[Secure-testing-commits] r23937 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Thu Oct 10 08:13:55 UTC 2013


Author: jmm
Date: 2013-10-10 08:13:54 +0000 (Thu, 10 Oct 2013)
New Revision: 23937

Modified:
   data/CVE/list
Log:
update qemu/xen issue and explain situation


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-10-10 07:47:14 UTC (rev 23936)
+++ data/CVE/list	2013-10-10 08:13:54 UTC (rev 23937)
@@ -3694,10 +3694,13 @@
 	- linux <unfixed>
 CVE-2013-4344 [buffer overflow in scsi_target_emulate_report_luns]
 	RESERVED
-	- xen <unfixed>
+	- xen 4.2-1
 	- qemu <unfixed> (bug #725944)
 	- qemu-kvm <removed>
-	TODO: check, details needed
+	- xen-qemu-dm-4.0 <removed>
+	NOTE: Xen in Squeeze uses a separate source package: xen-qemu-dm-4.0
+	NOTE: Xen in Wheezy includes qemu
+	NOTE: Xen after Wheezy uses qemu-system-x86 from qemu, marking 4.2 as pseudo fixed
 CVE-2013-4343 (Use-after-free vulnerability in drivers/net/tun.c in the Linux kernel ...)
 	- linux <unfixed>
 	[wheezy] - linux <not-affected> (Introduced in 3.8)




More information about the Secure-testing-commits mailing list