[Secure-testing-commits] r47790 - data/CVE

Hugo Lefeuvre hle at moszumanska.debian.org
Fri Jan 6 16:20:45 UTC 2017 

Author: hle
Date: 2017-01-06 16:20:45 +0000 (Fri, 06 Jan 2017)
New Revision: 47790

Modified:
   data/CVE/list
Log:
Mark various issues as not-affecting Xen in wheezy (qemu/{virtio, qcow and ui} issues irrelevant)

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-01-06 15:36:37 UTC (rev 47789)
+++ data/CVE/list	2017-01-06 16:20:45 UTC (rev 47790)
@@ -25432,7 +25432,7 @@
 	[jessie] - qemu <no-dsa> (Minor issue; can be fixed in future DSA or point release)
 	- qemu-kvm <removed>
 	- xen 4.4.0-1
-	[wheezy] - xen <no-dsa> (Minor issue)
+	[wheezy] - xen <not-affected> (Vulnerable code irrelevant in Xen)
 	NOTE: Xen switched to qemu-system in 4.4.0-1
 CVE-2016-5402
 	RESERVED
@@ -47625,6 +47625,7 @@
 	[wheezy] - qemu-kvm <no-dsa> (Minor issue; can be fixed along in a later DSA)
 	[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
 	- xen 4.4.0-1
+	[wheezy] - xen <not-affected> (Vulnerable code irrelevant in Xen)
 	NOTE: Xen switched to qemu-system in 4.4.0-1
 	NOTE: http://www.openwall.com/lists/oss-security/2015/09/18/5
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg04729.html
@@ -94574,6 +94575,7 @@
 	[squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
 	[squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts)
 	- xen 4.4.0-1
+	[wheezy] - xen <not-affected> (Vulnerable code irrelevant in Xen)
 	NOTE: Xen switched to qemu-system in 4.4.0-1
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2014-05/msg02156.html
 CVE-2014-0222 (Integer overflow in the qcow_open function in block/qcow.c in QEMU ...)
@@ -94583,6 +94585,7 @@
 	[squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
 	[squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts)
 	- xen 4.4.0-1
+	[wheezy] - xen <not-affected> (Vulnerable code irrelevant in Xen)
 	NOTE: Xen switched to qemu-system in 4.4.0-1
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2014-05/msg02155.html
 CVE-2014-0221 (The dtls1_get_message_fragment function in d1_both.c in OpenSSL before ...)
@@ -96904,6 +96907,7 @@
 	- qemu-kvm <removed> (low)
 	[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
 	- xen 4.4.0-1
+	[wheezy] - xen <not-affected> (Vulnerable code irrelevant in Xen)
 	NOTE: Xen switched to qemu-system in 4.4.0-1
 CVE-2013-6398 (The virtual router in Apache CloudStack before 4.2.1 does not preserve ...)
 	NOT-FOR-US: Apache CloudStack
@@ -102917,6 +102921,7 @@
 	- qemu-kvm <removed> (low)
 	[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
 	- xen 4.4.0-1
+	[wheezy] - xen <not-affected> (Vulnerable code irrelevant in Xen)
 	NOTE: Xen switched to qemu-system in 4.4.0-1
 CVE-2013-4150 (The virtio_net_load function in hw/net/virtio-net.c in QEMU 1.5.0 ...)
 	- qemu 2.1+dfsg-1 (low; bug #739589)

More information about the Secure-testing-commits mailing list