[Secure-testing-commits] r46412 - data/CVE

Mon Nov 21 22:30:01 UTC 2016

Author: hle
Date: 2016-11-21 22:30:01 +0000 (Mon, 21 Nov 2016)
New Revision: 46412

Modified:
   data/CVE/list
Log:
CVE triage for Xen in wheezy.

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2016-11-21 22:24:47 UTC (rev 46411)
+++ data/CVE/list	2016-11-21 22:30:01 UTC (rev 46412)
@@ -40382,6 +40382,8 @@
 	[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
 	- qemu-kvm <removed>
 	[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
+	- xen 4.4.0-1
+	NOTE: Xen switched to qemu-system in 4.4.0-1
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg03984.html
 CVE-2015-5278 [net: avoid infinite loop when receiving packets]
 	RESERVED
@@ -40390,6 +40392,8 @@
 	[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
 	- qemu-kvm <removed>
 	[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
+	- xen 4.4.0-1
+	NOTE: Xen switched to qemu-system in 4.4.0-1
 	NOTE: Fix: https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg03985.html
 	NOTE: Possibly introduced around http://git.qemu.org/?p=qemu.git;a=commitdiff;h=0ae045ae439ad83692ad039a554f7d62acf9de5c (v0.9.1)
 CVE-2015-5277 (The get_contents function in nss_files/files-XXX.c in the Name Service ...)
@@ -40553,6 +40557,8 @@
 	[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
 	- qemu-kvm <removed>
 	[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
+	- xen 4.4.0-1
+	NOTE: Xen switched to qemu-system in 4.4.0-1
 	NOTE: Upstream fix: http://git.qemu.org/?p=qemu.git;a=commit;h=f9a70e79391f6d7c2a912d785239ee8effc1922d (v2.1.0-rc0)
 CVE-2015-5238
 	RESERVED
@@ -46379,6 +46385,9 @@
 	[wheezy] - qemu <not-affected> (Introduced in 1.3.0)
 	[squeeze] - qemu <not-affected> (Introduced in 1.3.0)
 	- qemu-kvm <not-affected> (Introduced in 1.3.0)
+	- xen 4.4.0-1
+	[wheezy] - xen <not-affected> (Vulnerable code introduced in 1.3.0, embedded version is 0.10.2)
+	NOTE: Xen switched to qemu-system in 4.4.0-1
 	NOTE: Upstream commit: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=d4862a87e31a51de9eb260f25c9e99a75efe3235
 	NOTE: Introduced in http://git.qemu.org/?p=qemu.git;a=commitdiff;h=0505bcdec8228d8de39ab1a02644e71999e7c052 (v1.3.0-rc0)
 	- linux <not-affected> (Fixed before linux-2.6 -> linux rename, v2.6.33-rc8)
@@ -72481,8 +72490,12 @@
 	[squeeze] - qemu <not-affected> (Vulnerable code not present)
 	- qemu-kvm <removed>
 	[squeeze] - qemu-kvm <not-affected> (Vulnerable code not present)
+	- xen 4.4.0-1
+	[wheezy] - xen <not-affected> (Vulnerable code introduced in 1.3, embedded version is 0.10.2)
+	NOTE: Xen switched to qemu-system in 4.4.0-1
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2014-06/msg05283.html
 	NOTE: Upstream fix: http://git.qemu.org/?p=qemu.git;a=commit;h=554f802da3f8b09b16b9a84ad5847b2eb0e9ad2b (v2.1.0-rc0)
+        NOTE: PCIe support introduced in v1.3: http://wiki.qemu.org/ChangeLog/1.3
 CVE-2014-3470 (The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL ...)
 	{DSA-2950-1 DLA-0003-1}
 	- openssl 1.0.1h-1 (bug #750665)


