[Secure-testing-commits] r28188 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Sun Aug 10 19:46:21 UTC 2014 

Author: jmm
Date: 2014-08-10 19:46:20 +0000 (Sun, 10 Aug 2014)
New Revision: 28188

Modified:
   data/CVE/list
Log:
more xen fixes


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-08-10 18:36:19 UTC (rev 28187)
+++ data/CVE/list	2014-08-10 19:46:20 UTC (rev 28188)
@@ -8325,11 +8325,11 @@
 CVE-2014-1909 (Integer signedness error in system/core/adb/adb_client.c in Android ...)
 	- android-tools <unfixed>
 CVE-2014-1896 (The (1) do_send and (2) do_recv functions in io.c in libvchan in Xen ...)
-	- xen <unfixed>
+	- xen 4.4.0-1
 	[squeeze] - xen <not-affected> (Only affects 4.2 and later)
 	[wheezy] - xen <not-affected> (Only affects 4.2 and later)
 CVE-2014-1895 (Off-by-one error in the flask_security_avc_cachestats function in ...)
-	- xen <unfixed>
+	- xen 4.4.0-1
 	[squeeze] - xen <not-affected> (Only affects 4.2 and later)
 	[wheezy] - xen <not-affected> (Only affects 4.2 and later)
 CVE-2014-1894 (Multiple integer overflows in unspecified suboperations in the flask ...)
@@ -9099,7 +9099,7 @@
 CVE-2013-7306 (The OSPF implementation on Brocade routers does not consider the ...)
 	NOT-FOR-US: Brocade routers
 CVE-2014-1666 (The do_physdev_op function in Xen 4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, ...)
-	- xen <unfixed>
+	- xen 4.4.0-1
 	[wheezy] - xen <not-affected> (Vulnerable code not present)
 	[squeeze] - xen <not-affected> (Vulnerable code not present)
 CVE-2014-1664 (The Citrix GoToMeeting application 5.0.799.1238 for Android logs HTTP ...)
@@ -9727,7 +9727,7 @@
 CVE-2010-5293 (wp-includes/comment.php in WordPress before 3.0.2 does not properly ...)
 	- wordpress 3.0.2-1
 CVE-2014-1642 (The IRQ setup in Xen 4.2.x and 4.3.x, when using device passthrough ...)
-	- xen <unfixed>
+	- xen 4.4.0-1
 	[squeeze] - xen <not-affected> (Only affects 4.2 and later)
 	[wheezy] - xen <not-affected> (Only affects 4.2 and later)
 	NOTE: http://www.openwall.com/lists/oss-security/2014/01/23/2
@@ -15472,7 +15472,7 @@
 	- jansson 2.6-1 (bug #738647)
 	[wheezy] - jansson <no-dsa> (Minor issue)
 CVE-2013-6400 (Xen 4.2.x and 4.3.x, when using Intel VT-d and a PCI device has been ...)
-	- xen <unfixed>
+	- xen 4.4.0-1
 	[wheezy] - xen <not-affected> (4.2.x and later are vulnerable)
 	[squeeze] - xen <not-affected> (4.2.x and later are vulnerable)
 CVE-2013-6399
@@ -19942,12 +19942,12 @@
 CVE-2013-4554 (Xen 3.0.3 through 4.1.x (possibly 4.1.6.1), 4.2.x (possibly 4.2.3), ...)
 	- xen <not-affected> (Doesn't affect Linux)
 CVE-2013-4553 (The XEN_DOMCTL_getmemlist hypercall in Xen 3.4.x through 4.3.x ...)
-	- xen <unfixed>
+	- xen 4.4.0-1
 	[squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
 CVE-2013-4552 (lib/Auth/Source/External.php in the drupalauth module before 1.2.2 for ...)
 	NOT-FOR-US: drupalauth module for simpleSAMLphp
 CVE-2013-4551 (Xen 4.2.x and 4.3.x, when nested virtualization is disabled, does not ...)
-	- xen <unfixed>
+	- xen 4.4.0-1
 	[wheezy] - xen <not-affected> (Only affects 4.2.x and later)
 	[squeeze] - xen <not-affected> (Only affects 4.2.x and later)
 CVE-2013-4550 (Bip before 0.8.9, when running as a daemon, writes SSL handshake ...)
@@ -20237,7 +20237,7 @@
 	{DSA-2796-1}
 	- torque 2.4.16+dfsg-1.3 (bug #729333)
 CVE-2013-4494 (Xen before 4.1.x, 4.2.x, and 4.3.x does not take the page_alloc_lock ...)
-	- xen <unfixed>
+	- xen 4.4.0-1
 	[squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
 CVE-2013-4493
 	RESERVED

More information about the Secure-testing-commits mailing list