[Secure-testing-commits] r45977 - data/CVE

Fri Nov 4 21:07:32 UTC 2016

Author: hle
Date: 2016-11-04 21:07:30 +0000 (Fri, 04 Nov 2016)
New Revision: 45977

Modified:
   data/CVE/list
Log:
CVE triage for Xen in wheezy (Xen before 4.4.0-1 embeds QEMU, so it is also concerned by the CVEs reported for QEMU).

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2016-11-04 16:38:44 UTC (rev 45976)
+++ data/CVE/list	2016-11-04 21:07:30 UTC (rev 45977)
@@ -1351,6 +1351,9 @@
 	[jessie] - qemu <not-affected> (Vulnerable code introduced after v2.4.0-rc0)
 	[wheezy] - qemu <not-affected> (Vulnerable code introduced after v2.4.0-rc0)
 	- qemu-kvm <not-affected> (Vulnerable code introduced later)
+	- xen 4.4.0-1
+	[wheezy] - xen <not-affected> (Vulnerable code introduced after v2.4.0-rc0)
+	NOTE: Xen switched to qemu-system in 4.4.0-1
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02501.html
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1384896
 CVE-2016-8667 [dma: rc4030 divide by zero error in set_next_tick]
@@ -1359,6 +1362,9 @@
 	[wheezy] - qemu <no-dsa> (minor issue)
 	- qemu-kvm <removed>
 	[wheezy] - qemu-kvm <not-affected> (Code only affects mips platform)
+	- xen 4.4.0-1
+	[wheezy] - xen <unfixed>
+	NOTE: Xen switched to qemu-system in 4.4.0-1
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02577.html
 CVE-2016-8665
 	RESERVED
@@ -1888,6 +1894,9 @@
 	{DLA-679-1 DLA-678-1}
 	- qemu <unfixed> (bug #840340)
 	- qemu-kvm <removed>
+	- xen 4.4.0-1
+	[wheezy] - xen <not-affected> (Vulnerable code not present)
+	NOTE: Xen switched to qemu-system in 4.4.0-1
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg07143.html
 	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=ba42ebb863ab7d40adc79298422ed9596df8f73a
 CVE-2016-8577 [9pfs: host memory leakage in v9fs_read]
@@ -1895,6 +1904,9 @@
 	{DLA-679-1 DLA-678-1}
 	- qemu <unfixed> (bug #840341)
 	- qemu-kvm <removed>
+	- xen 4.4.0-1
+	[wheezy] - xen <not-affected> (Vulnerable code not present)
+	NOTE: Xen switched to qemu-system in 4.4.0-1
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg07127.html
 	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=e95c9a493a5a8d6f969e86c9f19f80ffe6587e19
 CVE-2016-8576 [usb: xHCI: infinite loop vulnerability in xhci_ring_fetch]
@@ -1902,6 +1914,9 @@
 	{DLA-679-1 DLA-678-1}
 	- qemu <unfixed> (bug #840343)
 	- qemu-kvm <removed>
+	- xen 4.4.0-1
+	[wheezy] - xen <not-affected> (Vulnerable code not present, xhci support introduced in 1.1)
+	NOTE: Xen switched to qemu-system in 4.4.0-1
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg01265.html
 	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=05f43d44e4bc26611ce25fd7d726e483f73363ce
 CVE-2016-8569 [DoS using a null pointer dereference in git_commit_message]
@@ -3739,6 +3754,9 @@
 	[jessie] - qemu <not-affected> (Vulnerable code introduced in v2.6.0-rc0)
 	[wheezy] - qemu <not-affected> (Vulnerable code introduced in v2.6.0-rc0)
 	- qemu-kvm <not-affected> (Vulnerable code introduced in v2.6.0-rc0)
+	- xen 4.4.0-1
+	[wheezy] - xen <not-affected> (Vulnerable code introduced in v2.6.0-rc0)
+	NOTE: Xen switched to qemu-system in 4.4.0-1
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg06609.html
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1382668
 	NOTE: Vulnerable code introduced in 49d925ce50383a286278143c05511d30ec41a36e
@@ -3751,6 +3769,9 @@
 	[jessie] - qemu <not-affected> (Vulnerable code introduced in 2.4.0-rc0)
 	[wheezy] - qemu <not-affected> (Vulnerable code introduced in 2.4.0-rc0)
 	- qemu-kvm <not-affected> (Vulnerable code introduced in 2.4.0-rc0)
+	- xen 4.4.0-1
+	[wheezy] - xen <not-affected> (Vulnerable code introduced in v2.4.0-rc0)
+	NOTE: Xen switched to qemu-system in 4.4.0-1
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg04129.html
 CVE-2016-7993
 	RESERVED


