[Secure-testing-commits] r22047 - data/CVE

Salvatore Bonaccorso carnil at alioth.debian.org
Sat Apr 27 04:50:49 UTC 2013 

Author: carnil
Date: 2013-04-27 04:50:48 +0000 (Sat, 27 Apr 2013)
New Revision: 22047

Modified:
   data/CVE/list
Log:
mark tmem related xen issues as unimportant

NOTE: as considered as technology preview it should not be used in production systems, thus
marking as unimportant

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-04-26 21:15:03 UTC (rev 22046)
+++ data/CVE/list	2013-04-27 04:50:48 UTC (rev 22047)
@@ -8840,33 +8840,47 @@
 	{DSA-2591-1}
 	- mahara 1.5.1-3
 CVE-2012-6036 (The (1) memc_save_get_next_page, (2) tmemc_restore_put_page and (3) ...)
-	- xen <unfixed> (bug #686764)
+	- xen <unfixed> (unimportant; bug #686764)
 	[squeeze] - xen <no-dsa> (Experimental/unsupported feature)
 	[wheezy] - xen <no-dsa> (Experimental/unsupported feature)
+	NOTE: CVE-2012-3497 has been SPLIT into this ID and others
+	NOTE: TMEM not supported for production systems (technology preview)
 CVE-2012-6035 (The do_tmem_destroy_pool function in the Transcendent Memory (TMEM) in ...)
-	- xen <unfixed> (bug #686764)
+	- xen <unfixed> (unimportant; bug #686764)
 	[squeeze] - xen <no-dsa> (Experimental/unsupported feature)
 	[wheezy] - xen <no-dsa> (Experimental/unsupported feature)
+	NOTE: CVE-2012-3497 has been SPLIT into this ID and others
+	NOTE: TMEM not supported for production systems (technology preview)
 CVE-2012-6034 (The (1) tmemc_save_get_next_page and (2) tmemc_save_get_next_inv ...)
-	- xen <unfixed> (bug #686764)
+	- xen <unfixed> (unimportant; bug #686764)
 	[squeeze] - xen <no-dsa> (Experimental/unsupported feature)
 	[wheezy] - xen <no-dsa> (Experimental/unsupported feature)
+	NOTE: CVE-2012-3497 has been SPLIT into this ID and others
+	NOTE: TMEM not supported for production systems (technology preview)
 CVE-2012-6033 (The do_tmem_control function in the Transcendent Memory (TMEM) in Xen ...)
-	- xen <unfixed> (bug #686764)
+	- xen <unfixed> (unimportant; bug #686764)
 	[squeeze] - xen <no-dsa> (Experimental/unsupported feature)
 	[wheezy] - xen <no-dsa> (Experimental/unsupported feature)
+	NOTE: CVE-2012-3497 has been SPLIT into this ID and others
+	NOTE: TMEM not supported for production systems (technology preview)
 CVE-2012-6032 (Multiple integer overflows in the (1) tmh_copy_from_client and (2) ...)
-	- xen <unfixed> (bug #686764)
+	- xen <unfixed> (unimportant; bug #686764)
 	[squeeze] - xen <no-dsa> (Experimental/unsupported feature)
 	[wheezy] - xen <no-dsa> (Experimental/unsupported feature)
+	NOTE: CVE-2012-3497 has been SPLIT into this ID and others
+	NOTE: TMEM not supported for production systems (technology preview)
 CVE-2012-6031 (The do_tmem_get function in the Transcendent Memory (TMEM) in Xen 4.0, ...)
-	- xen <unfixed> (bug #686764)
+	- xen <unfixed> (unimportant; bug #686764)
 	[squeeze] - xen <no-dsa> (Experimental/unsupported feature)
 	[wheezy] - xen <no-dsa> (Experimental/unsupported feature)
+	NOTE: CVE-2012-3497 has been SPLIT into this ID and others
+	NOTE: TMEM not supported for production systems (technology preview)
 CVE-2012-6030 (The do_tmem_op function in the Transcendent Memory (TMEM) in Xen 4.0, ...)
-	- xen <unfixed> (bug #686764)
+	- xen <unfixed> (unimportant; bug #686764)
 	[squeeze] - xen <no-dsa> (Experimental/unsupported feature)
 	[wheezy] - xen <no-dsa> (Experimental/unsupported feature)
+	NOTE: CVE-2012-3497 has been SPLIT into this ID and others
+	NOTE: TMEM not supported for production systems (technology preview)
 CVE-2012-6029 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
 	NOT-FOR-US: Cisco NAC Appliance
 CVE-2012-6028
@@ -15589,9 +15603,10 @@
 	- xen 4.1.3-2 (bug #686764)
 	[squeeze] - xen <not-affected> (Vulnerable code not present)
 CVE-2012-3497 ((1) TMEMC_SAVE_GET_CLIENT_WEIGHT, (2) TMEMC_SAVE_GET_CLIENT_CAP, (3) ...)
-	- xen 4.1.4-1 (bug #686764)
+	- xen <unfixed> (unimportant; bug #686764)
 	[squeeze] - xen <no-dsa> (Experimental/unsupported feature)
 	[wheezy] - xen <no-dsa> (Experimental/unsupported feature)
+	NOTE: TMEM not supported for production systems (technology preview)
 CVE-2012-3496 (XENMEM_populate_physmap in Xen 4.0, 4.1, and 4.2, and Citrix XenServer ...)
 	{DSA-2544-1}
 	- xen 4.1.3-2 (bug #686764)

More information about the Secure-testing-commits mailing list