[Secure-testing-commits] r46027 - data/CVE
Hugo Lefeuvre
hle at moszumanska.debian.org
Sun Nov 6 20:57:49 UTC 2016
Author: hle
Date: 2016-11-06 20:57:49 +0000 (Sun, 06 Nov 2016)
New Revision: 46027
Modified:
data/CVE/list
Log:
CVE triage for Xen in wheezy.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-11-06 20:35:27 UTC (rev 46026)
+++ data/CVE/list 2016-11-06 20:57:49 UTC (rev 46027)
@@ -6064,6 +6064,9 @@
[wheezy] - qemu <not-affected> (Vulnerable code not present, introduced after v1.5)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
+ - xen 4.4.0-1
+ [wheezy] - xen <not-affected> (Vulnerable code introduced after 1.5, embedded version is 0.10.2)
+ NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: Upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg00050.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1373462
NOTE: http://www.openwall.com/lists/oss-security/2016/09/06/2
@@ -6075,6 +6078,9 @@
[wheezy] - qemu <not-affected> (Vulnerable code not present, introduced after v1.5)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
+ - xen 4.4.0-1
+ [wheezy] - xen <not-affected> (Vulnerable code introduced after 1.5, embedded version is 0.10.2)
+ NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: Upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg00772.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1373478
NOTE: http://www.openwall.com/lists/oss-security/2016/09/06/3
@@ -6086,6 +6092,9 @@
[wheezy] - qemu <not-affected> (Vulnerable code not present, introduced after v2.6)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
+ - xen 4.4.0-1
+ [wheezy] - xen <not-affected> (Vulnerable code introduced after 2.6, embedded version is 0.10.2)
+ NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: Upstream patches: https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg04295.html
NOTE: Upstream patches: https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg04296.html
NOTE: http://www.openwall.com/lists/oss-security/2016/09/06/4
@@ -6284,6 +6293,9 @@
- qemu 1:2.6+dfsg-3.1 (bug #836502)
[jessie] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
+ - xen 4.4.0-1
+ [wheezy] - xen <not-affected> (Vulnerable code introduced after 0.12.50, embedded version is 0.10.2)
+ NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=56f101ecce0eafd09e2daf1c4eeb1377d6959261
NOTE: May as well need: http://git.qemu.org/?p=qemu.git;a=commit;h=fff39a7ad09da07ef490de05c92c91f22f8002f2
CVE-2016-7110 (Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 allows ...)
@@ -6952,6 +6964,9 @@
[wheezy] - qemu <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
+ - xen 4.4.0-1
+ [wheezy] - xen <not-affected> (Vulnerable code introduced in 1.5, embedded version is 0.10.2)
+ NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg03176.html
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=47882fa4975bf0b58dd74474329fdd7154e8f04c
CVE-2016-6875 [Fix infinite recursion in wddx]
@@ -7396,6 +7411,9 @@
[wheezy] - qemu <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
+ - xen 4.4.0-1
+ [wheezy] - xen <not-affected> (Vulnerable code introduced in 1.5, embedded version is 0.10.2)
+ NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=6c352ca9b4ee3e1e286ea9e8434bd8e69ac7d0d8
NOTE: Upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01602.html
NOTE: http://www.openwall.com/lists/oss-security/2016/08/12/1
@@ -7406,6 +7424,9 @@
[wheezy] - qemu <not-affected> (Vulnerable code not present, packet abstraction introduced in 1.5)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present, packet abstraction introduced in 1.5)
+ - xen 4.4.0-1
+ [wheezy] - xen <not-affected> (Vulnerable code introduced in 1.5, embedded version is 0.10.2)
+ NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=ead315e43ea0c2ca3491209c6c8db8ce3f2bbe05
NOTE: Upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01601.html
NOTE: http://www.openwall.com/lists/oss-security/2016/08/11/8
@@ -7415,6 +7436,9 @@
[wheezy] - qemu <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
+ - xen 4.4.0-1
+ [wheezy] - xen <not-affected> (Vulnerable code introduced in 1.5, embedded version is 0.10.2)
+ NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: Upstream patch: https://lists.gnu.org/archive/html/qemu-stable/2016-08/msg00077.html
NOTE: http://www.openwall.com/lists/oss-security/2016/08/11/7
CVE-2016-6836 [Information leak in vmxnet3_complete_packet]
@@ -7424,6 +7448,9 @@
[wheezy] - qemu <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
+ - xen 4.4.0-1
+ [wheezy] - xen <not-affected> (Vulnerable code introduced in 1.5, embedded version is 0.10.2)
+ NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: Upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg02108.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1366369
NOTE: http://www.openwall.com/lists/oss-security/2016/08/11/5
@@ -8382,6 +8409,9 @@
[wheezy] - qemu <not-affected> (Issue introduced later)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <not-affected> (Issue introduced later)
+ - xen 4.4.0-1
+ [wheezy] - xen <not-affected> (Vulnerable code introduced later.)
+ NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-07/msg06246.html
NOTE: Introduced by: http://git.qemu.org/?p=qemu.git;a=commit;h=3b3b0628217e2726069990ff9942a5d6d9816bd7 (v2.6.0-rc0)
CVE-2016-6483 (The media-file upload feature in vBulletin before 3.8.7 Patch Level 6, ...)
@@ -8887,6 +8917,8 @@
- qemu 1:2.6+dfsg-3.1 (bug #832621)
[jessie] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
+ - xen 4.4.0-1
+ NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=926cde5f3e4d2504ed161ed0cb771ac7cad6fd11 (v2.7.0-rc0)
NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=cc96677469388bad3d66479379735cf75db069e3 (v2.7.0-rc0)
NOTE: http://www.openwall.com/lists/oss-security/2016/07/25/14
@@ -12121,6 +12153,9 @@
[jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <not-affected> (Vulnerable code not present)
+ - xen 4.4.0-1
+ [wheezy] - xen <not-affected> (Vulnerable code not present)
+ NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1343909
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg01969.html
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=844864fbae66935951529408831c2f22367a57b6
@@ -13515,6 +13550,9 @@
[wheezy] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
+ - xen 4.4.0-1
+ [wheezy] - xen <not-affected> (Vulnerable code not present)
+ NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://lists.gnu.org/archive/html/qemu-block/2016-05/msg00779.html
NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=a6b3167fa0e825aebb5a7cd8b437b6d41584a196
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1340924
@@ -13909,6 +13947,9 @@
[jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <not-affected> (Vulnerable code not present)
+ - xen 4.4.0-1
+ [wheezy] - xen <not-affected> (Vulnerable code not present)
+ NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04424.html
NOTE: Introduced after: http://git.qemu.org/?p=qemu.git;a=commit;h=e8f943c3bcc2a578bfd30b825f2ebaf345c63a09 (v1.2.0-rc0)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1336461
@@ -13917,6 +13958,9 @@
[jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <not-affected> (Vulnerable code not present)
+ - xen 4.4.0-1
+ [wheezy] - xen <not-affected> (Vulnerable code not present)
+ NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: Introduced after: http://git.qemu.org/?p=qemu.git;a=commit;h=e8f943c3bcc2a578bfd30b825f2ebaf345c63a09 (v1.2.0-rc0)
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04340.html
CVE-2016-5105 (The megasas_dcmd_cfg_read function in hw/scsi/megasas.c in QEMU, when ...)
@@ -13924,6 +13968,9 @@
[jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <not-affected> (Vulnerable code not present)
+ - xen 4.4.0-1
+ [wheezy] - xen <not-affected> (Vulnerable code not present)
+ NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: Introduced after: http://git.qemu.org/?p=qemu.git;a=commit;h=e8f943c3bcc2a578bfd30b825f2ebaf345c63a09 (v1.2.0-rc0)
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04419.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1339583
More information about the Secure-testing-commits
mailing list