From f011f50cc5b65699b9e55c7e54ab9d7050adf932 Mon Sep 17 00:00:00 2001
From: dann frazier <dannf@debian.org>
Date: Thu, 17 Aug 2006 04:01:21 +0000
Subject: retire a few issues

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@555 e094ebfe-e918-0410-adfb-c712417f3574
---
 retired/CVE-2005-0179 | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 retired/CVE-2005-0179

(limited to 'retired/CVE-2005-0179')

diff --git a/retired/CVE-2005-0179 b/retired/CVE-2005-0179
new file mode 100644
index 00000000..323bf2c7
--- /dev/null
+++ b/retired/CVE-2005-0179
@@ -0,0 +1,20 @@
+Candidate: CVE-2005-0179
+References: 
+ http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030660.html
+ http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930
+ http://www.redhat.com/support/errata/RHSA-2005-092.html
+Description: 
+ Linux kernel 2.4.x and 2.6.x allows local users to cause a denial
+ of service (CPU and memory  consumption) and bypass RLIM_MEMLOCK
+ limits via the mlockall call.
+Notes: 
+ jmm> The vulnerable code was only introduced in 2.6.9
+ dannf> I believe this is fixed in:
+  http://linux.bkbits.net:8080/linux-2.6/cset@41e2d63eQyYc3q3MPkKLhEktFoqfUw?nav=index.html|src/|src/mm|related/mm/mmap.c
+ dannf> and since that was in 2.6.11, i'll mark upstream as such
+Bugs: 
+upstream: released (2.6.11)
+linux-2.6.16: N/A
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
-- 
cgit v1.2.3