[Secure-testing-commits] r37679 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Fri Nov 13 07:54:12 UTC 2015


Author: carnil
Date: 2015-11-13 07:54:12 +0000 (Fri, 13 Nov 2015)
New Revision: 37679

Modified:
   data/CVE/list
Log:
Add fixed version for four more xen CVEs

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-11-13 06:38:02 UTC (rev 37678)
+++ data/CVE/list	2015-11-13 07:54:12 UTC (rev 37679)
@@ -10422,12 +10422,12 @@
 	NOTE: https://github.com/imotov/elasticsearch/commit/f5cfb2a1869d1a52930cbd3138278a6e2c1b22e6
 CVE-2015-4164 (The compat_iret function in Xen 3.1 through 4.5 iterates the wrong way ...)
 	{DSA-3286-1}
-	- xen <unfixed> (bug #795721)
+	- xen 4.6.0-1 (bug #795721)
 	[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
 	NOTE: http://xenbits.xen.org/xsa/advisory-136.html
 CVE-2015-4163 (GNTTABOP_swap_grant_ref in Xen 4.2 through 4.5 does not check the ...)
 	{DSA-3286-1}
-	- xen <unfixed> (bug #795721)
+	- xen 4.6.0-1 (bug #795721)
 	[wheezy] - xen <not-affected> (Xen 4.2 onwards are vulnerable)
 	[squeeze] - xen <not-affected> (Xen 4.2 onwards are vulnerable)
 	NOTE: http://xenbits.xen.org/xsa/advisory-134.html
@@ -12824,7 +12824,7 @@
 	- libv8-3.14 <unfixed> (unimportant)
 	NOTE: libv8 not covered by security support
 CVE-2015-3340 (Xen 4.2.x through 4.5.x does not initialize certain fields, which ...)
-	- xen <unfixed> (unimportant; bug #784011)
+	- xen 4.6.0-1 (unimportant; bug #784011)
 	[jessie] - xen <no-dsa> (Can be fixed along with a future DSA)
 	[wheezy] - xen 4.1.4-3+deb7u8
 	[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
@@ -13099,7 +13099,7 @@
 CVE-2015-3260
 	RESERVED
 CVE-2015-3259 (Stack-based buffer overflow in the xl command line utility in Xen ...)
-	- xen <unfixed> (low; bug #795721)
+	- xen 4.6.0-1 (low; bug #795721)
 	[jessie] - xen <no-dsa> (Can be fixed along with a future DSA)
 	[wheezy] - xen <no-dsa> (Can be fixed along with a future DSA)
 	[squeeze] - xen <not-affected> (xl not shipped in Squeeze)




More information about the Secure-testing-commits mailing list