From f3581ec9b2d48c6103c22fecb46f713217d834e8 Mon Sep 17 00:00:00 2001 From: dann frazier Date: Thu, 17 Aug 2006 00:24:25 +0000 Subject: move retired to the top level hierarchy so people can easily checkout just the active issues git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@548 e094ebfe-e918-0410-adfb-c712417f3574 --- retired/CVE-2005-0528 | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 retired/CVE-2005-0528 (limited to 'retired/CVE-2005-0528') diff --git a/retired/CVE-2005-0528 b/retired/CVE-2005-0528 new file mode 100644 index 00000000..d896c0f6 --- /dev/null +++ b/retired/CVE-2005-0528 @@ -0,0 +1,28 @@ +Candidate: CVE-2005-0528 +References: +Description: +Notes: + From Joey's 2.4.18-14.4 changelog: + * Applied patch by Andrea Arcangeli from 2.4.24 to fix privilege + escalation in the mremap() syscall [mm/mremap.c, CAN-2004-nnnn] + jmm> Isn't this CVE-2004-0077? + dannf> Looks like this is a different issue. Joey's patch is here: + http://klecker.debian.org/~joey/security/kernel/patches/patch.CAN-2005-0528.mremap + dannf> But it doesn't look like mitre has released the details yet: + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0528 + jmm> The patch is merged as of 2.4.27, but I'm not sure at which exact version + dannf> It looks like this would apply to 2.6, but isn't necessary because + dannf> its already fixed in a different way. 2.6 checks for a 0 new_len + dannf> earlier and errors out + jmm> This turned out to be a dupe of CVE-2003-0985 +Bugs: +upstream: N/A +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: released (2.4.19-4.woody3) +2.4.18-woody-security: released (2.4.18-14.4) +2.4.17-woody-security: released (2.4.17-1woody4) +2.4.16-woody-security: released (2.4.16-1woody3) +2.4.17-woody-security-hppa: released (32.5) +2.4.17-woody-security-ia64: released (011226.18) -- cgit v1.2.3