[Secure-testing-commits] r40837 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Apr 9 17:49:43 UTC 2016
Author: carnil
Date: 2016-04-09 17:49:43 +0000 (Sat, 09 Apr 2016)
New Revision: 40837
Modified:
data/CVE/list
Log:
Add verbatim notes for CVE-2016-315{8,9}
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-04-09 17:43:43 UTC (rev 40836)
+++ data/CVE/list 2016-04-09 17:49:43 UTC (rev 40837)
@@ -1820,11 +1820,19 @@
- xen <unfixed>
[jessie] - xen <no-dsa> (Minor issue, can be fixed along in a future DSA)
NOTE: http://xenbits.xen.org/xsa/advisory-172.html
+ NOTE: CVE-2016-3159 is for the code change which is applicable for later
+ NOTE: versions only, but which must always be combined with the code change
+ NOTE: for CVE-2016-3158. Ie for the first hunk in xsa172.patch, which
+ NOTE: patches the function fpu_fxrstor.
CVE-2016-3158
RESERVED
- xen <unfixed>
[jessie] - xen <no-dsa> (Minor issue, can be fixed along in a future DSA)
NOTE: http://xenbits.xen.org/xsa/advisory-172.html
+ NOTE: CVE-2016-3158 is for the code change which is required for all
+ NOTE: versions (but which is sufficient only on Xen 4.3.x, and insufficient
+ NOTE: on later versions). Ie for the second hunk in xsa172.patch (the only
+ NOTE: hunk in xsa172-4.3.patch), which patches the function xrstor.
CVE-2016-3157 [I/O port access privilege escalation in x86-64 Linux]
RESERVED
- linux <unfixed>
More information about the Secure-testing-commits
mailing list