[Secure-testing-commits] r24019 - data/CVE

[Moritz Muehlenhoff]

Author: jmm
Date: 2013-10-16 06:44:08 +0000 (Wed, 16 Oct 2013)
New Revision: 24019

Modified:
   data/CVE/list
Log:
bugs filed for salt (sid only)
updated bug status for qemu issue (rather complex)


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-10-16 06:31:37 UTC (rev 24018)
+++ data/CVE/list	2013-10-16 06:44:08 UTC (rev 24019)
@@ -3559,14 +3559,19 @@
 	RESERVED
 CVE-2013-4439
 	RESERVED
+	- salt <unfixed> (bug #726480)
 CVE-2013-4438
 	RESERVED
+	- salt <unfixed> (bug #726480)
 CVE-2013-4437
 	RESERVED
+	- salt <unfixed> (bug #726480)
 CVE-2013-4436
 	RESERVED
+	- salt <unfixed> (bug #726480)
 CVE-2013-4435
 	RESERVED
+	- salt <unfixed> (bug #726480)
 CVE-2013-4434
 	RESERVED
 CVE-2013-4433 [xhprof: unspecified XSS]
@@ -3763,13 +3768,17 @@
 	- x2goserver <itp> (bug #465821)
 CVE-2013-4375 [qemu disk backend (qdisk) resource leak]
 	RESERVED
-	- xen <unfixed>
+	- xen 4.2
 	[squeeze] - xen <not-affected> (potentially affected by 4.1 versions and above)
 	- qemu <unfixed>
+	[wheezy] - qemu <not-affected> (Xen in Wheezy uses it's internal copy of qemu)
 	[squeeze] - qemu <not-affected> (vulnerable from version 1.1 onwards)
-	- qemu-kvm <removed>
-	[squeeze] - qemu-kvm <not-affected> (vulnerable from version 1.1 onwards)
-	TODO: check
+	- qemu-kvm <not-affected> (This only affects Qemu in combination with Xen)
+	- xen-qemu-dm-4.0 <not-affected> (Affected code not yet present)
+	NOTE: This is only exploitable in combination with Xen.
+	NOTE: Xen in Squeeze uses a separate source package: xen-qemu-dm-4.0
+	NOTE: Xen in Wheezy includes qemu
+	NOTE: Xen after Wheezy uses qemu-system-x86 from qemu, marking 4.2 as pseudo fixed
 CVE-2013-4374
 	RESERVED
 CVE-2013-4373