[Secure-testing-commits] r39977 - in data: . CVE

Sat Feb 27 08:25:24 UTC 2016

Author: jmm
Date: 2016-02-27 08:25:23 +0000 (Sat, 27 Feb 2016)
New Revision: 39977

Modified:
   data/CVE/list
   data/dsa-needed.txt
Log:
remove some TODOs for xen, one issue n/a for wheezy, another one no-dsa


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2016-02-27 08:03:20 UTC (rev 39976)
+++ data/CVE/list	2016-02-27 08:25:23 UTC (rev 39977)
@@ -3051,12 +3051,10 @@
 	- xen <unfixed>
 	[squeeze] - xen <end-of-life> (Unsupported in Squeeze LTS)
 	NOTE: http://xenbits.xen.org/xsa/advisory-168.html
-	TODO: check
 CVE-2016-1570 (The PV superpage functionality in arch/x86/mm.c in Xen 3.4.0, 3.4.1, ...)
 	- xen <unfixed>
 	[squeeze] - xen <end-of-life> (Unsupported in Squeeze LTS)
 	NOTE: http://xenbits.xen.org/xsa/advisory-167.html
-	TODO: check
 CVE-2016-1567 (chrony before 1.31.2 and 2.x before 2.2.1 do not verify peer ...)
 	{DLA-414-1}
 	- chrony <unfixed> (low; bug #812923)
@@ -8171,24 +8169,22 @@
 	REJECTED
 CVE-2015-8341 (The libxl toolstack library in Xen 4.1.x through 4.6.x does not ...)
 	- xen <unfixed>
+	[wheezy] - xen <no-dsa> (Minor issue, xl not used in wheezy)
 	[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
 	NOTE: http://xenbits.xen.org/xsa/advisory-160.html
-	TODO: check
 CVE-2015-8340 (The memory_exchange function in common/memory.c in Xen 3.2.x through ...)
 	- xen <unfixed>
 	[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
 	NOTE: http://xenbits.xen.org/xsa/advisory-159.html
-	TODO: chek
 CVE-2015-8339 (The memory_exchange function in common/memory.c in Xen 3.2.x through ...)
 	- xen <unfixed>
 	[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
 	NOTE: http://xenbits.xen.org/xsa/advisory-159.html
-	TODO: chek
 CVE-2015-8338 (Xen 4.6.x and earlier does not properly enforce limits on page order ...)
 	- xen <unfixed>
-	[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
+	[wheezy] - xen <not-affected> (Only affects Xen on arm)
+	[squeeze] - xen <not-affected> (Only affects Xen on arm)
 	NOTE: http://xenbits.xen.org/xsa/advisory-158.html
-	TODO: chek
 CVE-2014-9757 (The Ignite Realtime Smack XMPP API, as used in Atlassian Bamboo before ...)
 	TODO: check
 CVE-2015-8374 (fs/btrfs/inode.c in the Linux kernel before 4.3.3 mishandles ...)

Modified: data/dsa-needed.txt
===================================================================
--- data/dsa-needed.txt	2016-02-27 08:03:20 UTC (rev 39976)
+++ data/dsa-needed.txt	2016-02-27 08:25:23 UTC (rev 39977)
@@ -51,7 +51,7 @@
 linux
   Wait until more severe issues have accumulated
 --
-mediawiki
+mediawiki/oldstable
 --
 nss
 --


