[Secure-testing-commits] r37957 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Fri Nov 27 23:14:13 UTC 2015
Author: jmm
Date: 2015-11-27 23:14:12 +0000 (Fri, 27 Nov 2015)
New Revision: 37957
Modified:
data/CVE/list
Log:
xen update, remove some no-dsa issues which are included in upcoming jessie update
mark some issues as no-dsa for wheezy
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-11-27 21:17:49 UTC (rev 37956)
+++ data/CVE/list 2015-11-27 23:14:12 UTC (rev 37957)
@@ -1092,6 +1092,7 @@
NOTE: http://xenbits.xen.org/xsa/advisory-152.html
CVE-2015-7970 (The p2m_pod_emergency_sweep function in arch/x86/mm/p2m-pod.c in Xen ...)
- xen 4.6.0-1
+ [wheezy] - xen <no-dsa> (Minor issue, too intrusive to backport)
[squeeze] - xen <end-of-life> (not supported in squeeze-lts)
NOTE: http://xenbits.xen.org/xsa/advisory-150.html
CVE-2015-7969 (Multiple memory leaks in Xen 4.0 through 4.6.x allow local guest ...)
@@ -2898,8 +2899,7 @@
NOTE: at the end you see "libtiff.so.5->realloc(0, 1636178024)"
CVE-2015-7311 (libxl in Xen 4.1.x through 4.6.x does not properly handle the readonly ...)
- xen <unfixed>
- [jessie] - xen <no-dsa> (Minor issue, can be fixed along in a later DSA)
- [wheezy] - xen <no-dsa> (Minor issue, can be fixed along in a later DSA)
+ [wheezy] - xen <no-dsa> (Minor issue, xl not used in wheezy)
[squeeze] - xen <not-affected> (Only affects 4.1 and later)
NOTE: http://xenbits.xen.org/xsa/advisory-142.html
CVE-2015-7296 (Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 ...)
@@ -4518,7 +4518,6 @@
NOT-FOR-US: Pligg CMS
CVE-2015-6654 (The xenmem_add_to_physmap_one function in arch/arm/mm.c in Xen 4.5.x, ...)
- xen <unfixed> (bug #800128)
- [jessie] - xen <no-dsa> (Minor issue, can be fixed along in a later DSA)
[wheezy] - xen <not-affected> (Xen on arm not yet supported)
[squeeze] - xen <not-affected> (Xen on arm not yet supported)
NOTE: http://xenbits.xen.org/xsa/advisory-141.html
@@ -13547,7 +13546,6 @@
NOTE: libv8 not covered by security support
CVE-2015-3340 (Xen 4.2.x through 4.5.x does not initialize certain fields, which ...)
- xen 4.6.0-1 (unimportant; bug #784011)
- [jessie] - xen <no-dsa> (Can be fixed along with a future DSA)
[wheezy] - xen 4.1.4-3+deb7u8
[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
NOTE: http://xenbits.xen.org/xsa/advisory-132.html
@@ -13823,8 +13821,7 @@
RESERVED
CVE-2015-3259 (Stack-based buffer overflow in the xl command line utility in Xen ...)
- xen 4.6.0-1 (low; bug #795721)
- [jessie] - xen <no-dsa> (Can be fixed along with a future DSA)
- [wheezy] - xen <no-dsa> (Can be fixed along with a future DSA)
+ [wheezy] - xen <no-dsa> (Minor issue, xl not used in wheezy)
[squeeze] - xen <not-affected> (xl not shipped in Squeeze)
NOTE: http://xenbits.xen.org/xsa/advisory-137.html
CVE-2015-3258 (Heap-based buffer overflow in the WriteProlog function in ...)
@@ -17413,7 +17410,7 @@
NOTE: http://www.ca.tcpdump.org/cve/0002-test-case-files-for-CVE-2015-2153-2154-2155.patch
CVE-2015-2152 (Xen 4.5.x and earlier enables certain default backends when emulating ...)
- xen 4.4.1-9 (low; bug #780975)
- [wheezy] - xen <no-dsa> (Can be fixed along with a future DSA)
+ [wheezy] - xen <no-dsa> (Minor issue, xl not used in wheezy)
[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
NOTE: http://xenbits.xen.org/xsa/advisory-119.html
CVE-2015-2151 (The x86 emulator in Xen 3.2.x through 4.5.x does not properly ignore ...)
More information about the Secure-testing-commits
mailing list