[Secure-testing-commits] r45979 - data/CVE

Hugo Lefeuvre hle at moszumanska.debian.org
Fri Nov 4 21:39:22 UTC 2016 

Author: hle
Date: 2016-11-04 21:39:22 +0000 (Fri, 04 Nov 2016)
New Revision: 45979

Modified:
   data/CVE/list
Log:
CVE triage for Xen.

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-11-04 21:10:14 UTC (rev 45978)
+++ data/CVE/list	2016-11-04 21:39:22 UTC (rev 45979)
@@ -1435,7 +1435,7 @@
 	[wheezy] - qemu <not-affected> (Vulnerable code introduced after v2.4.0-rc0)
 	- qemu-kvm <not-affected> (Vulnerable code introduced later)
 	- xen 4.4.0-1
-	[wheezy] - xen <not-affected> (Vulnerable code introduced after v2.4.0-rc0)
+	[wheezy] - xen <not-affected> (Vulnerable code introduced after v2.4.0-rc0, embedded version is 0.10.2)
 	NOTE: Xen switched to qemu-system in 4.4.0-1
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02501.html
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1384896
@@ -1998,7 +1998,7 @@
 	- qemu <unfixed> (bug #840343)
 	- qemu-kvm <removed>
 	- xen 4.4.0-1
-	[wheezy] - xen <not-affected> (Vulnerable code not present, xhci support introduced in 1.1)
+	[wheezy] - xen <not-affected> (Vulnerable code introduced in 1.1, embedded version is 0.10.2)
 	NOTE: Xen switched to qemu-system in 4.4.0-1
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg01265.html
 	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=05f43d44e4bc26611ce25fd7d726e483f73363ce
@@ -2596,6 +2596,9 @@
 	[wheezy] - qemu <no-dsa> (Minor issue, needs qemu monitor access to unplug nec-xhci controller)
 	- qemu-kvm <removed>
 	[wheezy] - qemu-kvm <not-affected> (Minor issue, needs qemu monitor access to unplug nec-xhci controller)
+	- xen 4.4.0-1
+	[wheezy] - xen <not-affected> (Vulnerable code introduced in 1.1, embedded version is 0.10.2)
+	NOTE: Xen switched to qemu-system in 4.4.0-1
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg02773.html
 	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=b53dd4495ced2432a0b652ea895e651d07336f7e
 	NOTE: The usb_xhci_exit and thus the patched code was introduced in:
@@ -2726,6 +2729,9 @@
 	[jessie] - qemu <not-affected> (Vulnerable code introduced later)
 	[wheezy] - qemu <not-affected> (Vulnerable code introduced later)
 	- qemu-kvm <not-affected> (Vulnerable code introduced later)
+	- xen 4.4.0-1
+	[wheezy] - xen <not-affected> (Vulnerable code introduced later)
+	NOTE: Xen switched to qemu-system in 4.4.0-1
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg03604.html
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1376776
 	NOTE: http://www.openwall.com/lists/oss-security/2016/09/16/5
@@ -2738,6 +2744,9 @@
 	[jessie] - qemu <not-affected> (Vulnerable code introduced later)
 	[wheezy] - qemu <not-affected> (Vulnerable code introduced later)
 	- qemu-kvm <not-affected> (Vulnerable code introduced later)
+	- xen 4.4.0-1
+	[wheezy] - xen <not-affected> (Vulnerable code introduced later)
+	NOTE: Xen switched to qemu-system in 4.4.0-1
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg03546.html
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1376755
 	NOTE: Introduced by: http://git.qemu.org/?p=qemu.git;a=commit;h=3b3b0628217e2726069990ff9942a5d6d9816bd7 (v2.6.0-rc0)
@@ -2747,6 +2756,9 @@
 	- qemu 1:2.7+dfsg-1 (bug #838147)
 	[wheezy] - qemu <not-affected> (Vulnerable code not present, introduced after 1.5)
 	- qemu-kvm <not-affected> (Vulnerable code not present, introduced after 1.5)
+	- xen 4.4.0-1
+	[wheezy] - xen <not-affected> (Vulnerable code introduced after 1.5, embedded version is 0.10.2)
+	NOTE: Xen switched to qemu-system in 4.4.0-1
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg03609.html
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1376731
 	NOTE: http://www.openwall.com/lists/oss-security/2016/09/16/3
@@ -3838,7 +3850,7 @@
 	[wheezy] - qemu <not-affected> (Vulnerable code introduced in v2.6.0-rc0)
 	- qemu-kvm <not-affected> (Vulnerable code introduced in v2.6.0-rc0)
 	- xen 4.4.0-1
-	[wheezy] - xen <not-affected> (Vulnerable code introduced in v2.6.0-rc0)
+	[wheezy] - xen <not-affected> (Vulnerable code introduced in v2.6.0-rc0, embedded version is 0.10.2)
 	NOTE: Xen switched to qemu-system in 4.4.0-1
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg06609.html
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1382668
@@ -3853,7 +3865,7 @@
 	[wheezy] - qemu <not-affected> (Vulnerable code introduced in 2.4.0-rc0)
 	- qemu-kvm <not-affected> (Vulnerable code introduced in 2.4.0-rc0)
 	- xen 4.4.0-1
-	[wheezy] - xen <not-affected> (Vulnerable code introduced in v2.4.0-rc0)
+	[wheezy] - xen <not-affected> (Vulnerable code introduced in v2.4.0-rc0, embedded version is 0.10.2)
 	NOTE: Xen switched to qemu-system in 4.4.0-1
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg04129.html
 CVE-2016-7993
@@ -4144,11 +4156,17 @@
 	- qemu <unfixed> (bug #839834)
 	[jessie] - qemu <no-dsa> (Minor issue)
 	- qemu-kvm <removed>
+	- xen 4.4.0-1
+	[wheezy] - xen <unfixed>
+	NOTE: Xen switched to qemu-system in 4.4.0-1
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg07942.html
 CVE-2016-7908 (The mcf_fec_do_tx function in hw/net/mcf_fec.c in QEMU (aka Quick ...)
 	{DLA-653-1 DLA-652-1}
 	- qemu <unfixed> (bug #839835)
 	- qemu-kvm <removed>
+	- xen 4.4.0-1
+	[wheezy] - xen <unfixed>
+	NOTE: Xen switched to qemu-system in 4.4.0-1
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg05557.html
 	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=070c4b92b8cd5390889716677a0b92444d6e087a
 CVE-2016-7907 (The imx_fec_do_tx function in hw/net/imx_fec.c in QEMU (aka Quick ...)
@@ -4156,6 +4174,9 @@
 	[jessie] - qemu <not-affected> (Vulnerable code introduced after v2.5.0-rc0)
 	[wheezy] - qemu <not-affected> (Vulnerable code introduced after v2.5.0-rc0)
 	- qemu-kvm <not-affected> (Vulnerable code introduced after v2.5.0-rc0)
+	- xen 4.4.0-1
+	[wheezy] - xen <not-affected> (Vulnerable code introduced after v2.5.0-rc0, embedded version is 0.10.2)
+	NOTE: Xen switched to qemu-system in 4.4.0-1
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg05556.html
 	NOTE: i.MX Fast Ethernet Controller emulation introduced in v2.5.0-rc0 with
 	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=fcbd8018e645f3ab1ef9af94dc88a0d3272926d3 (v2.5.0-rc0)
@@ -5909,6 +5930,9 @@
 	{DLA-653-1 DLA-652-1}
 	- qemu <unfixed> (bug #837316)
 	- qemu-kvm <removed>
+	- xen 4.4.0-1
+	[wheezy] - xen <unfixed>
+	NOTE: Xen switched to qemu-system in 4.4.0-1
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg01764.html
 	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=167d97a3def77ee2dbf6e908b0ecbfe2103977db
 CVE-2016-7169 [a path traversal vulnerability in the upgrade package uploader]
@@ -5947,6 +5971,9 @@
 	{DLA-653-1 DLA-652-1}
 	- qemu 1:2.7+dfsg-1 (bug #838850)
 	- qemu-kvm <removed>
+	- xen 4.4.0-1
+	[wheezy] - xen <not-affected> (Vulnerable code introduced after 0.10.5, embedded version is 0.10.2)
+	NOTE: Xen switched to qemu-system in 4.4.0-1
 	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=a0d1cbdacff5df4ded16b753b38fdd9da6092968 (2.7.0-rc3)
 	NOTE: http://patchwork.ozlabs.org/patch/657076/
 CVE-2016-7160 (A vulnerability on Samsung Mobile L(5.0/5.1) and M(6.0) devices with ...)

More information about the Secure-testing-commits mailing list