[Secure-testing-commits] r23955 - data/CVE
Moritz Muehlenhoff
jmm at alioth.debian.org
Fri Oct 11 06:26:00 UTC 2013
Author: jmm
Date: 2013-10-11 06:26:00 +0000 (Fri, 11 Oct 2013)
New Revision: 23955
Modified:
data/CVE/list
Log:
qemu fixed/unimportant
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-10-11 05:59:49 UTC (rev 23954)
+++ data/CVE/list 2013-10-11 06:26:00 UTC (rev 23955)
@@ -3747,19 +3747,16 @@
- xen <unfixed>
[wheezy] - xen <not-affected> (Vulnerable code only present from 4.2 onwards)
[squeeze] - xen <not-affected> (Vulnerable code only present from 4.2 onwards)
- TODO: verify
CVE-2013-4370 [misplaced free in ocaml xc_vcpu_getaffinity stub]
RESERVED
- xen <unfixed>
[wheezy] - xen <not-affected> (Vulnerable code only present from 4.2 onwards)
[squeeze] - xen <not-affected> (Vulnerable code only present from 4.2 onwards)
- TODO: verify
CVE-2013-4369 [possible null dereference when parsing vif ratelimiting info]
RESERVED
- xen <unfixed>
[wheezy] - xen <not-affected> (Vulnerable code only present from 4.2 onwards)
[squeeze] - xen <not-affected> (Vulnerable code only present from 4.2 onwards)
- TODO: verify
CVE-2013-4368 [Information leak through outs instruction emulation]
RESERVED
- xen <unfixed>
@@ -3850,9 +3847,10 @@
- linux <unfixed>
CVE-2013-4344 (Buffer overflow in the SCSI implementation in QEMU, as used in Xen, ...)
- xen 4.2-1
- - qemu <unfixed> (bug #725944)
- - qemu-kvm <removed>
+ - qemu 1.6.0+dfsg-2 (unimportant; bug #725944)
+ - qemu-kvm <removed> (unimportant)
- xen-qemu-dm-4.0 <removed>
+ NOTE: Qemu only exploitable by privilegesd administrator with malicious configuration
NOTE: Xen in Squeeze uses a separate source package: xen-qemu-dm-4.0
NOTE: Xen in Wheezy includes qemu
NOTE: Xen after Wheezy uses qemu-system-x86 from qemu, marking 4.2 as pseudo fixed
More information about the Secure-testing-commits
mailing list