[Secure-testing-commits] r46507 - data/CVE
Hugo Lefeuvre
hle at moszumanska.debian.org
Thu Nov 24 09:21:29 UTC 2016
Author: hle
Date: 2016-11-24 09:21:29 +0000 (Thu, 24 Nov 2016)
New Revision: 46507
Modified:
data/CVE/list
Log:
CVE triage for Xen in wheezy.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-11-24 09:10:13 UTC (rev 46506)
+++ data/CVE/list 2016-11-24 09:21:29 UTC (rev 46507)
@@ -61286,6 +61286,8 @@
[squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
- qemu-kvm <removed>
[squeeze] - qemu-kvm <end-of-life>
+ - xen 4.4.0-1
+ NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2014-12/msg00508.html
CVE-2014-8105 (389 Directory Server before 1.3.2.27 and 1.3.3.x before 1.3.3.9 does ...)
- 389-ds-base 1.3.3.5-4 (bug #779909)
@@ -72081,6 +72083,8 @@
- qemu-kvm <removed>
[squeeze] - qemu-kvm <end-of-life>
[squeeze] - qemu <end-of-life>
+ - xen 4.4.0-1
+ NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: http://lists.nongnu.org/archive/html/qemu-devel/2014-09/msg03543.html
CVE-2014-3639 (The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not ...)
{DSA-3026-1 DLA-87-1}
@@ -74808,7 +74812,11 @@
[squeeze] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <removed>
[squeeze] - qemu-kvm <not-affected> (Vulnerable code not present)
+ - xen 4.4.0-1
+ [wheezy] - xen <not-affected> (Vulnerable code introduced in 0.11.50, embedded version is 0.10.2)
+ NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: Upstream fix https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02016.html
+ NOTE: Vulnerable code introduced in 0.11.50: http://git.qemu.org/?p=qemu.git;a=commit;h=e8b54394950f975c1b31d2359cf58ca4d9f51b00
CVE-2014-2855 (The check_secret function in authenticate.c in rsync 3.1.0 and earlier ...)
- rsync 3.1.0-3 (bug #744791)
[wheezy] - rsync <not-affected> (Introduced in 3.1.0)
More information about the Secure-testing-commits
mailing list