From f3581ec9b2d48c6103c22fecb46f713217d834e8 Mon Sep 17 00:00:00 2001 From: dann frazier Date: Thu, 17 Aug 2006 00:24:25 +0000 Subject: move retired to the top level hierarchy so people can easily checkout just the active issues git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@548 e094ebfe-e918-0410-adfb-c712417f3574 --- retired/CVE-2005-2459 | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 retired/CVE-2005-2459 (limited to 'retired/CVE-2005-2459') diff --git a/retired/CVE-2005-2459 b/retired/CVE-2005-2459 new file mode 100644 index 00000000..2bdc6f42 --- /dev/null +++ b/retired/CVE-2005-2459 @@ -0,0 +1,31 @@ +Candidate: CVE-2005-2459 +References: + URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2459 + MISC:http://bugs.gentoo.org/show_bug.cgi?id=94584 + CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.5 + UBUNTU:USN-169-1 + URL:http://www.ubuntulinux.org/support/documentation/usn/usn-169-1 + SECUNIA:16355 + URL:http://secunia.com/advisories/16355/ +Description: + The huft_build function in inflate.c in the zlib routines in the Linux + kernel before 2.6.12.5 returns the wrong value, which allows remote + attackers to cause a denial of service (kernel crash) via a certain + compressed file that leads to a null pointer dereference, a different + vulnerability than CVE-2005-2458. +Notes: + This is a bogus fix that was applied in 2.6.12.5 and reverted in 2.6.12.6 + http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.6 + We included the broken fix in the sarge1 releases, so this backs it out. +upstream: released (2.6.12.5) +linux-2.6: released (2.6.12.3) +2.6.8-sarge-security: released (2.6.8-16sarge1) [linux-zlib-fixes.dpatch] +2.4.27-sid/sarge: released (2.4.27-11) [182_linux-zlib-fixes.diff] +2.4.27-sarge-security: released (2.4.27-10sarge1) [182_linux-zlib-fixes.diff] +2.4.19-woody-security: +2.4.18-woody-security: +2.4.17-woody-security: +2.4.16-woody-security: +2.4.17-woody-security-hppa: +2.4.17-woody-security-ia64: +2.4.18-woody-security-hppa: -- cgit v1.2.3