[Secure-testing-commits] r41807 - data/CVE
Antoine Beaupré
anarcat at moszumanska.debian.org
Tue May 17 16:13:46 UTC 2016
Author: anarcat
Date: 2016-05-17 16:13:46 +0000 (Tue, 17 May 2016)
New Revision: 41807
Modified:
data/CVE/list
Log:
xen was affected by two more CVEs, but mark no-dsa because it's
non-default config
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-05-17 15:46:23 UTC (rev 41806)
+++ data/CVE/list 2016-05-17 16:13:46 UTC (rev 41807)
@@ -2976,7 +2976,11 @@
[wheezy] - qemu <end-of-life> (Not supported in Wheezy LTS)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <end-of-life> (Not supported in Wheezy LTS)
+ - xen <unfixed>
+ [jessie] - xen <no-dsa> (default configuration not vulnerable)
+ [wheezy] - xen <no-dsa> (default configuration not vulnerable)
NOTE: http://xenbits.xen.org/xsa/advisory-179.html
+ NOTE: mitigation: run HVM in stubdomains, PV, default video card not vulnerable, i386-only
CVE-2016-3711 [Setting cookie containing internal IP address of a pod]
RESERVED
NOT-FOR-US: OpenShift
@@ -2986,7 +2990,11 @@
[wheezy] - qemu <end-of-life> (Not supported in Wheezy LTS)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <end-of-life> (Not supported in Wheezy LTS)
+ - xen <unfixed>
+ [jessie] - xen <no-dsa> (default configuration not vulnerable)
+ [wheezy] - xen <no-dsa> (default configuration not vulnerable)
NOTE: http://xenbits.xen.org/xsa/advisory-179.html
+ NOTE: mitigation: run HVM in stubdomains, PV, default video card not vulnerable, i386-only
CVE-2016-3709
RESERVED
CVE-2016-3708
More information about the Secure-testing-commits
mailing list