[Secure-testing-commits] r46568 - data/CVE
Hugo Lefeuvre
hle at moszumanska.debian.org
Fri Nov 25 22:49:29 UTC 2016
Author: hle
Date: 2016-11-25 22:49:29 +0000 (Fri, 25 Nov 2016)
New Revision: 46568
Modified:
data/CVE/list
Log:
CVE triage for Xen in wheezy.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-11-25 22:17:23 UTC (rev 46567)
+++ data/CVE/list 2016-11-25 22:49:29 UTC (rev 46568)
@@ -85116,6 +85116,8 @@
[wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
- qemu-kvm <removed> (low)
[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
+ - xen 4.4.0-1
+ NOTE: Xen switched to qemu-system in 4.4.0-1
CVE-2013-6398 (The virtual router in Apache CloudStack before 4.2.1 does not preserve ...)
NOT-FOR-US: Apache CloudStack
CVE-2013-6397 (Directory traversal vulnerability in SolrResourceLoader in Apache Solr ...)
@@ -89647,6 +89649,10 @@
[wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
- qemu-kvm <removed> (low)
[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
+ - xen 4.4.0-1
+ [wheezy] - xen <not-affected> (Vulnerable code introduced in 1.1, embedded version is 0.10.2)
+ NOTE: Xen switched to qemu-system in 4.4.0-1
+ NOTE: virtio-scsi support introduced in v1.1: http://wiki.qemu.org/ChangeLog/1.1
CVE-2013-4541 (The usb_device_post_load function in hw/usb/bus.c in QEMU before 1.7.2 ...)
- qemu 2.1+dfsg-1 (low; bug #739589)
[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
@@ -89675,6 +89681,8 @@
[wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
- qemu-kvm <removed> (low)
[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
+ - xen 5.4.0-1
+ NOTE: Xen switched to qemu-system in 4.4.0-1
CVE-2013-4537 (The ssi_sd_transfer function in hw/sd/ssi-sd.c in QEMU before 1.7.2 ...)
- qemu 2.1+dfsg-1 (low; bug #739589)
[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
@@ -89682,6 +89690,8 @@
[wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
- qemu-kvm <removed> (low)
[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
+ - xen 4.4.0-1
+ NOTE: Xen switched to qemu-system in 4.4.0-1
CVE-2013-4536
RESERVED
- qemu 2.1+dfsg-1 (low; bug #739589)
@@ -89712,6 +89722,8 @@
[wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
- qemu-kvm <removed> (low)
[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
+ - xen 4.4.0-1
+ NOTE: Xen switched to qemu-system in 4.4.0-1
CVE-2013-4532
RESERVED
- qemu 2.1+dfsg-1 (low; bug #739589)
@@ -91111,6 +91123,8 @@
[squeeze] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
- qemu-kvm <removed> (low)
[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
+ - xen 4.4.0-1
+ NOTE: Xen switched to qemu-system in 4.4.0-1
CVE-2013-4150 (The virtio_net_load function in hw/net/virtio-net.c in QEMU 1.5.0 ...)
- qemu 2.1+dfsg-1 (low; bug #739589)
[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
@@ -91132,6 +91146,8 @@
[squeeze] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
- qemu-kvm <removed> (low)
[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
+ - xen 4.4.0-1
+ NOTE: Xen switched to qemu-system in 4.4.0-1
CVE-2013-4147 (Multiple format string vulnerabilities in Yet Another Radius Daemon ...)
- yardradius <removed> (low; bug #714612)
[squeeze] - yardradius <no-dsa> (Minor issue)
More information about the Secure-testing-commits
mailing list