[Secure-testing-commits] r46208 - data/CVE
Hugo Lefeuvre
hle at moszumanska.debian.org
Tue Nov 15 08:47:32 UTC 2016
Author: hle
Date: 2016-11-15 08:47:32 +0000 (Tue, 15 Nov 2016)
New Revision: 46208
Modified:
data/CVE/list
Log:
CVE triage for Xen in wheezy.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-11-15 06:19:13 UTC (rev 46207)
+++ data/CVE/list 2016-11-15 08:47:32 UTC (rev 46208)
@@ -20825,6 +20825,9 @@
[wheezy] - qemu <not-affected> (Affects Qemu versions >= 1.6.0 and <= 2.3.1)
[squeeze] - qemu <not-affected> (Affects Qemu versions >= 1.6.0 and <= 2.3.1)
- qemu-kvm <not-affected> (Affects Qemu versions >= 1.6.0 and <= 2.3.1)
+ - xen 4.4.0-1
+ [wheezy] - xen <not-affected> (Affects Qemu versions >= 1.6.0 and <= 2.3.1, embedded version is 0.10.2)
+ NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: http://www.openwall.com/lists/oss-security/2016/03/01/10
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=b242e0e0e2969c044a318e56f7988bbd84de1f63 (v2.4.0-rc0)
TODO: check again after the CVE id split
@@ -20835,6 +20838,9 @@
[wheezy] - qemu <not-affected> (Affects Qemu versions >= 1.6.0 and <= 2.3.1)
[squeeze] - qemu <not-affected> (Affects Qemu versions >= 1.6.0 and <= 2.3.1)
- qemu-kvm <not-affected> (Affects Qemu versions >= 1.6.0 and <= 2.3.1)
+ - xen 4.4.0-1
+ [wheezy] - xen <not-affected> (Affects Qemu versions >= 1.6.0 and <= 2.3.1, embedded version is 0.10.2)
+ NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: http://www.openwall.com/lists/oss-security/2016/03/01/10
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=c3c1bb99d1c11978d9ce94d1bdcf0705378c1459 (v2.3.0-rc1)
NOTE: https://lists.gnu.org/archive/html/qemu-stable/2016-01/msg00060.html
@@ -25354,6 +25360,8 @@
[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
- qemu-kvm <removed>
[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
+ - xen 4.4.0-1
+ NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1296060
NOTE: Upstream fix: https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg00428.html
NOTE: http://www.openwall.com/lists/oss-security/2016/01/11/7
@@ -26423,6 +26431,8 @@
[squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
- qemu-kvm <removed>
[squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts)
+ - xen 4.4.0-1
+ NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1264929
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg00050.html
NOTE: Introduced by (at least after): http://git.qemu.org/?p=qemu.git;a=commit;h=69b910399a3c40620a5213adaeb14a37366d97ac
@@ -26544,6 +26554,9 @@
[wheezy] - qemu <not-affected> (Vulnerable code introduced after qemu 2.3)
[squeeze] - qemu <not-affected> (Vulnerable code introduced after qemu 2.3)
- qemu-kvm <not-affected> (Vulnerable code introduced after qemu 2.3)
+ - xen 4.4.0-1
+ [wheezy] - xen <not-affected> (Vulnerable code introduced after 2.3, embedded version is 0.10.2)
+ NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: http://www.openwall.com/lists/oss-security/2015/12/28/6
CVE-2015-8700
RESERVED
@@ -27560,6 +27573,9 @@
[wheezy] - qemu <not-affected> (Vulnerable code not present)
[squeeze] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <not-affected> (Vulnerable code not present)
+ - xen 4.4.0-1
+ [wheezy] - xen <not-affected> (Vulnerable code not present)
+ NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg03737.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1284008
NOTE: http://www.openwall.com/lists/oss-security/2015/12/21/7
@@ -27586,6 +27602,9 @@
[squeeze] - qemu <not-affected> (Issue introduced afer 1.2)
- qemu-kvm <removed>
- qemu-kvm <not-affected> (Introduced after 1.2)
+ - xen 4.4.0-1
+ [wheezy] - xen <not-affected> (Vulnerable code introduced after 1.2, embedded version is 0.10.2)
+ NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: According maintainer in https://bugs.debian.org/809237#17 introduced after 1.2
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg02930.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283926
@@ -28533,6 +28552,9 @@
[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
- qemu-kvm <removed>
[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
+ - xen 4.4.0-1
+ [wheezy] - xen <not-affected> (EHCI support introduced after 0.14.50, embedded version is 0.10.2)
+ NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: Upstream commit: http://git.qemu.org/?p=qemu.git;a=commit;h=156a2e4dbffa85997636a7a39ef12da6f1b40254
NOTE: http://www.openwall.com/lists/oss-security/2015/12/14/9
CVE-2015-8557 (The FontManager._get_nix_font_path function in formatters/img.py in ...)
@@ -29977,6 +29999,8 @@
[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
- qemu-kvm <removed>
[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
+ - xen 4.4.0-1
+ NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: Fixed by http://git.qemu.org/?p=qemu.git;a=commitdiff;h=4c65fed8bdf96780735dbdb92a8bd0d6b6526cc3 (v2.5.0-rc3)
NOTE: Issue possibly introduced after http://git.qemu.org/?p=qemu.git;a=commitdiff;h=6cec5487990bf3f1f22b3fcb871978255e92ae0d (v0.10.0)
NOTE: http://www.openwall.com/lists/oss-security/2015/12/08/4
@@ -61026,6 +61050,8 @@
[squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
- qemu-kvm <removed>
[squeeze] - qemu-kvm <end-of-life>
+ - xen 4.4.0-1
+ NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: Upstream commit: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=e6908bfe8e07f2b452e78e677da1b45b1c0f6829
CVE-2014-7814 (SQL injection vulnerability in Red Hat CloudForms 3.1 Management ...)
NOT-FOR-US: Red Hat CloudForms Management Engine
More information about the Secure-testing-commits
mailing list