in Linux kernel 2.6.x
+ allows local users to cause a denial of service (kernel BUG()) via a
+ negative first argument.
+Notes: 
+ horms> http://lkml.org/lkml/2005/9/30/218
+upstream: released (2.6.12.5)
+linux-2.6: released (2.6.12-3)
+2.6.8-sarge-security: released (2.6.8-16sarge2) [mempolicy-check-mode.dpatch]
+2.4.27-sid/sarge: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2005-3055 b/retired/CVE-2005-3055
new file mode 100644
index 00000000..c4da2529
--- /dev/null
+++ b/retired/CVE-2005-3055
@@ -0,0 +1,33 @@
+Candidate: CVE-2005-3055
+References: 
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3055
+ Final-Decision:
+ Interim-Decision:
+ Modified:
+ Proposed:
+ Assigned: 20050926
+ Category: SF
+ MLIST:[linux-kernel] 20050925 [BUG/PATCH/RFC] Oops while completing async USB via usbdevio
+ URL:http://marc.theaimsgroup.com/?l=linux-kernel&m=112766129313883
+Description: 
+ Linux kernel 2.6.8 to 2.6.14-rc2 allows local users to cause a denial
+ of service (kernel OOPS) via a userspace process that issues a USB
+ Request Block (URB) to a USB device and terminates before the URB is
+ finished, which leads to a stale pointer reference.
+Notes: 
+ horms> http://lkml.org/lkml/mbox/2005/10/11/90
+ horms> http://lkml.org/lkml/2005/10/11/90
+ horms> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330287;msg=21
+Bugs: 330287, 332587
+upstream: released (2.6.14-rc4)
+linux-2.6: released (2.6.14-1)
+2.6.8-sarge-security: released (2.6.8-16sarge2)
+2.4.27-sid/sarge: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2005-3106 b/retired/CVE-2005-3106
new file mode 100644
index 00000000..7b2b2e99
--- /dev/null
+++ b/retired/CVE-2005-3106
@@ -0,0 +1,33 @@
+Candidate: CVE-2005-3106
+References: 
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3106
+ Final-Decision: 
+ Interim-Decision: 
+ Modified: 
+ Proposed: 
+ Assigned: 20050930
+ Category: SF
+ CONFIRM:http://linux.bkbits.net:8080/linux-2.6/diffs/fs/exec.c@1.156?nav=index.html|src/|src/fs|hist/fs/exec.c
+Description: 
+ Race condition in Linux 2.6, when threads are sharing memory mapping
+ via CLONE_VM (such as linuxthreads and vfork), might allow local users
+ to cause a denial of service (deadlock) by triggering a core dump
+ while waiting for a thread that has just performed an exec.
+ .
+ Extra information from Moritz Muehlenhof:
+ CVE-2005-3106:
+ DoS through race condition in processes that share a memory mapping through
+ CLONE_VM
+ http://linux.bkbits.net:8080/linux-2.6/diffs/fs/exec.c@1.156?nav=index.html|src/|src/fs|hist/fs/exec.c
+upstream: released (2.6.11)
+2.6.8-sarge-security: released (2.6.8-16sarge1) [fs-exec-ptrace-core-exec-race.dpatch]
+2.4.27-sid/sarge: N/A
+2.4.27-sarge-security: N/A
+linux-2.6: N/A
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2005-3107 b/retired/CVE-2005-3107
new file mode 100644
index 00000000..5123c7b3
--- /dev/null
+++ b/retired/CVE-2005-3107
@@ -0,0 +1,33 @@
+Candidate: CVE-2005-3107
+References: 
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3107
+ Final-Decision: 
+ Interim-Decision: 
+ Modified: 
+ Proposed: 
+ Assigned: 20050930
+ Category: SF
+ CONFIRM:http://www.kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.11-rc1/2.6.11-rc1-mm1/broken-out/fix-coredump_wait-deadlock-with-ptracer-tracee-on-shared-mm.patch
+ CONFIRM:http://linux.bkbits.net:8080/linux-2.6/diffs/fs/exec.c@1.155?nav=index.html|src/|src/fs|hist/fs/exec.c
+Description: 
+ fs/exec.c in Linux 2.6, when one thread is tracing another thread that
+ shares the same memory map, might allow local users to cause a denial
+ of service (deadlock) by forcing a core dump when the traced thread is
+ in the TASK_TRACED state.
+ .
+ Extra information from Moritz Muehlenhof:
+ Local DoS through threads tracing each other by forcing a core dump, while the traced
+ thread is in TASK_TRACED state.
+ http://www.kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.11-rc1/2.6.11-rc1-mm1/broken-out/fix-coredump_wait-deadlock-with-ptracer-tracee-on-shared-mm.patch
+upstream: released (2.6.11)
+2.6.8-sarge-security: released (2.6.8-16sarge1) [fs-exec-ptrace-deadlock.dpatch]
+2.4.27-sid/sarge: N/A
+2.4.27-sarge-security: N/A
+linux-2.6: N/A
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2005-3108 b/retired/CVE-2005-3108
new file mode 100644
index 00000000..54985b8e
--- /dev/null
+++ b/retired/CVE-2005-3108
@@ -0,0 +1,31 @@
+Candidate: CVE-2005-3108
+References: 
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3108
+ Final-Decision: 
+ Interim-Decision: 
+ Modified: 
+ Proposed: 
+ Assigned: 20050930
+ Category: SF
+ CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=93ef70a217637ade3f335303a112b22a134a1ec2
+Description: 
+ mm/ioremap.c in Linux 2.6 on 64-bit x86 systems allows local users to
+ cause a denial of service or an information leak via an iremap on a
+ certain memory map that causes the iounmap to perform a lookup of a
+ page that does not exist.
+Notes: 
+ Extra information from Moritz Muehlenhof:
+ DoS and potential information leak in ioremap (seemingly specific to amd64)
+ http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=93ef70a217637ade3f335303a112b22a134a1ec2 
+upstream: released (2.6.11.12)
+2.6.8-sarge-security: released (2.6.8-16sarge1) [arch-x86_64-mm-ioremap-page-lookup.dpatch]
+2.4.27-sid/sarge: N/A
+2.4.27-sarge-security: N/A
+linux-2.6: N/A
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2005-3109 b/retired/CVE-2005-3109
new file mode 100644
index 00000000..2d36440f
--- /dev/null
+++ b/retired/CVE-2005-3109
@@ -0,0 +1,32 @@
+Candidate: CVE-2005-3109
+References: 
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3109
+ Final-Decision: 
+ Interim-Decision: 
+ Modified: 
+ Proposed: 
+ Assigned: 20050930
+ Category: SF
+ CONFIRM:http://www.kernel.org/git/gitweb.cgi?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=945b092011c6af71a0107be96e119c8c08776f3f
+Description: 
+ The HFS and HFS+ (hfsplus) modules in Linux 2.6 allows attackers to
+ cause a denial of service (oops) by using hfsplus to mount a
+ filesystem that is not hfsplus.
+Notes: 
+ Extra information from Moritz Muehlenhof:
+ Local DoS through oops by mounting a non-HFS+ filesystem as HFS+.
+ Asking upstream about 2.4: http://lkml.org/lkml/2005/10/7/3/index.html
+ dannf> Looks like, from the above thread, that 2.4 is not affected; marking
+        as such.
+upstream: released (2.6.11.12)
+2.6.8-sarge-security: released (2.6.8-16sarge1) [fs-hfs-oops-and-leak.dpatch]
+2.4.27-sid/sarge: N/A
+2.4.27-sarge-security: N/A
+linux-2.6: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
+2.4.18-woody-security-hppa: N/A
diff --git a/retired/CVE-2005-3110 b/retired/CVE-2005-3110
new file mode 100644
index 00000000..7b5f4922
--- /dev/null
+++ b/retired/CVE-2005-3110
@@ -0,0 +1,32 @@
+Candidate: CVE-2005-3110
+References: 
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3110
+ Final-Decision: 
+ Interim-Decision: 
+ Modified: 
+ Proposed: 
+ Assigned: 20050930
+ Category: SF
+ Reference: CONFIRM:http://sourceforge.net/mailarchive/forum.php?thread_id=6800453&forum_id=8572
+Description: 
+ Race condition in ebtables netfilter module (ebtables.c) in Linux 2.6,
+ when running on an SMP system that is operating under a heavy load,
+ might allow remote attackers to cause a denial of service (crash) via
+ a series of packets that cause a value to be modified after it has
+ been read but before it has been locked.
+Notes: 
+ Extra information from Moritz Muehlenhof:
+ DoS on SMP, potentially 2.4 and 2.6
+ http://sourceforge.net/mailarchive/forum.php?thread_id=6800453&forum_id=8572
+upstream: released (2.6.11.11)
+2.6.8-sarge-security: released (2.6.8-16sarge1) [net-bridge-netfilter-etables-smp-race.dpatch]
+2.4.27-sid/sarge: N/A
+2.4.27-sarge-security: N/A
+linux-2.6: N/A
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2005-3119 b/retired/CVE-2005-3119
new file mode 100644
index 00000000..85710594
--- /dev/null
+++ b/retired/CVE-2005-3119
@@ -0,0 +1,30 @@
+Candidate: CVE-2005-3119
+References: 
+ URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3119
+ CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@43483fddCiQX1WyG_orbko06TrjMVA
+ REDHAT:RHSA-2005:808
+ URL:http://www.redhat.com/support/errata/RHSA-2005-808.html
+ SECUNIA:17364
+ URL:http://secunia.com/advisories/17364
+Description: 
+ Memory leak in the request_key_auth_destroy function in request_key_auth in Linux
+ kernel 2.6.13 and earlier allows local users to cause a denial of service (memory
+ consumption) via a large number of authorization token keys.
+Notes: 
+ Plug request_key_auth memleak. This can be triggered by unprivileged
+ users, so is local DoS.
+ http://www.ussg.iu.edu/hypermail/linux/kernel/0510.0/1860.html
+ .
+ dannf> This file doesn't exist in 2.6.8, so sarge isn't vulnerable
+upstream: released (2.6.13.4, 2.6.14)
+linux-2.6: released (2.6.13+2.6.14-rc4-0experimental.1)
+2.6.8-sarge-security: N/A
+2.4.27-sid/sarge: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2005-3179 b/retired/CVE-2005-3179
new file mode 100644
index 00000000..f2b7e547
--- /dev/null
+++ b/retired/CVE-2005-3179
@@ -0,0 +1,27 @@
+Candidate: CVE-2005-3179
+References: 
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3179
+ Reference: CONFIRM:http://www.kernel.org/hg/linux-2.6/?cmd=changeset;node=d7067d7d1f92cba14963a430cfbd53098cbbc8fd
+ Reference: CONFIRM:http://bugs.gentoo.org/show_bug.cgi?id=107893
+Description: 
+ drm.c in Linux kernel 2.6.13 and earlier creates a debug file in sysfs
+ with world-readable and world-writable permissions, which allows local
+ users to enable DRM debugging and obtain sensitive information.
+Notes: 
+ (from Horms)
+ > > From: Dave Jones <davej@redhat.com>
+ > > 
+ > > Please consider for next 2.6.13, it is a minor security issue allowing
+ > > users to turn on drm debugging when they shouldn't...
+upstream: released (2.6.13.4)
+linux-2.6: released (2.6.13+2.6.14-rc4-0experimental.1)
+2.6.8-sarge-security: N/A
+2.4.27-sid/sarge: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2005-3180 b/retired/CVE-2005-3180
new file mode 100644
index 00000000..70d585c3
--- /dev/null
+++ b/retired/CVE-2005-3180
@@ -0,0 +1,31 @@
+Candidate: CVE-2005-3180
+References: 
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3180
+ CONFIRM:http://www.kernel.org/hg/linux-2.6/?cmd=changeset;node=feecb2ffde28639e60ede769c6f817dc536c677b
+Description: 
+ The Orinoco driver (orinoco.c) in Linux kernel 2.6.13 and earlier does
+ not properly clear memory from a previously used packet whose length
+ is increased, which allows remote attackers to obtain sensitive
+ information.
+Notes: 
+ > > From: Pavel Roskin <proski@gnu.org>
+ > > 
+ > > The orinoco driver can send uninitialized data exposing random pieces of
+ > > the system memory.  This happens because data is not padded with zeroes
+ > > when its length needs to be increased.
+ horms> a better fix for this is 
+ horms> http://mirror.local.valinux.co.jp/linux/kernel/v2.6/ChangeLog-2.6.15
+ horms> 192_orinoco-info-leak.diff is missing the ALIGN macro which is not
+ horms> defined elsewhere in 2.4. 
+ horms> is added by 192_orinoco-info-leak-2.diff
+upstream: released (2.6.13.4), released (2.4.33-pre2)
+linux-2.6: released (2.6.13+2.6.14-rc4-0experimental.1)
+2.6.8-sarge-security: released (2.6.8-16sarge2) [orinoco-info-leak.dpatch]
+2.4.27-sarge-security: released (2.4.27-10sarge2) [192_orinoco-info-leak.diff, 192_orinoco-info-leak-2.diff]
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2005-3181 b/retired/CVE-2005-3181
new file mode 100644
index 00000000..614a43ea
--- /dev/null
+++ b/retired/CVE-2005-3181
@@ -0,0 +1,24 @@
+Candidate: CVE-2005-3181
+References: 
+ URL: http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2005-3181
+ CONFIRM: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=829841146878e082613a49581ae252c071057c23
+Description: 
+ Linux kernel before 2.6.13.4, when CONFIG_AUDITSYSCALL is enabled, uses an
+ incorrect function to free names_cache memory, which prevents the memory
+ from being tracked by AUDITSYSCALL code and leads to a memory leak that
+ allows attackers to cause a denial of service (memory consumption).
+Notes: 
+ 2.4 isn't vulnerable because AUDITSYSCALL doesn't exist in 2.4
+Bugs: 
+upstream: released (2.6.13.4)
+2.6.8-sarge-security: released (2.6.8-16sarge2)
+2.4.27-sarge-security: N/A
+2.4.27-sarge/sid: N/A
+linux-2.6: released (2.6.13+2.6.14-rc4-0experimental.1)
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2005-3257 b/retired/CVE-2005-3257
new file mode 100644
index 00000000..f2dfa81f
--- /dev/null
+++ b/retired/CVE-2005-3257
@@ -0,0 +1,25 @@
+Candidate: CVE-2005-3257
+References: 
+ URL: http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2005-3257
+ CONFIRM: http://article.gmane.org/gmane.linux.debian.devel.bugs.general/8533
+Description: 
+ The VT implementation (vt_ioctl.c) in Linux kernel 2.6.12 allows local
+ users to use the KDSKBSENT ioctl on terminals of other users and gain
+ privileges, as demonstrated by modifying key bindings using loadkeys. 
+Bugs: 334113
+Notes: 
+ The first patch is the bit that adds the capability check; the second
+ one makes it less anal (only apply to writes).
+ jmm> The patch targeted to 2.6.14.4 is slightly different, needs to be
+ jmm> sorted out.
+upstream: released (2.4.32-rc3), released (2.6.15-rc1), released (2.6.14.4)
+2.6.8-sarge-security: released (2.6.8-16sarge2) [setkeys-needs-root-1.dpatch, setkeys-needs-root-2.dpatch]
+2.4.27-sarge-security: released (2.4.27-10sarge2) [197_setkeys-needs-root-1.diff, 197_setkeys-needs-root-2.diff]
+linux-2.6: released (2.6.14-6)
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2005-3271 b/retired/CVE-2005-3271
new file mode 100644
index 00000000..f2300a6c
--- /dev/null
+++ b/retired/CVE-2005-3271
@@ -0,0 +1,24 @@
+Candidate: CVE-2005-3271
+References: 
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3271
+ MLIST:[linux-kernel] 20040911 [PATCH] exec: fix posix-timers leak and pending signal loss
+ URL:http://www.ussg.iu.edu/hypermail/linux/kernel/0409.1/1107.html
+ CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@414b332fsZQvEUsfzKJIo-q2_ZH0hg
+Description: 
+ Exec in Linux kernel 2.6 does not properly clear posix-timers in
+ multi-threaded environments, which results in a resource leak and
+ could allow a large number of multiple local users to cause a denial
+ of service by using more posix-timers than specified by the quota for
+ a single user.        
+Bugs: 
+upstream: released (2.6.9)
+2.6.8-sarge-security: released (2.6.8-16sarge1) [fs-exec-posix-timers-leak-1.dpatch]
+2.4.27-sarge-security: N/A
+linux-2.6: N/A
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2005-3272 b/retired/CVE-2005-3272
new file mode 100644
index 00000000..62faaf83
--- /dev/null
+++ b/retired/CVE-2005-3272
@@ -0,0 +1,20 @@
+Candidate: CVE-2005-3272
+References: 
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3272
+ CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@1.3097.18.19?nav=index.html|src/|src/net|src/net/bridge|related/net/bridge/br_input.c
+Description: 
+ Linux kernel before 2.6.12 allows remote attackers to poison the
+ bridge forwarding table using frames that have already been dropped by
+ filtering, which can cause the bridge to forward spoofed packets.  
+Bugs: 
+upstream: released (2.6.12)
+2.6.8-sarge-security: released (2.6.8-16sarge1) [net-bridge-forwarding-poison-1.dpatch, net-bridge-mangle-oops-1.dpatch, net-bridge-mangle-oops-2.dpatch]
+2.4.27-sarge-security: N/A
+linux-2.6: released (2.6.12-1)
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2005-3273 b/retired/CVE-2005-3273
new file mode 100644
index 00000000..7226e3d8
--- /dev/null
+++ b/retired/CVE-2005-3273
@@ -0,0 +1,22 @@
+Candidate: CVE-2005-3273
+References: 
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3273
+ CONFIRM:http://linux.bkbits.net:8080/linux-2.6/diffs/net/rose/rose_route.c@1.16?nav=index.html|src/|src/net|src/net/rose|related/net/rose/rose_route.c|cset@1.2009.1.46
+ CONFIRM:http://lkml.org/lkml/2005/5/23/169
+Description: 
+ The rose_rt_ioctl function in rose_route.c for ROSE in Linux 2.6
+ kernels prior to 2.6.12 does not properly verify the ndigis argument
+ for a new route, which allows attackers to trigger array out-of-bounds
+ errors with a large number of digipeats.                      
+Bugs: 
+upstream: released (2.6.12)
+2.6.8-sarge-security: released (2.6.8-16sarge1) [net-rose-ndigis-verify.dpatch]
+2.4.27-sarge-security: N/A
+linux-2.6: released (2.6.12-1)
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2005-3274 b/retired/CVE-2005-3274
new file mode 100644
index 00000000..46e16aab
--- /dev/null
+++ b/retired/CVE-2005-3274
@@ -0,0 +1,24 @@
+Candidate: CVE-2005-3274
+References: 
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3274
+ CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git;a=commit;h=e684f066dff5628bb61ad1912de6e8058b5b4c7d
+ CONFIRM:http://lkml.org/lkml/2005/6/23/249
+ CONFIRM:http://lkml.org/lkml/2005/6/24/173  
+Description: 
+ Race condition in ip_vs_conn_flush in Linux 2.6 before 2.6.13 and 2.4
+ before 2.4.32-pre2, when running on SMP systems, allows local users to
+ cause a denial of service (null dereference) by causing a connection
+ timer to expire while the connection table is being flushed before the
+ appropriate lock is acquired.
+Bugs: 
+upstream: released (2.6.13, 2.4.32-pre2)
+linux-2.6: released (2.6.13-1)
+2.6.8-sarge-security: released (2.6.8-16sarge1) [net-ipv4-ipvs-conn_tab-race.dpatch]
+2.4.27-sarge-security: released (2.4.27-10sarge1)
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2005-3275 b/retired/CVE-2005-3275
new file mode 100644
index 00000000..9fc10e88
--- /dev/null
+++ b/retired/CVE-2005-3275
@@ -0,0 +1,23 @@
+Candidate: CVE-2005-3275
+References: 
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3275
+ CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@1.3596.79.34?nav=index.html|src/|src/net|src/net/ipv4|src/net/ipv4/netfilter|related/net/ipv4/netfilter/ip_nat_proto_udp.c
+Description: 
+ The NAT code (1) ip_nat_proto_tcp.c and (2) ip_nat_proto_udp.c in
+ Linux kernel 2.6 before 2.6.13 and 2.4 before 2.4.32-rc1 incorrectly
+ declares a variable to be static, which allows remote attackers to
+ cause a denial of service (memory corruption) by causing two packets
+ for the same protocol to be NATed at the same time, which leads to
+ memory corruption.    
+Bugs: 
+upstream: released (2.6.12.3)
+2.6.8-sarge-security: released (2.6.8-16sarge1) [netfilter-NAT-memory-corruption.dpatch]
+2.4.27-sarge-security: released (2.4.27-10sarge1) [174_net-ipv4-netfilter-nat-mem.diff]
+linux-2.6: released (2.6.12-1)
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2005-3276 b/retired/CVE-2005-3276
new file mode 100644
index 00000000..56a01b84
--- /dev/null
+++ b/retired/CVE-2005-3276
@@ -0,0 +1,21 @@
+Candidate: CVE-2005-3276
+References: 
+ CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@1.3700.4.106?nav=index.html|src/|src/arch|src/arch/i386|src/arch/i386/kernel|related/arch/i386/kernel/process.c
+ CONFIRM: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=71ae18ec690953e9ba7107c7cc44589c2cc0d9f1
+ URL:http://lkml.org/lkml/2005/8/3/36
+Description: 
+ The sys_get_thread_area function in Linux 2.6 kernels prior to 2.6.12.4 and
+ 2.6.13 does not entirely clear a user_desc structure before copying it
+ to userspace, resulting in a small information leak.
+Bugs: 
+upstream: released (2.6.12.4)
+linux-2.6: released (2.6.12-2)
+2.6.8-sarge-security: released (2.6.8-16sarge1) [sys_get_thread_area-leak.dpatch]
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2005-3356 b/retired/CVE-2005-3356
new file mode 100644
index 00000000..4da47902
--- /dev/null
+++ b/retired/CVE-2005-3356
@@ -0,0 +1,34 @@
+Candidate: CVE-2005-3356
+References: 
+ http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff_plain;h=7c7dce9209161eb260cdf9e9172f72c3a02379e6h+p=12dbf3fc4d06d2c0c4c44dc0612df04248b3cfd3
+Description: 
+ [PATCH] Fix double decrement of mqueue_mnt->mnt_count in sys_mq_open
+ .
+ Fixed the refcounting on failure exits in sys_mq_open() and
+ cleaned the logics up.  Rules are actually pretty simple - dentry_open()
+ expects vfsmount and dentry to be pinned down and it either transfers
+ them into created struct file or drops them.  Old code had been very
+ confused in that area - if dentry_open() had failed either in do_open()
+ or do_create(), we ended up dentry and mqueue_mnt dropped twice, once
+ by dentry_open() cleanup and then by sys_mq_open().
+ .
+ Fix consists of making the rules for do_create() and do_open()
+ same as for dentry_open() and updating the sys_mq_open() accordingly;
+ that actually leads to more straightforward code and less work on
+ normal path.
+ .
+ Signed-off-by: Al Viro <aviro@redhat.com>
+ Signed-off-by: Linus Torvalds <torvalds@osdl.org>
+Notes: 
+ jmm> Discovered by Doug Chapman
+Bugs: 
+upstream: released (2.6.15.2)
+linux-2.6: released (2.6.15-4)
+2.6.8-sarge-security: released (2.6.8-16sarge2)
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
diff --git a/retired/CVE-2005-3358 b/retired/CVE-2005-3358
new file mode 100644
index 00000000..bcb2ae93
--- /dev/null
+++ b/retired/CVE-2005-3358
@@ -0,0 +1,22 @@
+Candidate: CVE-2005-3358
+References: 
+ https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175683
+Description: 
+ Linux kernel 2.6.x, possibly before 2.6.11, allows local users to
+ cause a denial of service (panic) via a set_mempolicy call with a
+ 0 bitmask, which causes a panic when a page fault occurs.
+Notes: 
+ jmm> This was initially believed to be fixed as of 2.6.11, but this
+ jmm> turned out to be wrong.
+Bugs: 
+upstream: released (2.6.15)
+linux-2.6: released (2.6.15-1)
+2.6.8-sarge-security: released (2.6.8-16sarge2) [mempolicy-undefined-nodes.dpatch]
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
+2.4.18-woody-security-hppa: N/A
diff --git a/retired/CVE-2005-3359 b/retired/CVE-2005-3359
new file mode 100644
index 00000000..54534cbd
--- /dev/null
+++ b/retired/CVE-2005-3359
@@ -0,0 +1,35 @@
+Candidate: CVE-2005-3359
+References: 
+ http://linux.bkbits.net:8080/linux-2.6/cset@4339c66aLroC1_zunYKhEIbtIWrnwg
+ https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175769
+ http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=a79af59efd20990473d579b1d8d70bb120f0920c
+ CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@4339c66aLroC1_zunYKhEIbtIWrnwg
+ CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175769
+ UBUNTU:USN-263-1
+ URL:http://www.ubuntulinux.org/support/documentation/usn/usn-263-1
+ BID:17078
+ URL:http://www.securityfocus.com/bid/17078
+ SECUNIA:19220
+ URL:http://secunia.com/advisories/19220 
+Description: 
+ The atm module in Linux kernel 2.6 before 2.6.14 allows local users to cause a
+ denial of service (panic) via certain socket calls that produce inconsistent
+ reference counts for loadable protocol modules.
+Notes: 
+ dannf> Easily reproduced on 2.6.8, not reproducible on 2.4.27, so marking
+ dannf> 2.4 N/A
+ .
+ dannf> Note that atm is marked experimental in 2.6.8, and is not built
+ dannf> as a module on i386, amd64 or ia64 - but of course users could
+ dannf> build their own kernels, and this isn't atm specific
+Bugs: 
+upstream: released (2.6.14)
+linux-2.6: released (2.6.14-1)
+2.6.8-sarge-security: released (2.6.8-16sarge3)
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
diff --git a/retired/CVE-2005-3623 b/retired/CVE-2005-3623
new file mode 100644
index 00000000..928c8ebd
--- /dev/null
+++ b/retired/CVE-2005-3623
@@ -0,0 +1,21 @@
+Candidate: CVE-2005-3623
+References: 
+ http://permalink.gmane.org/gmane.linux.kernel/360868
+Description: 
+ We must check for MAY_SATTR before setting acls, which includes
+ checking for read-only exports: the lower-level setxattr operation
+ that eventually sets the acl cannot check export-level restrictions.
+Notes: 
+ jmm> NFS ACLs were only introduced somewhere between 2.6.12-2.6.14, so
+ jmm> Sarge and Woody are not vulnerable
+Bugs: 
+upstream: released (2.6.14.5), released (2.6.15-pre7)
+linux-2.6: released (2.6.14-7)
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
diff --git a/retired/CVE-2005-3783 b/retired/CVE-2005-3783
new file mode 100644
index 00000000..5edfb1da
--- /dev/null
+++ b/retired/CVE-2005-3783
@@ -0,0 +1,22 @@
+Candidate: CVE-2005-3783
+References: 
+ http://www.kernel.org/git/?p=linux/kernel/git/gregkh/linux-2.6.14.y.git;a=commit;h=082d52c56f642d21b771a13221068d40915a1409
+ http://www.kernel.org/git/?p=linux/kernel/git/gregkh/linux-2.6.14.y.git;a=blobdiff;h=fcfc4568b45f3f190ba320b0d5853836921cb8bc;hp=019e04ec065a55d8f28157d3a1f7ba06cafd347f;hb=082d52c56f642d21b771a13221068d40915a1409;f=kernel/ptrace.c
+Description: 
+ The ptrace functionality (ptrace.c) in Linux kernel 2.6 before 2.6.14.2,
+ using CLONE_THREAD, does not use the thread group ID to check whether it
+ is attaching to itself, which allows local users to cause a denial of
+ service (crash).
+Notes: 
+Bugs: 
+upstream: released (2.4.33-pre1, 2.6.14.2)
+linux-2.6: released (2.6.14-3)
+2.6.8-sarge-security: released (2.6.8-16sarge2) [ptrace-fix_self-attach_rule.dpatch]
+2.4.27-sarge-security: released (2.4.27-10sarge2) [201_ptrace-fix_self-attach_rule.diff]
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2005-3784 b/retired/CVE-2005-3784
new file mode 100644
index 00000000..ecaa8893
--- /dev/null
+++ b/retired/CVE-2005-3784
@@ -0,0 +1,21 @@
+Candidate: CVE-2005-3784
+References: 
+ http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7ed0175a462c4c30f6df6fac1cccac058f997739
+Description: 
+ The auto-reap of child processes in Linux kernel 2.6 before 2.6.15 includes processes
+ with ptrace attached,which leads to a dangling ptrace reference and allows local users
+ to cause a denial of service (crash).
+Notes: 
+ jmm,horms> 2.4 code seems very different and not vulnerable
+Bugs: 
+upstream: released (2.6.15)
+linux-2.6: released (2.6.15-1)
+2.6.8-sarge-security: released (2.6.8-16sarge2) [kernel-dont-reap-traced.dpatch]
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
+2.4.18-woody-security-hppa: N/A
diff --git a/retired/CVE-2005-3805 b/retired/CVE-2005-3805
new file mode 100644
index 00000000..dee7bc66
--- /dev/null
+++ b/retired/CVE-2005-3805
@@ -0,0 +1,22 @@
+Candidate: CVE-2005-3805
+References: 
+ http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=25f407f0b668f5e4ebd5d13e1fb4306ba6427ead
+Description: 
+ A locking problem in POSIX timer cleanup handling on exit in Linux kernel
+ 2.6.10 to 2.6.14, when running on SMP systems, allows local users to cause
+ a denial of service (deadlock) involving process CPU timers.
+Notes: 
+ The referenced patch was actually added in 2.6.14, so I think the vulnerable
+ versions listed in the description are wrong.
+Bugs: 
+upstream: released (2.6.14)
+linux-2.6: released (2.6.14-1)
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
+2.4.18-woody-security-hppa: N/A
diff --git a/retired/CVE-2005-3806 b/retired/CVE-2005-3806
new file mode 100644
index 00000000..de1ca218
--- /dev/null
+++ b/retired/CVE-2005-3806
@@ -0,0 +1,23 @@
+Candidate: CVE-2005-3806
+References: 
+ http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4ea6a8046bb49d43c950898f0cb4e1994ef6c89d
+ http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=blobdiff;h=bbbe80cdaf72a75a463aff9551e60b31e2f69061;hp=f841bde30c18493a94fd5d522b84724a8eb82a4a;hb=4ea6a8046bb49d43c950898f0cb4e1994ef6c89d;f=net/ipv6/ip6_flowlabel.c
+Description: 
+ The IPv6 flowlabel handling code (ip6_flowlabel.c) in Linux kernels
+ 2.4 up to 2.4.32 and 2.6 before 2.6.14 modifies the wrong variable in
+ certain circumstances, which allows local users to corrupt kernel memory
+ or cause a denial of service (crash) by triggering a free of non-allocated
+ memory.
+Notes: 
+Bugs: 
+upstream: released (2.6.14)
+linux-2.6: released (2.6.14-1)
+2.6.8-sarge-security: released (2.6.8-16sarge2) [net-ipv6-flowlabel-refcnt.dpatch]
+2.4.27-sarge-security: released (2.4.27-10sarge2) [net-ipv6-flowlabel-refcnt.dpatch]
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2005-3807 b/retired/CVE-2005-3807
new file mode 100644
index 00000000..28c164ba
--- /dev/null
+++ b/retired/CVE-2005-3807
@@ -0,0 +1,24 @@
+Candidate: CVE-2005-3807
+References: 
+ CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=dc15ae14e97ee9d5ed740cbb0b94996076d8b37e
+Description: 
+ [PATCH] VFS: Fix memory leak with file leases
+ .
+ Memory leak in the VFS file lease handling in locks.c in Linux kernels
+ 2.6.10 to 2.6.15 allows local users to cause a denial of service
+ (memory exhaustion) via certain Samba activities that cause an fasync
+ entry to be re-allocated by the fcntl_setlease function after the
+ fasync queue has already 
+Notes: 
+Bugs: 
+upstream: released (2.6.14.3) 
+linux-2.6: released (2.6.14-4)
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2005-3808 b/retired/CVE-2005-3808
new file mode 100644
index 00000000..47f74a1d
--- /dev/null
+++ b/retired/CVE-2005-3808
@@ -0,0 +1,19 @@
+Candidate: CVE-2005-3808
+References: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=479ef592f3664dd629417098c8599261c0f689ab
+Description:
+ Fix a 32 bit integer overflow in invalidate_inode_pages2_range.  Local DoS
+Notes:
+ horms> I don't see any evidence of this on 2.6.8 or 2.4.27
+ I didn't check the woody kernels, but it seems very unlikely it is there
+Bugs: 
+upstream: released (2.6.14.4)
+linux-2.6: released (2.6.14-4)
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2005-3809 b/retired/CVE-2005-3809
new file mode 100644
index 00000000..93e4f5db
--- /dev/null
+++ b/retired/CVE-2005-3809
@@ -0,0 +1,16 @@
+Candidate: CVE-2005-3809
+References: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=51df784ed739246a3774b300e5f536e17bec36ed
+Description: 
+Notes: 
+Bugs: 
+upstream: released (2.6.15-rc1, 2.6.14.3)
+linux-2.6: pending (2.6.14-4)
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2005-3810 b/retired/CVE-2005-3810
new file mode 100644
index 00000000..786a9235
--- /dev/null
+++ b/retired/CVE-2005-3810
@@ -0,0 +1,20 @@
+Candidate: CVE-2005-3810
+References: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=439a9994bb6ae3c7cab1f0b776bca6bc7aa58a11
+Description: 
+ [NETFILTER] ctnetlink: Fix oops when no ICMP ID info in message
+ .
+ This patch fixes an userspace triggered oops. If there is no ICMP_ID
+ info the reference to attr will be NULL.
+Notes: 
+Bugs: 
+upstream: released (2.6.15-rc1, 2.6.14.3)
+linux-2.6: released (2.6.14-4)
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2005-3847 b/retired/CVE-2005-3847
new file mode 100644
index 00000000..84af9587
--- /dev/null
+++ b/retired/CVE-2005-3847
@@ -0,0 +1,30 @@
+Candidate: CVE-2005-3847
+References: 
+ CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=dd12f48d4e8774415b528d3991ae47c28f26e1ac;hp=ade6648b3b11a5d81f6f28135193ab6d85d621db
+ MISC:http://groups.google.com/group/linux.kernel/browse_thread/thread/74683bcc8dbf0df3/bf540370894d3de0%23bf540370894d3de0?sa=X&oi=groupsr&start=0&num=3
+ MISC:http://svn.debian.org/wsvn/kernel/dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/nptl-signal-delivery-deadlock-fix.dpatch?op=file&rev=4458&sc=0
+Description: 
+ Bhavesh P. Davda reported a race condition that exists in Linux 2.6 kernels prior to
+ 2.6.13 and 2.6.12.6.  A deadlock can occur when a SIGKILL signal is sent to a real-time
+ threaded process that is dumping core, which can be used by a local user to initiate
+ a denial of service attack.
+Notes: 
+ handle_stop_signal() in 2.4 looks significantly different, and since this bug
+ is associated with NPTL, I don't think we need to worry about in 2.4.
+ CVE description is actually as follows:
+ signal.c in Linux kernel before 2.6.13 and 2.6.12.6 and earlier allows
+ local users to cause a denial of service (deadlock) by sending a
+ SIGKILL to a real-time threaded process while it is performing a core
+ dump.
+Bug: 
+upstream: released (2.6.12.6, 2.6.13)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-16sarge2) [nptl-signal-delivery-deadlock-fix.dpatch]
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2005-3848 b/retired/CVE-2005-3848
new file mode 100644
index 00000000..13cb1398
--- /dev/null
+++ b/retired/CVE-2005-3848
@@ -0,0 +1,32 @@
+Candidate: CVE-2005-3848
+References: 
+ CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=cb94c62c252796f42bb83fe40960d12f3ea5a82a
+ MISC:http://lkml.org/lkml/2005/8/26/173
+Description: 
+ Ollie Wild discovered a leak in the icmp_push_reply() function in Linux 2.6,
+ in which an ignored error returned by ip_append_data() would result in the
+ route and net_device not being freed.  A malicious remote user could exploit
+ this in order to initiate a denial of service attack.  This issue was fixed
+ in Linux 2.6.12.6 and 2.6.13.
+Notes: 
+ This code looks completely different in 2.4; neither ip_append_data() (the
+ function that returns an error) nor icmp_push_reply() (the function that fails
+ to check this error) exist.  So, I'm marking 2.4 as unaffected.
+ Actual CVE description:
+ Memory leak in the icmp_push_reply function in Linux 2.6 before
+ 2.6.12.6 and 2.6.13 allows remote attackers to cause a denial of
+ service (memory consumption) via a large number of crafted packets
+ that cause the ip_append_data function to fail, aka "DST leak in
+ icmp_push_reply."
+upstream: released (2.6.12.6, 2.6.13)
+2.6.8-sarge-security: released (2.6.8-16sarge2) [fix-dst-leak-in-icmp_push_reply.dpatch]
+2.4.27-sid/sarge: released (2.4.27-12) [188_fix-dst-leak-in-icmp_push_reply.diff]
+2.4.27-sarge-security: released (2.4.27-10sarge2) [188_fix-dst-leak-in-icmp_push_reply.diff]
+linux-2.6: 
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2005-3857 b/retired/CVE-2005-3857
new file mode 100644
index 00000000..414ec8fb
--- /dev/null
+++ b/retired/CVE-2005-3857
@@ -0,0 +1,24 @@
+Candidate: CVE-2005-3857 
+References: 
+ CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f3a9388e4ebea57583272007311fffa26ebbb305
+Description: 
+ [PATCH] VFS: local denial-of-service with file leases
+ .
+ The time_out_leases function in locks.c for Linux kernel before 2.6.15
+ allows local users to cause a denial of service (kernel log message
+ consumption) by causing a large number of broken leases, which is
+ recorded to the log using the printk function.
+Notes:
+ Sent for inclusion in 2.4.33
+Bugs: 
+upstream: released (2.6.15-rc2), needed (2.6.33)
+linux-2.6: released (2.6.14+2.6.15-rc5-0experimental.1)
+2.6.8-sarge-security: released (2.6.8-16sarge2)
+2.4.27-sarge-security: released (2.4.27-10sarge2)
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2005-3858 b/retired/CVE-2005-3858
new file mode 100644
index 00000000..0da7beed
--- /dev/null
+++ b/retired/CVE-2005-3858
@@ -0,0 +1,24 @@
+Candidate: CVE-2005-3858
+References: 
+ CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/chrisw/linux-2.6.12.y.git;a=commit;h=f982542ed2f495cbe94e6d9001878f27ea738b36
+ MISC:http://lkml.org/lkml/2005/8/26/175
+Description: 
+ ip6_input_finish() contains a memory leak in Linux kernels prior to
+ 2.6.12.6 and 2.6.13.  This could potentially be used to trigger a remote
+ denial of service (DoS) attack.
+Notes: 
+ dannf> Though the code in 2.4 is quite different, it looks to me like the
+ dannf> 2.4 code could be vulnerable.
+Bugs: 
+upstream: released (2.6.12.6, 2.6.13)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-16sarge2)
+2.4.27-sarge-security: released (2.4.27-10sarge2) [189_ipv6-skb-leak.diff]
+2.4.27-sid: released (2.4.27-12) [189_ipv6-skb-leak.diff]
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
+2.4.18-woody-security-hppa: 
diff --git a/retired/CVE-2005-4351 b/retired/CVE-2005-4351
new file mode 100644
index 00000000..63dec1f5
--- /dev/null
+++ b/retired/CVE-2005-4351
@@ -0,0 +1,23 @@
+Candidate: CVE-2005-4351
+References:
+ http://www.redteam-pentesting.de/advisories/rt-sa-2005-15.txt
+Description: 
+ The securelevels implementation in FreeBSD 7.0 and earlier, OpenBSD up to 3.8,
+ DragonFly up to 1.2, and Linux up to 2.6.15 allows root users to bypass
+ immutable settings for files by mounting another filesystem that masks the
+ immutable files while the system is running.
+Notes:
+ jmm> This affects the LSM module for BSD secure levels, not included in 2.4 and
+ jmm> 2.6.8
+ jmm> To be removed in 2.6.18 or 2.6.19
+Bugs: 
+upstream: 
+linux-2.6:
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
diff --git a/retired/CVE-2005-4352 b/retired/CVE-2005-4352
new file mode 100644
index 00000000..5ac5c560
--- /dev/null
+++ b/retired/CVE-2005-4352
@@ -0,0 +1,24 @@
+Candidate: CVE-2005-4352
+References: 
+ http://www.redteam-pentesting.de/advisories/rt-sa-2005-16.txt
+Description: 
+ The securelevels implementation in NetBSD 2.1 and earlier, and Linux 2.6.15
+ and earlier, allows local users to bypass time setting restrictions and set
+ the clock backwards by setting the clock ahead to the maximum unixtime value
+ (19 Jan 2038), which then wraps around to the minimum value (13 Dec 1901),
+ which can then be set ahead to the desired time, aka "settimeofday() time wrap."
+Notes: 
+ jmm> This affects the LSM module for BSD secure levels, not included in 2.6.8
+ jmm> and 2.4.27
+ jmm> To be removed in 2.6.18 or 2.6.19
+Bugs: 
+upstream: 
+linux-2.6:
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
diff --git a/retired/CVE-2005-4605 b/retired/CVE-2005-4605
new file mode 100644
index 00000000..e6f75575
--- /dev/null
+++ b/retired/CVE-2005-4605
@@ -0,0 +1,25 @@
+Candidate: CVE-2005-4605
+References: 
+ http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8b90db0df7187a01fb7177f1f812123138f562cf
+ http://marc.theaimsgroup.com/?l=full-disclosure&m=113535380422339&w=2
+ http://linux.bkbits.net:8080/linux-2.6/gnupatch@43b562ae6hJGLWZA4TNf2k-RzXnVlQ
+Description: 
+ The procfs code (proc_misc.c) in Linux 2.6.14.3 and other versions
+ before 2.6.15 allows attackers to read sensitive kernel memory via
+ unspecified vectors in which a signed value is added to an unsigned
+ value.
+Notes: 
+ jmm> 2.4 not affected as proc_file_lseek() contains a check for this
+ jmm> if (offset>=0 && (unsigned long long)offset<=file->f_dentry->d_inode->i_sb->s_maxbytes) {
+ jmm> Discovered by Karl Janmar
+Bugs: 
+upstream: released (2.6.15), released (2.6.14.6)
+linux-2.6: released (2.6.15-1)
+2.6.8-sarge-security: released (2.6.8-16sarge2) [proc-legacy-loff-underflow.dpatch]
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
diff --git a/retired/CVE-2005-4618 b/retired/CVE-2005-4618
new file mode 100644
index 00000000..c4e87ac6
--- /dev/null
+++ b/retired/CVE-2005-4618
@@ -0,0 +1,22 @@
+Candidate: CVE-2005-4618
+References:
+ http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15
+ http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8febdd85adaa41fa1fc1cb31286210fc2cd3ed0c 
+Description: 
+ Buffer overflow in sysctl in the Linux Kernel 2.6 before 2.6.15 allows
+ local users to cause a denial of service and possibly execute arbitrary
+ code via a long string, which causes sysctl to write a zero byte outside
+ the buffer.
+Notes:
+ jmm> Discovered by Yi Ying
+Bugs: 
+upstream: released (2.6.15)
+linux-2.6: released (2.6.15-1)
+2.6.8-sarge-security: released (2.6.8-16sarge2)
+2.4.27-sarge-security: released (2.4.27-10sarge2)
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
diff --git a/retired/CVE-2005-4635 b/retired/CVE-2005-4635
new file mode 100644
index 00000000..f0696f60
--- /dev/null
+++ b/retired/CVE-2005-4635
@@ -0,0 +1,29 @@
+Candidate: CVE-2005-4635
+References: 
+ MISC:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ea86575eaf99a9262a969309d934318028dbfacb
+ CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15
+ BID:16139
+ URL:http://www.securityfocus.com/bid/16139
+ FRSIRT:ADV-2006-0035
+ URL:http://www.frsirt.com/english/advisories/2006/0035
+ SECUNIA:18216
+ URL:http://secunia.com/advisories/18216 
+Description: 
+ The nl_fib_input function in fib_frontend.c in the Linux kernel before 2.6.15
+ does not check for valid lengths of the header and payload, which allows
+ remote attackers to cause a denial of service (invalid memory reference) via
+ malformed fib_lookup netlink messages.
+Notes: 
+ dannf> Well, I don't know how it could be exploited by an unpriveleged user -  dannf> but I don't think we need to worry about it.  The vulnerable function
+ dannf> wasn't added until after 2.6.12, and is already fixed in 2.6.15.
+Bugs: 
+upstream: released (2.6.15)
+linux-2.6: released (2.6.15-1)
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
diff --git a/retired/CVE-2005-4639 b/retired/CVE-2005-4639
new file mode 100644
index 00000000..1fb9348b
--- /dev/null
+++ b/retired/CVE-2005-4639
@@ -0,0 +1,25 @@
+Candidate: CVE-2005-4639
+References: 
+ CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15
+ URL:http://www.securityfocus.com/bid/16142
+ URL:http://www.frsirt.com/english/advisories/2006/0035
+ URL:http://secunia.com/advisories/18216
+Description: 
+ Buffer overflow in the CA-driver (dst_ca.c) for TwinHan DST Frontend/
+ Card in Linux kernel 2.6.12 and other versions before 2.6.15 allows
+ local users to cause a denial of service (crash) and possibly execute
+ arbitrary code by "reading more than 8 bytes into an 8 byte long array".
+Notes: 
+ jmm> Discovered by Perceval Anichini
+ dannf> Driver wasn't added till after 2.6.8
+Bugs: 
+upstream: released (2.6.15)
+linux-2.6: released (2.6.15-1)
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
diff --git a/retired/CVE-2006-0035 b/retired/CVE-2006-0035
new file mode 100644
index 00000000..fbcdac97
--- /dev/null
+++ b/retired/CVE-2006-0035
@@ -0,0 +1,19 @@
+Candidate: CVE-2006-0035
+References: 
+ http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ad8e4b75c8a7bed475d72ce09bf5267188621961
+Description: 
+ Sanity check nlmsg_len during netlink_rcv_skb.  An nlmsg_len == 0 can cause
+ infinite loop in kernel, effectively DoSing machine.  Noted by Matin Murray.
+Notes: 
+ dannf> The vulnerable code doesn't exist in <= 2.6.8
+Bugs: 
+upstream: released (2.6.15.1)
+linux-2.6: released (2.6.15-3)
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
diff --git a/retired/CVE-2006-0036 b/retired/CVE-2006-0036
new file mode 100644
index 00000000..0f811535
--- /dev/null
+++ b/retired/CVE-2006-0036
@@ -0,0 +1,21 @@
+Candidate: CVE-2006-0036
+References:
+ http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=15db34702cfafd24acc60295cf14861e4975\02ab 
+Description: 
+ When an inbound PPTP_IN_CALL_REQUEST packet is received the
+ PPTP NAT helper uses a NULL pointer in pointer arithmentic to
+ calculate the offset in the packet which needs to be mangled
+ and corrupts random memory or crashes.
+Notes: 
+ jmm> This is not included in 2.4 and 2.6.8
+Bugs: 
+upstream: released (2.6.15.1)
+linux-2.6: released (2.6.15-3)
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
diff --git a/retired/CVE-2006-0037 b/retired/CVE-2006-0037
new file mode 100644
index 00000000..b9e97843
--- /dev/null
+++ b/retired/CVE-2006-0037
@@ -0,0 +1,21 @@
+Candidate: CVE-2006-0037
+References: http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=03b9feca89366952ae5dfe4ad8107b1ece50b710
+Description: 
+ The PPTP NAT helper calculates the offset at which the packet needs
+ to be mangled as difference between two pointers to the header. With
+ non-linear skbs however the pointers may point to two seperate buffers
+ on the stack and the calculation results in a wrong offset beeing
+ used.
+Notes:
+ jmm> The vulnerable code isn't present in 2.4 and 2.6.8 
+Bugs: 
+upstream: released (2.6.15.1)
+linux-2.6: released (2.6.15-3)
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
diff --git a/retired/CVE-2006-0038 b/retired/CVE-2006-0038
new file mode 100644
index 00000000..504f0c1d
--- /dev/null
+++ b/retired/CVE-2006-0038
@@ -0,0 +1,22 @@
+Candidate: CVE-2006-0038
+References: 
+ https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=186295
+ http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ee4bb818ae35f68d1f848eae0a7b150a38eb4168
+Description: 
+ Integer overflow in the do_replace function in netfilter for Linux
+ before 2.6.16-rc3, when using "virtualization solutions" such as OpenVZ,
+ allows local users with CAP_NET_ADMIN rights to cause a buffer overflow
+ in the copy_from_user function.
+Notes:
+ dannf> Submitted to Marcelo for 2.4
+Bugs: 
+upstream: released (2.6.16-rc3)
+linux-2.6: released (2.6.16-1)
+2.6.8-sarge-security: released (2.6.8-16sarge3) [netfilter-do_replace-overflow.dpatch]
+2.4.27-sarge-security: released (2.4.27-10sarge3) [221_netfilter-do_replace-overflow.diff]
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
diff --git a/retired/CVE-2006-0039 b/retired/CVE-2006-0039
new file mode 100644
index 00000000..89597172
--- /dev/null
+++ b/retired/CVE-2006-0039
@@ -0,0 +1,13 @@
+Candidate: CVE-2006-0039
+References: 
+ https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=191698
+Description: netfilter do_add_counters race
+Notes: 
+ jmm> Only exploitable with CAP_NET_ADMIN privilege
+ jmm> exposure is leakage of sensitive information
+ dannf> Submitted to Marcelo for 2.4
+Bugs: 
+upstream: released (2.6.16.17)
+linux-2.6: released (2.6.16-14)
+2.6.8-sarge-security: released (2.6.8-16sarge3)
+2.4.27-sarge-security: released (2.4.27-10sarge3)
diff --git a/retired/CVE-2006-0095 b/retired/CVE-2006-0095
new file mode 100644
index 00000000..44fc3af1
--- /dev/null
+++ b/retired/CVE-2006-0095
@@ -0,0 +1,22 @@
+Candidate: CVE-2006-0095
+References: 
+ http://article.gmane.org/gmane.linux.kernel/363528/match=dm+crypt
+Description: 
+ dm-crypt does not clear struct crypt_config before freeing it. Thus,
+ information on the key could leak f.e. to a swsusp image even after the
+ encrypted device has been removed. The attached patch against 2.6.14 /
+ 2.6.15 fixes it.
+Notes: 
+ jhorms> 2.4 not affected as dm-crypt doesn't seem to exist
+ jmm> Discovered by Stefan Rompf
+Bugs: 
+upstream: released (2.6.16-rc1)
+linux-2.6: released (2.6.16-1)
+2.6.8-sarge-security: released (2.6.8-16sarge2) [dm-crypt-zero-key.dpatch]
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
diff --git a/retired/CVE-2006-0096 b/retired/CVE-2006-0096
new file mode 100644
index 00000000..d3adfd46
--- /dev/null
+++ b/retired/CVE-2006-0096
@@ -0,0 +1,34 @@
+Candidate: CVE-2006-0096
+References: 
+http://www.kernel.org/git/?p=linux/kernel/git/tglx/history.git;a=commitdiff;h=0f1d4813a4a65296e1131f320a60741732bc068f
+http://linux.bkbits.net:8080/linux-2.4/cset@1.1448.91.23?nav=index.html|src/|src/drivers|src/drivers/net|src/drivers/net/wan|related/drivers/net/wan/sdla.c
+Description: 
+Notes: 
+ jmm> This was accidentally released as a fix for CVE-2004-2607 in 2.4.27-8:
+ jmm> 
+ jmm> diff -Nru a/drivers/net/wan/sdla.c b/drivers/net/wan/sdla.c
+ jmm> --- a/drivers/net/wan/sdla.c    2005-01-13 08:41:42 -08:00
+ jmm> +++ b/drivers/net/wan/sdla.c    2005-01-13 08:41:42 -08:00
+ jmm> @@ -1300,6 +1300,8 @@
+ jmm>
+ jmm>                case SDLA_WRITEMEM:
+ jmm>                case SDLA_READMEM:
+ jmm> +                       if(!capable(CAP_SYS_RAWIO))
+ jmm> +                               return -EPERM;
+ jmm>                         return(sdla_xfer(dev, (struct sdla_mem *)ifr->ifr_data, cmd == SDLA_READMEM));
+ jmm> 
+ jmm>                case SDLA_START:
+ horms> I only see reference to CVE-2004-2607 in patch-tracking,
+ horms> not in the changelog for 2.4.27-8, so I don't think the first line
+ horms> of the statement above is correct
+Bugs: 
+upstream: released (2.6.11), fixed (2.4.29)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-16sarge2) [net-sdla-coverty.dpatch]
+2.4.27-sarge-security: released (2.4.27-8) [129_net_sdla_coverty.diff]
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
diff --git a/retired/CVE-2006-0456 b/retired/CVE-2006-0456
new file mode 100644
index 00000000..b164ee1a
--- /dev/null
+++ b/retired/CVE-2006-0456
@@ -0,0 +1,20 @@
+Candidate: CVE-2006-0456
+References: 
+ http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=331c46591414f7f92b1cec048009abe89892ee79
+Description: 
+ strnlen_user() on s390 and s390x does not return a value greater than 
+ maxlen if the string is looking at is longer than maxlen; instead it 
+ returns maxlen.
+Notes: 
+ jmm> 2.4 doesn't have an assembly version
+Bugs: 
+upstream: released (2.6.16)
+linux-2.6: released (2.6.16-1)
+2.6.8-sarge-security: released (2.6.8-16sarge3)
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
diff --git a/retired/CVE-2006-0457 b/retired/CVE-2006-0457
new file mode 100644
index 00000000..e413d34e
--- /dev/null
+++ b/retired/CVE-2006-0457
@@ -0,0 +1,31 @@
+Candidate: CVE-2006-0457
+References: 
+ http://linux.bkbits.net:8080/linux-2.6/cset@43e385c7rMAIqryXIl7lGGdWgZ1Ivg
+ MANDRIVA:MDKSA-2006:059
+ URL:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:059
+ UBUNTU:USN-263-1
+ URL:http://www.ubuntulinux.org/support/documentation/usn/usn-263-1
+ BID:17084
+ URL:http://www.securityfocus.com/bid/17084
+ OSVDB:23894
+ URL:http://www.osvdb.org/23894
+ SECUNIA:19220
+ URL:http://secunia.com/advisories/19220 
+Description: 
+ Race condition in the (1) add_key, (2) request_key, and (3) keyctl functions
+ in Linux kernel 2.6.x allows local users to cause a denial of service (crash)
+ or read sensitive kernel memory by modifying the length of a string argument
+ between the time that the kernel calculates the length and when it copies the
+ data into kernel memory.
+Notes: 
+Bugs: 
+upstream: released (2.6.10)
+linux-2.6: released (2.6.10-1)
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
diff --git a/retired/CVE-2006-0482 b/retired/CVE-2006-0482
new file mode 100644
index 00000000..47100448
--- /dev/null
+++ b/retired/CVE-2006-0482
@@ -0,0 +1,21 @@
+Candidate: CVE-2006-0482
+References: http://lists.debian.org/debian-sparc/2006/01/msg00129.html
+            http://marc.theaimsgroup.com/?t=113861017400002&r=1&w=2
+	    http://marc.theaimsgroup.com/?l=linux-sparc&m=113861287813463&w=2
+Description: date -s run as a normal user hangs machine on sparc64
+Notes: 
+ Jurij Smakov> sparc32 would be tricky to test and i don't know about 2.4.27
+ dannf> Code isn't present in 2.4, and Jurij couldn't reproduce it there 
+ dannf> I can't reproduce on sparc32, which makes sense because the bug is
+ dannf> in sparc64 32-bit compat code
+Bugs: 
+upstream: pending (2.6.16-rc2)
+linux-2.6: pending (2.6.16-4) [sparc64-clock-settime.patch]
+2.6.8-sarge-security: released (2.6.8-16sarge2) [sparc64-clock-settime.dpatch]
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
diff --git a/retired/CVE-2006-0554 b/retired/CVE-2006-0554
new file mode 100644
index 00000000..d6117ab6
--- /dev/null
+++ b/retired/CVE-2006-0554
@@ -0,0 +1,18 @@
+Candidate: CVE-2006-0554
+References: 
+ http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15.5
+Description: 
+ Linux kernel 2.6 before 2.6.15.5 allows local users to obtain sensitive
+ information via a crafted XFS ftruncate call, which may return stale data.
+Notes: 
+Bugs: 
+upstream: released (2.6.15.5)
+linux-2.6: released (2.6.15-8)
+2.6.8-sarge-security: released (2.6.8-16sarge3)
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
diff --git a/retired/CVE-2006-0555 b/retired/CVE-2006-0555
new file mode 100644
index 00000000..1d38a731
--- /dev/null
+++ b/retired/CVE-2006-0555
@@ -0,0 +1,19 @@
+Candidate: CVE-2006-0555
+References: 
+ http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15.5
+Description: 
+ The Linux Kernel before 2.6.15.5 allows local users to cause a denial of
+ service (NFS client panic) via unknown attack vectors related to the use of
+ O_DIRECT (direct I/O).
+Notes: UBUNTU:USN-263-1
+Bugs: 
+upstream: released (2.6.15.5)
+linux-2.6: released (2.6.15-8)
+2.6.8-sarge-security: released (2.6.8-16sarge3)
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
diff --git a/retired/CVE-2006-0557 b/retired/CVE-2006-0557
new file mode 100644
index 00000000..07b4435a
--- /dev/null
+++ b/retired/CVE-2006-0557
@@ -0,0 +1,20 @@
+Candidate: CVE-2006-0557
+References: 
+ http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=636f13c174dd7c84a437d3c3e8fa66f03f7fda63
+ http://www.securityfocus.com/bid/16924
+Description: 
+ Local DoS in mempolicy code; certain maxnodes values cause a crash.
+Notes: 
+ Fixed in git on Feb 17, dunno about 2.6.15.x
+ dannf> mempolicy.c doesn't exist in 2.4, marking N/A
+Bugs: 
+upstream: released (2.6.16-rc4)
+linux-2.6: released (2.6.16-1)
+2.6.8-sarge-security: released (2.6.8-16sarge3)
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
diff --git a/retired/CVE-2006-0741 b/retired/CVE-2006-0741
new file mode 100644
index 00000000..0fcd6859
--- /dev/null
+++ b/retired/CVE-2006-0741
@@ -0,0 +1,20 @@
+Candidate: CVE-2006-0741
+References: 
+Description: 
+ Fixes a local DOS on Intel systems that lead to an endless
+recursive fault.  AMD machines don't seem to be affected.
+Notes: 
+ 2.6: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=5342fba5412cead88b61ead07168615dbeba1ee3
+ .
+ This is amd64-specific (em64t in particular), so we could ignore it for 2.4
+Bugs: 
+upstream: released (2.6.15.5)
+linux-2.6: released (2.6.15-8)
+2.6.8-sarge-security: released (2.6.8-16sarge3) [binfmt-bad-elf-entry-address.dpatch]
+2.4.27-sarge-security: released (2.4.27-10sarge3) [222_binfmt-bad-elf-entry-address.diff]
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
diff --git a/retired/CVE-2006-0742 b/retired/CVE-2006-0742
new file mode 100644
index 00000000..36546475
--- /dev/null
+++ b/retired/CVE-2006-0742
@@ -0,0 +1,21 @@
+Candidate: CVE-2006-0742
+References: 
+ http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=e963701a761aede31c9c1bfc74cf8e0ec671f0f4;hp=eb0911e27e8c6778d6c8ec95b7dd60c002d923c3
+Description: 
+ The die_if_kernel function in arch/ia64/kernel/unaligned.c in Linux kernel
+ 2.6.x before 2.6.15.6, possibly when compiled with certain versions of gcc,
+ has the "noreturn" attribute set, which allows local users to cause a denial
+ of service by causing user faults on Itanium systems.
+Notes: 
+ dannf> Forwarded to Bjorn for 2.4-ia64 inclusion
+Bugs: 
+upstream: released (2.6.15.6)
+linux-2.6: released (2.6.15-8)
+2.6.8-sarge-security: released (2.6.8-16sarge3)
+2.4.27-sarge-security: released (2.4.27-10sarge3)
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
diff --git a/retired/CVE-2006-1055 b/retired/CVE-2006-1055
new file mode 100644
index 00000000..3b264a56
--- /dev/null
+++ b/retired/CVE-2006-1055
@@ -0,0 +1,26 @@
+Candidate: CVE-2006-1055
+References: 
+Description: 
+ Quoting Greg KH:
+ Al just pointed me at an old sysfs patch that went into the tree last
+ year that has some potential security problems.  Turns out that if you
+ write to a sysfs file exactly PAGE_SIZE worth of data, with no zeros in
+ it, there's a good chance you could read off the end of the kernel
+ buffer into who knows where.
+Notes: 
+ jmm> This was judged non-exploitable by Al Viro, but it's still a local DoS
+ jmm> 2.4 N/A, as it doesn't have sysfs
+ .
+ troyh> N/A for sarge, it was broken in 2.6.12 - 2.6.17-rc1. 2.6.8 is fine,
+        and since its's sysfs 2.4 is N/A.
+Bugs: 
+upstream: released (2.6.17-rc1), released (2.6.16.2)
+linux-2.6: released (2.6.16-6)
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
diff --git a/retired/CVE-2006-1056 b/retired/CVE-2006-1056
new file mode 100644
index 00000000..af49eed2
--- /dev/null
+++ b/retired/CVE-2006-1056
@@ -0,0 +1,29 @@
+Candidate: CVE-2006-1056
+References: 
+ CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187910
+ CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187911
+ URL:http://marc.theaimsgroup.com/?l=linux-kernel&m=114548768214478&w=2
+ URL:http://www.securityfocus.com/bid/17600
+ URL:http://xforce.iss.net/xforce/xfdb/25871 
+Description: 
+ The Linux kernel before 2.6.16.9 and the FreeBSD kernel, when running on
+ AMD64 and other 7th and 8th generation AuthenticAMD processors, only
+ save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an
+ exception is pending, which allows one process to determine portions of the
+ state of floating point instructions of other processes, which can be
+ leveraged to obtain sensitive information such as cryptographic keys. NOTE:
+ this is the documented behavior of AMD64 processors, but it is inconsistent
+ with Intel processers in a security-relevant fashion that was not addressed
+ by the kernels.
+Notes: 
+Bugs: 
+upstream: released (2.4.33-pre3), released (2.6.16.9)
+linux-2.6: released (2.6.16-9)
+2.6.8-sarge-security: released (2.6.8-16sarge3)
+2.4.27-sarge-security: released (2.4.27-10sarge3)
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
diff --git a/retired/CVE-2006-1066 b/retired/CVE-2006-1066
new file mode 100644
index 00000000..7636fdd7
--- /dev/null
+++ b/retired/CVE-2006-1066
@@ -0,0 +1,40 @@
+Candidate: CVE-2006-1066
+References: 
+Description: 2.6.8 ia64 kernel w/ PREEMPT enabled permits local DoS (oops)
+Notes: 
+ From: 	dann frazier <dannf@dannf.org>
+ To: 	team@security.debian.org
+ Subject: 	kernel-image-2.6.8-ia64 - disable preempt
+ Date: 	Fri, 25 Mar 2005 18:57:59 -0700
+ .
+ hey security team,
+   Its likely that kernel-image-2.6.8-ia64 (2.6.8-12) will be the version
+ that ships in sarge.  This kernel has CONFIG_PREEMPT enabled, which has
+ at least one known issue in ptrace code that lets an unpriveleged
+ userspace process trigger an oops.  This issue went away upstream by
+ 2.6.9, but its unclear what actually fixed it.  SuSE/RedHat disable
+ PREEMPT for ia64 (or so I'm told), so they are not affected.  This same
+ test case does _not_ fail on x86, which also has PREEMPT enabled for
+ sarge.
+ .
+   This issue has been known for a while, but I waited until after d-i
+ RC3 to upload it, since it changes the ABI.  This fix is in the 2.6.8-13
+ build in unstable, but the release team is blocking this kernel from
+ normal sarge propagation to keep the kernel udebs in sync.
+ .
+ .
+ dannf> This is only a config change, so it requires no changes to
+ dannf> kernel-source-2.6.8, but I'll use the kernel-source version
+ dannf> for the pending/released tags to match the others.
+Bugs: 
+upstream: 
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-16sarge2)
+2.4.27-sarge-security: N/A
+2.6.8: needed
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
diff --git a/retired/CVE-2006-1242 b/retired/CVE-2006-1242
new file mode 100644
index 00000000..08a09c4a
--- /dev/null
+++ b/retired/CVE-2006-1242
@@ -0,0 +1,38 @@
+Candidate: CVE-2006-1242
+References: 
+http://www.kernel.org/git/gitweb.cgi?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1a55d57b107c3e06935763905dc0fb235214569d
+Description: 
+ [TCP]: Do not use inet->id of global tcp_socket when sending RST.
+ . 
+ The problem is in ip_push_pending_frames(), which uses:
+ .          if (!df) {
+ .                  __ip_select_ident(iph, &rt->u.dst, 0);
+ .          } else {
+ .                  iph->id = htons(inet->id++);
+ .          }
+ .
+ instead of ip_select_ident().
+ .
+ Right now I think the code is a nonsense. Most likely, I copied it from
+ old ip_build_xmit(), where it was really special, we had to decide
+ whether to generate unique ID when generating the first (well, the last)
+ fragment.
+ .
+ In ip_push_pending_frames() it does not make sense, it should use plain
+ ip_select_ident() instead.
+Notes: 
+ jmm> 2.4 doesn't seem to be affected, but I'd prefer a second look before
+ jmm> marking it N/A
+ .
+ dannf> troyh gave me a patch for 2.4, so I guess it is affected
+Bugs: 
+upstream: released (2.6.16.1)
+linux-2.6: released (2.6.16-4)
+2.6.8-sarge-security: released (2.6.8-16sarge3)
+2.4.27-sarge-security: released (2.4.27-10sarge3)
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
diff --git a/retired/CVE-2006-1342 b/retired/CVE-2006-1342
new file mode 100644
index 00000000..ae41638d
--- /dev/null
+++ b/retired/CVE-2006-1342
@@ -0,0 +1,25 @@
+Candidate: CVE-2006-1342
+References: 
+ http://marc.theaimsgroup.com/?l=linux-netdev&m=114148078223594&w=2
+ http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git;a=commit;h=09d3b3dcfa80c9094f1748c1be064b9326c9ef2b
+Description:
+ net/ipv4/af_inet.c in Linux kernel 2.4 does not clear sockaddr_in.sin_zero
+ before returning IPv4 socket names from the (1) getsockname, (2) getpeername,
+ and (3) accept functions, which allows local users to obtain portions of
+ potentially sensitive memory.
+Notes: 
+ jmm> getorigdst() requires the fix in 2.6.8, inet_getname() is already fixed
+ dannf> both CVE-2006-1342 & CVE-2006-1343 were fixed by the same patch;
+        however we actually coincidentally already fixed 1343 in the
+        043_ipsec.diff patch
+Bugs: 
+upstream: released (2.4.33-pre3)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: released (2.4.27-1)
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
diff --git a/retired/CVE-2006-1368 b/retired/CVE-2006-1368
new file mode 100644
index 00000000..df2f4997
--- /dev/null
+++ b/retired/CVE-2006-1368
@@ -0,0 +1,23 @@
+Candidate: CVE-2006-1368
+References: 
+ http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8763716bfe4d8a16bef28c9947cf9d799b1796a5
+ http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16
+Description: 
+ Buffer overflow in the USB Gadget RNDIS implementation in the Linux kernel before
+ 2.6.16 allows remote attackers to cause a denial of service (kmalloc'd memory
+ corruption) via a remote NDIS response to OID_GEN_SUPPORTED_LIST, which causes
+ memory to be allocated for the reply data but not the reply structure.
+Notes: 
+ dannf> Marcelo has posted a patch identical to ours and has asked for
+        feedback, so it should be upstream soon
+Bugs: 
+upstream: released (2.6.16) 
+linux-2.6: released (2.6.16-1)
+2.6.8-sarge-security: released (2.6.8-16sarge3)
+2.4.27-sarge-security: released (2.4.27-10sarge3)
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
diff --git a/retired/CVE-2006-1522 b/retired/CVE-2006-1522
new file mode 100644
index 00000000..0122676f
--- /dev/null
+++ b/retired/CVE-2006-1522
@@ -0,0 +1,16 @@
+Candidate: CVE-2006-1522
+References: 
+Description: 
+Notes:
+ jmm> Vulnerable code not present in 2.6.8 and 2.4
+Bugs: 
+upstream: released (2.6.16.3)
+linux-2.6: released (2.6.16-7)
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
diff --git a/retired/CVE-2006-1523 b/retired/CVE-2006-1523
new file mode 100644
index 00000000..61d6590a
--- /dev/null
+++ b/retired/CVE-2006-1523
@@ -0,0 +1,23 @@
+Candidate: CVE-2006-1523
+References: 
+ MLIST:[linux-kernel] 20060411 [PATCH] __group_complete_signal: remove bogus BUG_ON
+ URL:http://marc.theaimsgroup.com/?l=linux-kernel&m=114476543426600&w=2
+ CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188604
+ BID:17640
+ URL:http://www.securityfocus.com/bid/17640 
+Description: 
+ The __group_complete_signal function in the RCU signal handling (signal.c) in
+ Linux kernel 2.6.16, and possibly other versions, has unknown impact and
+ attack vectors related to improper use of BUG_ON.
+Notes: 
+Bugs: 
+upstream: released (2.6.16.4)
+linux-2.6: released (2.6.16-7)
+2.6.8-sarge-security: released (2.6.8-16sarge3)
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
diff --git a/retired/CVE-2006-1524 b/retired/CVE-2006-1524
new file mode 100644
index 00000000..5ed3b130
--- /dev/null
+++ b/retired/CVE-2006-1524
@@ -0,0 +1,28 @@
+Candidate: CVE-2006-1524
+References: 
+ CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.6
+ BID:17587
+ URL:http://www.securityfocus.com/bid/17587
+ SECUNIA:19664
+ URL:http://secunia.com/advisories/19664
+ SECUNIA:19657
+ URL:http://secunia.com/advisories/19657 
+Description: 
+ madvise_remove in Linux kernel 2.6.16 up to 2.6.16.6 does not follow
+ file and mmap restrictions, which allows local users to bypass IPC
+ permissions and replace portions of readonly tmpfs files with zeroes,
+ aka the MADV_REMOVE vulnerability. NOTE: this description was
+ originally written in a way that combined two separate issues. The
+ mprotect issue now has a separate name, CVE-2006-2071.
+Notes: 
+Bugs: 
+upstream: released (2.6.16.7)
+linux-2.6:
+2.6.8-sarge-security: released (2.6.8-16sarge3)
+2.4.27-sarge-security: released (2.4.27-10sarge3)
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
diff --git a/retired/CVE-2006-1525 b/retired/CVE-2006-1525
new file mode 100644
index 00000000..c7033bf5
--- /dev/null
+++ b/retired/CVE-2006-1525
@@ -0,0 +1,23 @@
+Candidate: CVE-2006-1525
+References: 
+ CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.8
+ CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189346
+ URL:http://www.securityfocus.com/bid/17593
+ URL:http://xforce.iss.net/xforce/xfdb/25872 
+Description: 
+ ip_route_input in Linux kernel 2.6 before 2.6.16.8 allows local users to
+ cause a denial of service (panic) via a request for a route for a multicast
+ IP address, which triggers a null dereference.
+Notes: 
+ dannf> Submitted to Marcelo for 2.4
+Bugs: 
+upstream: released (2.6.16.8)
+linux-2.6: released (2.6.16-9)
+2.6.8-sarge-security: released (2.6.8-16sarge3)
+2.4.27-sarge-security: released (2.4.27-10sarge3)
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
diff --git a/retired/CVE-2006-1527 b/retired/CVE-2006-1527
new file mode 100644
index 00000000..7bd36f71
--- /dev/null
+++ b/retired/CVE-2006-1527
@@ -0,0 +1,30 @@
+Candidate: CVE-2006-1527
+References: 
+ CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.13
+ TRUSTIX:2006-0024
+ URL:http://www.trustix.org/errata/2006/0024
+ BID:17806
+ URL:http://www.securityfocus.com/bid/17806
+ FRSIRT:ADV-2006-1632
+ URL:http://www.frsirt.com/english/advisories/2006/1632
+ OSVDB:25229
+ URL:http://www.osvdb.org/25229
+ SECUNIA:19926
+ URL:http://secunia.com/advisories/19926 
+Description: 
+ The SCTP-netfilter code in Linux kernel before 2.6.16.13 allows remote attackers to trigger a denial of
+ service (infinite loop) via unknown vectors that cause an invalid SCTP chunk size to be processed by the
+ for_each_sctp_chunk function.
+Notes: 
+ troyh> SCTP-netfilter code didn't exist until after 2.6.8
+Bugs: 
+upstream: released (2.6.16.13)
+linux-2.6: released (2.6.16-12)
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
diff --git a/retired/CVE-2006-1857 b/retired/CVE-2006-1857
new file mode 100644
index 00000000..2fe2e36e
--- /dev/null
+++ b/retired/CVE-2006-1857
@@ -0,0 +1,20 @@
+Candidate: CVE-2006-1857
+References: 
+ http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=a601266e4f3c479790f373c2e3122a766d123652;hp=dd2d1c6f2958d027e4591ca5d2a04dfe36ca6512
+Description: 
+ Buffer overflow in SCTP in Linux kernel before 2.6.16.17 allows remote
+ attackers to cause a denial of service (crash) and possibly execute arbitrary
+ code via a malformed HB-ACK chunk.
+Notes: 
+ dannf> Submitted to Marcelo for 2.4
+Bugs: 
+upstream: released (2.6.16.17)
+linux-2.6: released (2.6.16-14)
+2.6.8-sarge-security: released (2.6.8-16sarge3)
+2.4.27-sarge-security: released (2.4.27-10sarge3)
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
diff --git a/retired/CVE-2006-1858 b/retired/CVE-2006-1858
new file mode 100644
index 00000000..48b082a8
--- /dev/null
+++ b/retired/CVE-2006-1858
@@ -0,0 +1,20 @@
+Candidate: CVE-2006-1858
+References: 
+ http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=dd2d1c6f2958d027e4591ca5d2a04dfe36ca6512;hp=61c9fed41638249f8b6ca5345064eb1beb50179f
+Description: 
+ SCTP in Linux kernel before 2.6.16.17 allows remote attackers to cause a
+ denial of service (crash) and possibly execute arbitrary code via a chunk
+ length that is inconsistent with the actual length of provided parameters.
+Notes: 
+ dannf> Submitted to Marcello for 2.4
+Bugs: 
+upstream: released (2.6.16.17)
+linux-2.6: released (2.6.16-14)
+2.6.8-sarge-security: released (2.6.8-16sarge3)
+2.4.27-sarge-security: released (2.4.27-10sarge3)
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
diff --git a/retired/CVE-2006-1859 b/retired/CVE-2006-1859
new file mode 100644
index 00000000..d88822dd
--- /dev/null
+++ b/retired/CVE-2006-1859
@@ -0,0 +1,25 @@
+Candidate: CVE-2006-1859
+References: 
+ http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.16
+ http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.16.y.git;a=commit;h=1f0e637c94a9b0418
+ http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.16.y.git;a=blobdiff;h=aa7f66091823dde953e15895dc427615701c39c7;hp=e75ac392a313f3fad823bf2e46a03f29701e3e34;hb=1f0e637c94a9b041833947c79110d6c02fff8618;f=fs/locks.c
+ http://www.securityfocus.com/bid/17943
+ http://www.frsirt.com/english/advisories/2006/1767
+ http://secunia.com/advisories/20083
+Description:
+ lease_init in fs/locks.c in Linux kernel before 2.6.16.16 allows attackers to
+ cause a denial of service (fcntl_setlease lockup) via actions that cause 
+ lease_init to free a lock that might not have been allocated on the stack.
+Notes: 
+ jmm> The vulnerable NFS4 leases code was only introduced in 2.6.10
+Bugs: 
+upstream: released (2.6.16.6)
+linux-2.6: released (2.6.16-8)
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
diff --git a/retired/CVE-2006-1860 b/retired/CVE-2006-1860
new file mode 100644
index 00000000..8a18aa62
--- /dev/null
+++ b/retired/CVE-2006-1860
@@ -0,0 +1,25 @@
+Candidate: CVE-2006-1860
+References: 
+ http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.16
+ http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.16.y.git;a=commit;h=1f0e637c94a9b0418
+ http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.16.y.git;a=blobdiff;h=aa7f66091823dde953e15895dc427615701c39c7;hp=e75ac392a313f3fad823bf2e46a03f29701e3e34;hb=1f0e637c94a9b041833947c79110d6c02fff8618;f=fs/locks.c
+ http://www.securityfocus.com/bid/17943
+ http://www.frsirt.com/english/advisories/2006/1767
+ http://secunia.com/advisories/20083
+Description:
+ lease_init in fs/locks.c in Linux kernel before 2.6.16.16 allows attackers to
+ cause a denial of service (fcntl_setlease lockup) via actions that cause 
+ lease_init to free a lock that might not have been allocated on the stack.
+Notes: 
+ jmm> The vulnerable NFS4 leases code was only introduced in 2.6.10
+Bugs: 
+upstream: released (2.6.16.6)
+linux-2.6: released (2.6.16-8)
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
diff --git a/retired/CVE-2006-1863 b/retired/CVE-2006-1863
new file mode 100644
index 00000000..e44adcf0
--- /dev/null
+++ b/retired/CVE-2006-1863
@@ -0,0 +1,17 @@
+Candidate: CVE-2006-1863
+References: 
+ http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=296034f7de8bdf111984ce1630ac598a9c94a253
+Description: cifs chroot escape 
+Notes: 
+ jmm> 2.4 doesn't have CIFS
+Bugs: 
+upstream: released (2.6.16.11)
+linux-2.6: released (2.6.16-10)
+2.6.8-sarge-security: released (2.6.8-16sarge3)
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
diff --git a/retired/CVE-2006-1864 b/retired/CVE-2006-1864
new file mode 100644
index 00000000..70dccdfb
--- /dev/null
+++ b/retired/CVE-2006-1864
@@ -0,0 +1,21 @@
+Candidate: CVE-2006-1864
+References: 
+ CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189435
+ URL:http://www.trustix.org/errata/2006/0026
+ URL:http://www.securityfocus.com/bid/17735
+Description: 
+ Directory traversal vulnerability in smbfs in Linux 2.6.16 and earlier allows
+ local users to escape chroot restrictions for an SMB-mounted filesystem via
+ "..\\" sequences, a similar vulnerability to CVE-2006-1863.
+Notes: 
+Bugs: 
+upstream: pending (2.4.33-pre4), released (2.6.16.14)
+linux-2.6: released (2.6.16-10)
+2.6.8-sarge-security: released (2.6.8-16sarge3)
+2.4.27-sarge-security: released (2.4.27-10sarge3)
+2.4.19-woody-security: 
+2.4.18-woody-security: 
+2.4.17-woody-security: 
+2.4.16-woody-security: 
+2.4.17-woody-security-hppa: 
+2.4.17-woody-security-ia64: 
diff --git a/retired/CVE-2006-2271 b/retired/CVE-2006-2271
new file mode 100644
index 00000000..28d861c5
--- /dev/null
+++ b/retired/CVE-2006-2271
@@ -0,0 +1,27 @@
+Candidate: CVE-2006-2271
+References: 
+ FULLDISC:20060508 [MU-200605-01] Multiple vulnerabilities in Linux SCTP 2.6.16
+ URL:http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0227.html
+ MISC:http://labs.musecurity.com/advisories/MU-200605-01.txt
+ CONFIRM:http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=35d63edb1c807bc5317e49592260e84637bc432e
+ FRSIRT:ADV-2006-1734
+ URL:http://www.frsirt.com/english/advisories/2006/1734
+ SECUNIA:19990
+ URL:http://secunia.com/advisories/19990 
+Description:
+ The ECNE chunk handling in Linux SCTP (lksctp) before 2.6.17 allows remote
+ attackers to cause a denial of service (kernel panic) via an unexpected chunk
+ when the session is in CLOSED state.
+Notes: 
+ dannf> Forwarded to Marcelo for 2.4 inclusion
+Bugs: 
+upstream: released (2.6.16.15)
+linux-2.6: released (2.6.16-13)
+2.6.8-sarge-security: released (2.6.8-16sarge3)
+2.4.27-sarge-security: released (2.4.27-10sarge3)
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
diff --git a/retired/CVE-2006-2272 b/retired/CVE-2006-2272
new file mode 100644
index 00000000..b579d769
--- /dev/null
+++ b/retired/CVE-2006-2272
@@ -0,0 +1,22 @@
+Candidate: CVE-2006-2272
+References: 
+ CONFIRM:http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=62b08083ec3dbfd7e533c8d230dd1d8191a6e813
+ URL:http://www.securityfocus.com/bid/17910
+ URL:http://xforce.iss.net/xforce/xfdb/26431 
+Description: 
+ Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial
+ of service (kernel panic) via incoming IP fragmented (1) COOKIE_ECHO and (2)
+ HEARTBEAT SCTP control chunks.
+Notes: 
+ dannf> Submitted to Marcelo for inclusion in 2.4
+Bugs: 
+upstream: released (2.6.16.15)
+linux-2.6: released (2.6.16-13)
+2.6.8-sarge-security: released (2.6.8-16sarge3)
+2.4.27-sarge-security: released (2.4.27-10sarge3)
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
diff --git a/retired/CVE-2006-2274 b/retired/CVE-2006-2274
new file mode 100644
index 00000000..a3dacf6c
--- /dev/null
+++ b/retired/CVE-2006-2274
@@ -0,0 +1,25 @@
+Candidate: CVE-2006-2274
+References: 
+ CONFIRM:http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=672e7cca17ed6036a1756ed34cf20dbd72d5e5f6
+ URL:http://www.securityfocus.com/bid/17955
+ URL:http://secunia.com/advisories/20237
+ URL:http://xforce.iss.net/xforce/xfdb/26432 
+Description: 
+ Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial
+ of service (infinite recursion and crash) via a packet that contains two or
+ more DATA fragments, which causes an skb pointer to refer back to itself when
+ the full message is reassembled, leading to infinite recursion in the
+ sctp_skb_pull function.
+Notes: 
+ dannf> Submitted to Marcelo for 2.4
+Bugs: 
+upstream: released (2.6.16.15)
+linux-2.6: released (2.6.16-13)
+2.6.8-sarge-security: released (2.6.8-16sarge3)
+2.4.27-sarge-security: released (2.4.27-10sarge3)
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
diff --git a/retired/CVE-2006-2451 b/retired/CVE-2006-2451
new file mode 100644
index 00000000..369c23e6
--- /dev/null
+++ b/retired/CVE-2006-2451
@@ -0,0 +1,15 @@
+Candidate: CVE-2006-2451
+References: 
+Description: 
+ The suid_dumpable support in Linux kernel 2.6.13 up to versions before
+ 2.6.17.4, and 2.6.16 before 2.6.16.24, allows a local user to cause a denial
+ of service (disk consumption) and possibly gain privileges via the
+ PR_SET_DUMPABLE argument of the prctl function and a program that causes a
+ core dump file to be created in a directory for which the user does not have
+ permissions.
+Notes: 
+Bugs: 
+upstream: released (2.6.16.14), released (2.6.17.4)
+linux-2.6: released (2.6.16-17)
+2.6.8-sarge-security: N/A 
+2.4.27-sarge-security: N/A
diff --git a/retired/CVE-2006-3626 b/retired/CVE-2006-3626
new file mode 100644
index 00000000..0307c5b2
--- /dev/null
+++ b/retired/CVE-2006-3626
@@ -0,0 +1,14 @@
+Candidate: CVE-2006-3626
+References:
+ FULLDISC:20060714, http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047907.html
+ http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=18b0bbd8ca6d3cb90425aa0d77b99a762c6d6de3
+Description: Linux kernel 0day - dynamite inside, don't burn your fingers
+ Race condition in Linux kernel 2.6.17.4 and earlier allows local users
+ to gain root privileges by using prctl with PR_SET_DUMPABLE in a way
+ that causes /proc/self/environ to become setuid root. 
+Notes: 
+Bugs: 
+upstream: released (2.6.16.25, 2.6.17.5)
+linux-2.6: released (2.6.16-17, 2.6.17-4)
+2.6.8-sarge-security: released (2.6.8-16sarge4)
+2.4.27-sarge-security: N/A