[Secure-testing-commits] r46028 - data/CVE

Hugo Lefeuvre hle at moszumanska.debian.org
Sun Nov 6 21:46:25 UTC 2016 

Author: hle
Date: 2016-11-06 21:46:25 +0000 (Sun, 06 Nov 2016)
New Revision: 46028

Modified:
   data/CVE/list
Log:
CVE triage for Xen in wheezy.

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-11-06 20:57:49 UTC (rev 46027)
+++ data/CVE/list	2016-11-06 21:46:25 UTC (rev 46028)
@@ -12145,6 +12145,8 @@
 	[wheezy] - qemu <no-dsa> (Minor issue)
 	- qemu-kvm <removed>
 	[wheezy] - qemu-kvm <no-dsa> (Minor issue)
+	- xen 4.4.0-1
+	NOTE: Xen switched to qemu-system in 4.4.0-1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1343323
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg01507.html
 	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=ff589551c8e8e9e95e211b9d8daafb4ed39f1aec
@@ -13010,6 +13012,8 @@
 	[wheezy] - qemu <no-dsa> (Minor issue)
 	- qemu-kvm <removed>
 	[wheezy] - qemu-kvm <no-dsa> (Minor issue)
+	- xen 4.4.0-1
+	NOTE: Xen switched to qemu-system in 4.4.0-1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1341931
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg00150.html
 CVE-2016-5234 (Buffer overflow in Huawei VP9660, VP9650, and VP9630 multipoint ...)
@@ -14204,6 +14208,9 @@
 	[jessie] - qemu <not-affected> (LSI SAS1068 (mptsas) device support added later)
 	[wheezy] - qemu <not-affected> (LSI SAS1068 (mptsas) device support added later)
 	- qemu-kvm <not-affected> (LSI SAS1068 (mptsas) device support added later)
+	- xen 4.4.0-1
+	[wheezy] - xen <not-affected> (Vulnerable code introduced later)
+	NOTE: Xen switched to qemu-system in 4.4.0-1
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04027.html
 	NOTE: Introduced by: http://git.qemu.org/?p=qemu.git;a=commit;h=e351b82611293683c4cabe4b69b7552bde5d4e2a (v2.6.0-rc0)
 CVE-2016-4950
@@ -14261,6 +14268,9 @@
 	[jessie] - qemu <no-dsa> (Minor issue)
 	[wheezy] - qemu <not-affected> (VMWare PVSCSI paravirtual device implementation introduced later)
 	- qemu-kvm <not-affected> (VMWare PVSCSI paravirtual device implementation introduced later)
+	- xen 4.4.0-1
+	[wheezy] - xen <not-affected> (Vulnerable code introduced later)
+	NOTE: Xen switched to qemu-system in 4.4.0-1
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg03774.html
 	NOTE: Introduced in: http://git.qemu.org/?p=qemu.git;a=commit;h=881d588a98bf0dce98ddb65c15aa0854c0ac41ed (v1.5.0-rc0)
 CVE-2016-4951 (The tipc_nl_publ_dump function in net/tipc/socket.c in the Linux ...)
@@ -15618,6 +15628,8 @@
 	[wheezy] - qemu <no-dsa> (Minor issue)
 	- qemu-kvm <removed>
 	[wheezy] - qemu-kvm <no-dsa> (Minor issue)
+	- xen 4.4.0-1
+	NOTE: Xen switched to qemu-system in 4.4.0-1
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg05271.html
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1336429
 CVE-2016-4453 (The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU allows ...)
@@ -15626,6 +15638,8 @@
 	[wheezy] - qemu <no-dsa> (Minor issue)
 	- qemu-kvm <removed>
 	[wheezy] - qemu-kvm <no-dsa> (Minor issue)
+	- xen 4.4.0-1
+	NOTE: Xen switched to qemu-system in 4.4.0-1
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg05270.html
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1336650
 CVE-2016-4452
@@ -15673,6 +15687,8 @@
 	[wheezy] - qemu <no-dsa> (Minor issue; can be fixed along with a future DSA)
 	- qemu-kvm <removed>
 	[wheezy] - qemu-kvm <no-dsa> (Minor issue; can be fixed along with a future DSA)
+	- xen 4.4.0-1
+	NOTE: Xen switched to qemu-system in 4.4.0-1
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg03274.html
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1337505
 CVE-2016-4440 (arch/x86/kvm/vmx.c in the Linux kernel through 4.6.3 mishandles the ...)
@@ -15687,6 +15703,8 @@
 	- qemu 1:2.6+dfsg-2 (bug #824856)
 	[jessie] - qemu <no-dsa> (Minor issue; can be fixed along with a future DSA)
 	- qemu-kvm <removed>
+	- xen 4.4.0-1
+	NOTE: Xen switched to qemu-system in 4.4.0-1
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg03273.html
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1337502
 CVE-2016-4438 (The REST plugin in Apache Struts 2 2.3.20 through 2.3.28.1 allows ...)
@@ -16782,6 +16800,9 @@
 	[wheezy] - qemu <no-dsa> (Minor issue)
 	- qemu-kvm <removed>
 	[wheezy] - qemu-kvm <no-dsa> (Minor issue)
+	- xen 4.4.0-1
+	[wheezy] - xen <not-affected> (Vulnerable code introduced after 0.14.50, embedded version is 0.10.2)
+	NOTE: Xen switched to qemu-system in 4.4.0-1
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg02691.html
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1325129
 	NOTE: http://www.openwall.com/lists/oss-security/2016/04/18/3
@@ -16872,6 +16893,9 @@
 	- qemu 1:2.6+dfsg-2 (bug #821062)
 	[jessie] - qemu <no-dsa> (Minor issue)
 	- qemu-kvm <removed>
+	- xen 4.4.0-1
+	[wheezy] - xen <not-affected> (Vulnerable code introduced after 1.0.50, embedded version is 0.10.2)
+	NOTE: Xen switched to qemu-system in 4.4.0-1
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01118.html
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1313686
 	NOTE: http://www.openwall.com/lists/oss-security/2016/04/13/6
@@ -16963,6 +16987,8 @@
 	[wheezy] - qemu <no-dsa> (Minor issue)
 	- qemu-kvm <removed>
 	[wheezy] - qemu-kvm <no-dsa> (Minor issue)
+	- xen 4.4.0-1
+	NOTE: Xen switched to qemu-system in 4.4.0-1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1326082
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01131.html
 	NOTE: http://www.openwall.com/lists/oss-security/2016/04/11/6
@@ -16972,6 +16998,8 @@
 	[wheezy] - qemu <no-dsa> (Minor issue)
 	- qemu-kvm <removed>
 	[wheezy] - qemu-kvm <no-dsa> (Minor issue)
+	- xen 4.4.0-1
+	NOTE: Xen switched to qemu-system in 4.4.0-1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1325884
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01334.html
 	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=3a15cc0e1ee7168db0782133d2607a6bfa422d66 (v2.6.0-rc2)
@@ -20055,6 +20083,9 @@
 	[wheezy] - qemu <not-affected> (Vulnerable code not present)
 	[squeeze] - qemu <not-affected> (Vulnerable code not present)
 	- qemu-kvm <not-affected> (Vulnerable code not present)
+	- xen 4.4.0-1
+	[wheezy] - xen <not-affected> (Vulnerable code not present)
+	NOTE: Xen switched to qemu-system in 4.4.0-1
 	NOTE: Upstream patch: http://git.qemu.org/?p=qemu.git;a=commit;h=60253ed1e6ec6d8e5ef2efe7bf755f475dce9956 (v2.6.0-rc0)
 	NOTE: Introduced in: http://git.qemu.org/?p=qemu.git;a=commit;h=a9b7b2ad7b075dba5495271706670e5c6b1304bc (v1.3.0-rc0)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1314676
@@ -20085,6 +20116,8 @@
 	- qemu 1:2.6+dfsg-1 (bug #817182)
 	[jessie] - qemu <no-dsa> (Minor issue)
 	- qemu-kvm <removed>
+	- xen 4.4.0-1
+	NOTE: Xen switched to qemu-system in 4.4.0-1
 	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=362786f14a753d8a5256ef97d7c10ed576d6572b (v2.6.0-rc0)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1296567
 	NOTE: http://www.openwall.com/lists/oss-security/2016/03/03/9
@@ -20413,6 +20446,8 @@
 	[wheezy] - qemu <no-dsa> (Minor issue)
 	- qemu-kvm <removed>
 	[wheezy] - qemu-kvm <no-dsa> (Minor issue)
+	- xen 4.4.0-1
+	NOTE: Xen switched to qemu-system in 4.4.0-1
 	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=415ab35a441eca767d033a2702223e785b9d5190 (v2.6.0-rc0)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1303106
 	NOTE: http://www.openwall.com/lists/oss-security/2016/03/02/8
@@ -22973,6 +23008,9 @@
 	[wheezy] - qemu <not-affected> (Introduced after v1.2.0)
 	[squeeze] - qemu <not-affected> (Introduced after v1.2.0)
 	- qemu-kvm <not-affected> (Introduced after v1.2.0)
+	- xen 4.4.0-1
+	[wheezy] - xen <not-affected> (Vulnerable code introduced after 1.2.0, embedded version is 0.10.2)
+	NOTE: Xen switched to qemu-system in 4.4.0-1
 	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=dff0367cf66f489aa772320fa2937a8cac1ca30d (v2.6.0-rc0)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1301643
 CVE-2016-2197 [ide: ahci null pointer dereference when using FIS CLB engines]
@@ -22982,6 +23020,9 @@
 	[wheezy] - qemu <not-affected> (Vulnerable code introduced later)
 	[squeeze] - qemu <not-affected> (Vulnerable code introduced later)
 	- qemu-kvm <not-affected> (Vulnerable code introduced later)
+	- xen 4.4.0-1
+	[wheezy] - xen <not-affected> (Vulnerable code introduced later)
+	NOTE: Xen switched to qemu-system in 4.4.0-1
 	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=99b4cb71069f109b79b27bc629fc0cf0886dbc4b (v2.6.0-rc0)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1302057
 	NOTE: http://www.openwall.com/lists/oss-security/2016/01/29/2

More information about the Secure-testing-commits mailing list