[Secure-testing-commits] r46095 - data/CVE

Hugo Lefeuvre hle at moszumanska.debian.org
Thu Nov 10 09:33:21 UTC 2016 

Author: hle
Date: 2016-11-10 09:33:21 +0000 (Thu, 10 Nov 2016)
New Revision: 46095

Modified:
   data/CVE/list
Log:
CVE triage for Xen in wheezy.

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-11-10 07:57:54 UTC (rev 46094)
+++ data/CVE/list	2016-11-10 09:33:21 UTC (rev 46095)
@@ -21573,6 +21573,8 @@
 	- qemu-kvm <removed>
 	[wheezy] - qemu-kvm <no-dsa> (Minor issue)
 	[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
+	- xen 4.4.0-1
+	NOTE: Xen switched to qemu-system in 4.4.0-1
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg03658.html
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1303120
 	NOTE: Upstream commit: http://git.qemu.org/?p=qemu.git;a=commit;h=fe3c546c5ff2a6210f9a4d8561cc64051ca8603e (v2.6.0-rc0)
@@ -25233,6 +25235,9 @@
 	[squeeze] - qemu <not-affected> (Vulnerable code introduced later)
 	- qemu-kvm <removed>
 	[squeeze] - qemu-kvm <not-affected> (Vulnerable code introduced later)
+	- xen 4.4.0-1
+	[wheezy] - xen <not-affected> (Vulnerable code introduced later)
+	NOTE: Xen switched to qemu-system in 4.4.0-1
 	NOTE: Fixed by: https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg01184.html
 	NOTE: ahci emulation added in: http://git.qemu.org/?p=qemu.git;a=commit;h=f6ad2e32f8d833c7f1c75dc084a84a8f02704d64 (v0.14.0-rc0)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1288532
@@ -26249,6 +26254,9 @@
 	[wheezy] - qemu <not-affected> (Vulnerable code introduced later)
 	[squeeze] - qemu <not-affected> (Vulnerable code introduced later)
 	- qemu-kvm <not-affected> (Vulnerable code not present)
+	- xen 4.4.0-1
+	[wheezy] - xen <not-affected> (Vulnerable code introduced later)
+	NOTE: Xen switched to qemu-system in 4.4.0-1
 	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=a7278b36fcab9af469563bd7b9dadebe2ae25e48 (v2.5.0-rc0)
 	NOTE: VMXNET3 device implementation introduced in http://git.qemu.org/?p=qemu.git;a=commit;h=786fd2b0f87baded8c9e55307b99719eea3e016e (v1.5.0-rc0)
 CVE-2015-8745 [net: vmxnet3: reading IMR registers leads to a crash]
@@ -26258,6 +26266,9 @@
 	[wheezy] - qemu <not-affected> (Vulnerable code introduced later)
 	[squeeze] - qemu <not-affected> (Vulnerable code introduced later)
 	- qemu-kvm <not-affected> (Vulnerable code not present)
+	- xen 4.4.0-1
+	[wheezy] - xen <not-affected> (Vulnerable code introduced later)
+	NOTE: Xen switched to qemu-system in 4.4.0-1
 	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=c6048f849c7e3f009786df76206e895a69de032c (v2.5.0-rc0)
 	NOTE: VMXNET3 device implementation introduced in http://git.qemu.org/?p=qemu.git;a=commit;h=786fd2b0f87baded8c9e55307b99719eea3e016e (v1.5.0-rc0)
 CVE-2015-8743 [net: ne2000: OOB r/w in ioport operations]
@@ -28347,6 +28358,9 @@
 	[wheezy] - qemu <not-affected> (Vulnerable code not present)
 	[squeeze] - qemu <not-affected> (Vulnerable code not present)
 	- qemu-kvm <not-affected> (Vulnerable code not present)
+	- xen 4.4.0-1
+	[wheezy] - xen <not-affected> (Vulnerable code introduced later)
+	NOTE: Xen switched to qemu-system in 4.4.0-1
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg02299.html
 	NOTE: http://www.openwall.com/lists/oss-security/2015/12/15/4
 CVE-2015-8567 [net: vmxnet3: host memory leakage -- does not check if the device is active before activating it]
@@ -28356,6 +28370,9 @@
 	[wheezy] - qemu <not-affected> (Vulnerable code not present)
 	[squeeze] - qemu <not-affected> (Vulnerable code not present)
 	- qemu-kvm <not-affected> (Vulnerable code not present)
+	- xen 4.4.0-1
+	[wheezy] - xen <not-affected> (Vulnerable code introduced later)
+	NOTE: Xen switched to qemu-system in 4.4.0-1
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg02299.html
 	NOTE: http://www.openwall.com/lists/oss-security/2015/12/15/4
 CVE-2015-8559 [knife bootstrap leaks validator privkey into system logs]
@@ -33232,6 +33249,9 @@
 	- qemu-kvm <removed>
 	[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
 	[squeeze] - qemu-kvm <not-affected> (Vulnerable code not present)
+	- xen 4.4.0-1
+	[wheezy] - xen <not-affected> (Vulnerable code introduced later)
+	NOTE: Xen switched to qemu-system in 4.4.0-1
 	NOTE: Upstream commit: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=43b11a91dd861a946b231b89b7542856ade23d1b (v2.5.0-rc0)
 	NOTE: Introduced by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=d35e428c8400f9ddc07e5a15ff19622c869b9ba0 (v1.2.0-rc0)
 CVE-2015-7548 (OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before ...)

More information about the Secure-testing-commits mailing list