[Secure-testing-commits] r24019 - data/CVE
Moritz Muehlenhoff
jmm at alioth.debian.org
Wed Oct 16 06:44:08 UTC 2013
Author: jmm
Date: 2013-10-16 06:44:08 +0000 (Wed, 16 Oct 2013)
New Revision: 24019
Modified:
data/CVE/list
Log:
bugs filed for salt (sid only)
updated bug status for qemu issue (rather complex)
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-10-16 06:31:37 UTC (rev 24018)
+++ data/CVE/list 2013-10-16 06:44:08 UTC (rev 24019)
@@ -3559,14 +3559,19 @@
RESERVED
CVE-2013-4439
RESERVED
+ - salt <unfixed> (bug #726480)
CVE-2013-4438
RESERVED
+ - salt <unfixed> (bug #726480)
CVE-2013-4437
RESERVED
+ - salt <unfixed> (bug #726480)
CVE-2013-4436
RESERVED
+ - salt <unfixed> (bug #726480)
CVE-2013-4435
RESERVED
+ - salt <unfixed> (bug #726480)
CVE-2013-4434
RESERVED
CVE-2013-4433 [xhprof: unspecified XSS]
@@ -3763,13 +3768,17 @@
- x2goserver <itp> (bug #465821)
CVE-2013-4375 [qemu disk backend (qdisk) resource leak]
RESERVED
- - xen <unfixed>
+ - xen 4.2
[squeeze] - xen <not-affected> (potentially affected by 4.1 versions and above)
- qemu <unfixed>
+ [wheezy] - qemu <not-affected> (Xen in Wheezy uses it's internal copy of qemu)
[squeeze] - qemu <not-affected> (vulnerable from version 1.1 onwards)
- - qemu-kvm <removed>
- [squeeze] - qemu-kvm <not-affected> (vulnerable from version 1.1 onwards)
- TODO: check
+ - qemu-kvm <not-affected> (This only affects Qemu in combination with Xen)
+ - xen-qemu-dm-4.0 <not-affected> (Affected code not yet present)
+ NOTE: This is only exploitable in combination with Xen.
+ NOTE: Xen in Squeeze uses a separate source package: xen-qemu-dm-4.0
+ NOTE: Xen in Wheezy includes qemu
+ NOTE: Xen after Wheezy uses qemu-system-x86 from qemu, marking 4.2 as pseudo fixed
CVE-2013-4374
RESERVED
CVE-2013-4373
More information about the Secure-testing-commits
mailing list