[Secure-testing-commits] r45966 - data/CVE

Guido Guenther agx at moszumanska.debian.org
Fri Nov 4 08:19:45 UTC 2016 

Author: agx
Date: 2016-11-04 08:19:45 +0000 (Fri, 04 Nov 2016)
New Revision: 45966

Modified:
   data/CVE/list
Log:
lts: check recent qemu CVEs against xen

up tp (and including CVE-2016-8669).

This marks all 9pfs related CVEs as not affecting xen since the embedded
qemu does not ship that code.

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-11-04 07:39:35 UTC (rev 45965)
+++ data/CVE/list	2016-11-04 08:19:45 UTC (rev 45966)
@@ -176,6 +176,7 @@
 	- qemu <unfixed> (bug #842463)
 	- qemu-kvm <removed>
 	- xen 4.4.0-1
+	[wheezy] - xen <not-affected> (Vulnerable code not present)
 	NOTE: Xen switched to qemu-system in 4.4.0-1
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02623.html
 	NOTE: http://www.openwall.com/lists/oss-security/2016/10/28/4
@@ -186,6 +187,7 @@
 	- qemu <unfixed> (bug #842463)
 	- qemu-kvm <removed>
 	- xen 4.4.0-1
+	[wheezy] - xen <not-affected> (Vulnerable code not present)
 	NOTE: Xen switched to qemu-system in 4.4.0-1
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02608.html
 	NOTE: http://www.openwall.com/lists/oss-security/2016/10/28/3
@@ -196,6 +198,7 @@
 	- qemu <unfixed> (bug #842463)
 	- qemu-kvm <removed>
 	- xen 4.4.0-1
+	[wheezy] - xen <not-affected> (Vulnerable code not present)
 	NOTE: Xen switched to qemu-system in 4.4.0-1
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02942.html
 	NOTE: http://www.openwall.com/lists/oss-security/2016/10/28/2
@@ -205,6 +208,7 @@
 	- qemu <unfixed> (bug #842463)
 	- qemu-kvm <removed>
 	- xen 4.4.0-1
+	[wheezy] - xen <not-affected> (Vulnerable code not present)
 	NOTE: Xen switched to qemu-system in 4.4.0-1
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg01790.html
 	NOTE: http://www.openwall.com/lists/oss-security/2016/10/28/1
@@ -215,6 +219,7 @@
 	- qemu <unfixed> (bug #842463)
 	- qemu-kvm <removed>
 	- xen 4.4.0-1
+	[wheezy] - xen <not-affected> (Vulnerable code not present)
 	NOTE: Xen switched to qemu-system in 4.4.0-1
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg01861.html
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1389550
@@ -1042,6 +1047,8 @@
 	{DLA-698-1 DLA-689-1}
 	- qemu <unfixed> (bug #841955)
 	- qemu-kvm <removed>
+	- xen 4.4.0-1
+	NOTE: Xen switched to qemu-system in 4.4.0-1
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg05495.html
 	NOTE: http://www.openwall.com/lists/oss-security/2016/10/24/2
 CVE-2016-8909 [audio: intel-hda: infinite loop in processing dma  buffer stream]
@@ -1049,6 +1056,9 @@
 	{DLA-698-1 DLA-689-1}
 	- qemu <unfixed> (bug #841950)
 	- qemu-kvm <removed>
+	- xen 4.4.0-1
+	[wheezy] - xen <not-affected> (Vulnerable code not present)
+	NOTE: Xen switched to qemu-system in 4.4.0-1
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg04717.html
 	NOTE: http://www.openwall.com/lists/oss-security/2016/10/24/1
 CVE-2016-XXXX [Privilege escalation possible to other user than root]
@@ -1326,6 +1336,8 @@
 	{DLA-679-1 DLA-678-1}
 	- qemu <unfixed> (bug #840945)
 	- qemu-kvm <removed>
+	- xen 4.4.0-1
+	NOTE: Xen switched to qemu-system in 4.4.0-1
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02461.html
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1384909
 	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=3592fe0c919cf27a81d8e9f9b4f269553418bb01

More information about the Secure-testing-commits mailing list