[Secure-testing-commits] r47844 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Mon Jan 9 13:42:01 UTC 2017
Author: jmm
Date: 2017-01-09 13:42:00 +0000 (Mon, 09 Jan 2017)
New Revision: 47844
Modified:
data/CVE/list
Log:
remove remaining bogus xen issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-01-09 09:18:53 UTC (rev 47843)
+++ data/CVE/list 2017-01-09 13:42:00 UTC (rev 47844)
@@ -3617,8 +3617,6 @@
- qemu 1:2.8+dfsg-1 (bug #847960)
[jessie] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
- - xen 4.4.0-1
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-12/msg00442.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1334398
NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=4299b90e9ba9ce5ca9024572804ba751aa1a7e70 (v2.8.0-rc3)
@@ -3629,8 +3627,6 @@
- qemu 1:2.8+dfsg-1 (bug #847960)
[jessie] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
- - xen 4.4.0-1
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-12/msg00442.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1334398
NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=4299b90e9ba9ce5ca9024572804ba751aa1a7e70 (v2.8.0-rc3)
@@ -4821,9 +4817,6 @@
[jessie] - qemu <not-affected> (Vulnerable code not present)
[wheezy] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <not-affected> (Vulnerable code not present)
- - xen 4.4.0-1
- [wheezy] - xen <not-affected> (Vulnerable code introduced in v2.4, embedded version is 0.10.2)
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg05043.html
NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/12
CVE-2016-9916 (Memory leak in hw/9pfs/9p-proxy.c in QEMU (aka Quick Emulator) allows ...)
@@ -4831,9 +4824,6 @@
[wheezy] - qemu <no-dsa> (Minor issue, virtfs-proxy-helper not present)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <no-dsa> (Minor issue, virtfs-proxy-helper not present)
- - xen 4.4.0-1
- [wheezy] - xen <not-affected> (Vulnerable code not present)
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html
NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=898ae90a44551d25b8e956fd87372d303c82fe68 (v2.8.0-rc2)
NOTE: Proxy filesystem driver introduced in: http://git.qemu.org/?p=qemu.git;a=commit;h=4c793dda22213a7aba8e4d9a814e8f368a5f8bf7 (v1.0-rc0)
@@ -4843,9 +4833,6 @@
[wheezy] - qemu <no-dsa> (handle driver not included during compilation)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <no-dsa> (handle driver not included during compilation)
- - xen 4.4.0-1
- [wheezy] - xen <not-affected> (Vulnerable code not present)
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html
NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=971f406b77a6eb84e0ad27dcc416b663765aee30 (v2.8.0-rc2)
NOTE: handle based fs driver introduced in: http://git.qemu.org/?p=qemu.git;a=commit;h=5f5422258e1f50f871bafcc5bfb2b498f414a310 (v1.0-rc0)
@@ -4856,9 +4843,6 @@
[wheezy] - qemu <no-dsa> (proxy and handle drivers not included during compilation)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <no-dsa> (proxy and handle drivers not included during compilation)
- - xen 4.4.0-1
- [wheezy] - xen <not-affected> (Vulnerable code not present)
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html
NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=702dbcc274e2ca43be20ba64c758c0ca57dab91d (v2.8.0-rc2)
NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/11
@@ -4869,9 +4853,6 @@
[wheezy] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
- - xen 4.4.0-1
- [wheezy] - xen <not-affected> (Vulnerable code not present)
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html
NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=4774718e5c194026ba5ee7a28d9be49be3080e42 (v2.8.0-rc2)
NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/11
@@ -4880,9 +4861,6 @@
- qemu 1:2.8+dfsg-1 (bug #847951)
[jessie] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
- - xen 4.4.0-1
- [wheezy] - xen <not-affected> (Vulnerable code introduced later)
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=791f97758e223de3290592d169f (v2.8.0-rc0)
NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/10
CVE-2016-9907 (Quick Emulator (Qemu) built with the USB redirector usb-guest support ...)
@@ -4890,9 +4868,6 @@
[wheezy] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
- - xen 4.4.0-1
- [wheezy] - xen <not-affected> (Vulnerable code not present)
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg01379.html
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=07b026fd82d6cf11baf7d7c603c4f5f6070b35bf
NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/3
@@ -4902,9 +4877,6 @@
[jessie] - qemu <not-affected> (Vulnerable code not present)
[wheezy] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <not-affected> (Vulnerable code not present)
- - xen 4.4.0-1
- [wheezy] - xen <not-affected> (Vulnerable code introduced in v2.5, embedded version is 0.10.2)
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: http://lists.gnu.org/archive/html/qemu-devel/2016-11/msg00059.html
NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/2
CVE-2017-3229
@@ -13450,9 +13422,6 @@
{DLA-698-1 DLA-689-1}
- qemu 1:2.8+dfsg-1 (bug #842463)
- qemu-kvm <removed>
- - xen 4.4.0-1
- [wheezy] - xen <not-affected> (Vulnerable code not present)
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02623.html
NOTE: http://www.openwall.com/lists/oss-security/2016/10/28/4
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=fdfcc9aeea1492f4b819a24c94dfb678145b1bf9
@@ -13460,9 +13429,6 @@
{DLA-698-1 DLA-689-1}
- qemu 1:2.8+dfsg-1 (bug #842463)
- qemu-kvm <removed>
- - xen 4.4.0-1
- [wheezy] - xen <not-affected> (Vulnerable code not present)
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02608.html
NOTE: http://www.openwall.com/lists/oss-security/2016/10/28/3
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=4c1586787ff43c9acd18a56c12d720e3e6be9f7c
@@ -13470,18 +13436,12 @@
{DLA-698-1 DLA-689-1}
- qemu 1:2.8+dfsg-1 (bug #842463)
- qemu-kvm <removed>
- - xen 4.4.0-1
- [wheezy] - xen <not-affected> (Vulnerable code not present)
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02942.html
NOTE: http://www.openwall.com/lists/oss-security/2016/10/28/2
CVE-2016-9103 (The v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick ...)
{DLA-698-1 DLA-689-1}
- qemu 1:2.8+dfsg-1 (bug #842463)
- qemu-kvm <removed>
- - xen 4.4.0-1
- [wheezy] - xen <not-affected> (Vulnerable code not present)
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg01790.html
NOTE: http://www.openwall.com/lists/oss-security/2016/10/28/1
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=eb687602853b4ae656e9236ee4222609f3a6887d
@@ -13489,9 +13449,6 @@
{DLA-698-1 DLA-689-1}
- qemu 1:2.8+dfsg-1 (bug #842463)
- qemu-kvm <removed>
- - xen 4.4.0-1
- [wheezy] - xen <not-affected> (Vulnerable code not present)
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg01861.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1389550
NOTE: http://www.openwall.com/lists/oss-security/2016/10/27/15
@@ -13500,8 +13457,6 @@
{DLA-698-1 DLA-689-1}
- qemu <unfixed> (bug #842455)
- qemu-kvm <removed>
- - xen 4.4.0-1
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg03024.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1389538
NOTE: http://www.openwall.com/lists/oss-security/2016/10/27/14
@@ -14441,17 +14396,12 @@
{DLA-698-1 DLA-689-1}
- qemu 1:2.8+dfsg-1 (bug #841955)
- qemu-kvm <removed>
- - xen 4.4.0-1
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg05495.html
NOTE: http://www.openwall.com/lists/oss-security/2016/10/24/2
CVE-2016-8909 (The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick ...)
{DLA-698-1 DLA-689-1}
- qemu 1:2.8+dfsg-1 (bug #841950)
- qemu-kvm <removed>
- - xen 4.4.0-1
- [wheezy] - xen <not-affected> (Vulnerable code not present)
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg04717.html
NOTE: http://www.openwall.com/lists/oss-security/2016/10/24/1
CVE-2016-XXXX [Privilege escalation possible to other user than root]
@@ -14753,8 +14703,6 @@
{DLA-679-1 DLA-678-1}
- qemu 1:2.8+dfsg-1 (bug #840945)
- qemu-kvm <removed>
- - xen 4.4.0-1
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02461.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1384909
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=3592fe0c919cf27a81d8e9f9b4f269553418bb01
@@ -14763,9 +14711,6 @@
[jessie] - qemu <not-affected> (Vulnerable code introduced after v2.4.0-rc0)
[wheezy] - qemu <not-affected> (Vulnerable code introduced after v2.4.0-rc0)
- qemu-kvm <not-affected> (Vulnerable code introduced later)
- - xen 4.4.0-1
- [wheezy] - xen <not-affected> (Vulnerable code introduced after v2.4.0-rc0, embedded version is 0.10.2)
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02501.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1384896
CVE-2016-8667 (The rc4030_write function in hw/dma/rc4030.c in QEMU (aka Quick ...)
@@ -14773,8 +14718,6 @@
[wheezy] - qemu <no-dsa> (minor issue)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <not-affected> (Code only affects mips platform)
- - xen 4.4.0-1
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02577.html
CVE-2016-8665
RESERVED
@@ -15396,27 +15339,18 @@
{DLA-679-1 DLA-678-1}
- qemu 1:2.8+dfsg-1 (bug #840340)
- qemu-kvm <removed>
- - xen 4.4.0-1
- [wheezy] - xen <not-affected> (Vulnerable code not present)
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg07143.html
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=ba42ebb863ab7d40adc79298422ed9596df8f73a
CVE-2016-8577 (Memory leak in the v9fs_read function in hw/9pfs/9p.c in QEMU (aka ...)
{DLA-679-1 DLA-678-1}
- qemu 1:2.8+dfsg-1 (bug #840341)
- qemu-kvm <removed>
- - xen 4.4.0-1
- [wheezy] - xen <not-affected> (Vulnerable code not present)
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg07127.html
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=e95c9a493a5a8d6f969e86c9f19f80ffe6587e19
CVE-2016-8576 (The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick ...)
{DLA-679-1 DLA-678-1}
- qemu 1:2.8+dfsg-1 (bug #840343)
- qemu-kvm <removed>
- - xen 4.4.0-1
- [wheezy] - xen <not-affected> (Vulnerable code introduced in 1.1, embedded version is 0.10.2)
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg01265.html
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=05f43d44e4bc26611ce25fd7d726e483f73363ce
CVE-2016-8569 [DoS using a null pointer dereference in git_commit_message]
@@ -16030,9 +15964,6 @@
[wheezy] - qemu <no-dsa> (Minor issue, needs qemu monitor access to unplug nec-xhci controller)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <not-affected> (Minor issue, needs qemu monitor access to unplug nec-xhci controller)
- - xen 4.4.0-1
- [wheezy] - xen <not-affected> (Vulnerable code introduced in 1.1, embedded version is 0.10.2)
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg02773.html
NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=b53dd4495ced2432a0b652ea895e651d07336f7e
NOTE: The usb_xhci_exit and thus the patched code was introduced in:
@@ -16163,9 +16094,6 @@
[jessie] - qemu <not-affected> (Vulnerable code introduced later)
[wheezy] - qemu <not-affected> (Vulnerable code introduced later)
- qemu-kvm <not-affected> (Vulnerable code introduced later)
- - xen 4.4.0-1
- [wheezy] - xen <not-affected> (Vulnerable code introduced later)
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg03604.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1376776
NOTE: http://www.openwall.com/lists/oss-security/2016/09/16/5
@@ -16177,9 +16105,6 @@
[jessie] - qemu <not-affected> (Vulnerable code introduced later)
[wheezy] - qemu <not-affected> (Vulnerable code introduced later)
- qemu-kvm <not-affected> (Vulnerable code introduced later)
- - xen 4.4.0-1
- [wheezy] - xen <not-affected> (Vulnerable code introduced later)
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg03546.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1376755
NOTE: Introduced by: http://git.qemu.org/?p=qemu.git;a=commit;h=3b3b0628217e2726069990ff9942a5d6d9816bd7 (v2.6.0-rc0)
@@ -16188,9 +16113,6 @@
- qemu 1:2.7+dfsg-1 (bug #838147)
[wheezy] - qemu <not-affected> (Vulnerable code not present, introduced after 1.5)
- qemu-kvm <not-affected> (Vulnerable code not present, introduced after 1.5)
- - xen 4.4.0-1
- [wheezy] - xen <not-affected> (Vulnerable code introduced after 1.5, embedded version is 0.10.2)
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg03609.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1376731
NOTE: http://www.openwall.com/lists/oss-security/2016/09/16/3
@@ -17280,9 +17202,6 @@
[jessie] - qemu <not-affected> (Vulnerable code introduced in v2.6.0-rc0)
[wheezy] - qemu <not-affected> (Vulnerable code introduced in v2.6.0-rc0)
- qemu-kvm <not-affected> (Vulnerable code introduced in v2.6.0-rc0)
- - xen 4.4.0-1
- [wheezy] - xen <not-affected> (Vulnerable code introduced in v2.6.0-rc0, embedded version is 0.10.2)
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg06609.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1382668
NOTE: Vulnerable code introduced in 49d925ce50383a286278143c05511d30ec41a36e
@@ -17294,9 +17213,6 @@
[jessie] - qemu <not-affected> (Vulnerable code introduced in 2.4.0-rc0)
[wheezy] - qemu <not-affected> (Vulnerable code introduced in 2.4.0-rc0)
- qemu-kvm <not-affected> (Vulnerable code introduced in 2.4.0-rc0)
- - xen 4.4.0-1
- [wheezy] - xen <not-affected> (Vulnerable code introduced in v2.4.0-rc0, embedded version is 0.10.2)
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg04129.html
CVE-2016-7993
RESERVED
@@ -17591,15 +17507,11 @@
- qemu 1:2.8+dfsg-1 (bug #839834)
[jessie] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
- - xen 4.4.0-1
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg07942.html
CVE-2016-7908 (The mcf_fec_do_tx function in hw/net/mcf_fec.c in QEMU (aka Quick ...)
{DLA-653-1 DLA-652-1}
- qemu 1:2.8+dfsg-1 (bug #839835)
- qemu-kvm <removed>
- - xen 4.4.0-1
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg05557.html
NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=070c4b92b8cd5390889716677a0b92444d6e087a
CVE-2016-7907 (The imx_fec_do_tx function in hw/net/imx_fec.c in QEMU (aka Quick ...)
@@ -17607,9 +17519,6 @@
[jessie] - qemu <not-affected> (Vulnerable code introduced after v2.5.0-rc0)
[wheezy] - qemu <not-affected> (Vulnerable code introduced after v2.5.0-rc0)
- qemu-kvm <not-affected> (Vulnerable code introduced after v2.5.0-rc0)
- - xen 4.4.0-1
- [wheezy] - xen <not-affected> (Vulnerable code introduced after v2.5.0-rc0, embedded version is 0.10.2)
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg05556.html
NOTE: i.MX Fast Ethernet Controller emulation introduced in v2.5.0-rc0 with
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=fcbd8018e645f3ab1ef9af94dc88a0d3272926d3 (v2.5.0-rc0)
@@ -19404,8 +19313,6 @@
{DLA-653-1 DLA-652-1}
- qemu 1:2.8+dfsg-1 (bug #837316)
- qemu-kvm <removed>
- - xen 4.4.0-1
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg01764.html
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=167d97a3def77ee2dbf6e908b0ecbfe2103977db
CVE-2016-7169 (Directory traversal vulnerability in the File_Upload_Upgrader class in ...)
@@ -19442,9 +19349,6 @@
{DLA-653-1 DLA-652-1}
- qemu 1:2.7+dfsg-1 (bug #838850)
- qemu-kvm <removed>
- - xen 4.4.0-1
- [wheezy] - xen <not-affected> (Vulnerable code introduced after 0.10.5, embedded version is 0.10.2)
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=a0d1cbdacff5df4ded16b753b38fdd9da6092968 (2.7.0-rc3)
NOTE: http://patchwork.ozlabs.org/patch/657076/
CVE-2016-7160 (A vulnerability on Samsung Mobile M(6.0) devices exists because ...)
@@ -19525,9 +19429,6 @@
[wheezy] - qemu <not-affected> (Vulnerable code not present, introduced after v1.5)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
- - xen 4.4.0-1
- [wheezy] - xen <not-affected> (Vulnerable code introduced after 1.5, embedded version is 0.10.2)
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: Upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg00050.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1373462
NOTE: http://www.openwall.com/lists/oss-security/2016/09/06/2
@@ -19538,9 +19439,6 @@
[wheezy] - qemu <not-affected> (Vulnerable code not present, introduced after v1.5)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
- - xen 4.4.0-1
- [wheezy] - xen <not-affected> (Vulnerable code introduced after 1.5, embedded version is 0.10.2)
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: Upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg00772.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1373478
NOTE: http://www.openwall.com/lists/oss-security/2016/09/06/3
@@ -19551,9 +19449,6 @@
[wheezy] - qemu <not-affected> (Vulnerable code not present, introduced after v2.6)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
- - xen 4.4.0-1
- [wheezy] - xen <not-affected> (Vulnerable code introduced after 2.6, embedded version is 0.10.2)
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: Upstream patches: https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg04295.html
NOTE: Upstream patches: https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg04296.html
NOTE: http://www.openwall.com/lists/oss-security/2016/09/06/4
@@ -19774,9 +19669,6 @@
- qemu 1:2.6+dfsg-3.1 (bug #836502)
[jessie] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
- - xen 4.4.0-1
- [wheezy] - xen <not-affected> (Vulnerable code introduced after 0.12.50, embedded version is 0.10.2)
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=56f101ecce0eafd09e2daf1c4eeb1377d6959261
NOTE: May as well need: http://git.qemu.org/?p=qemu.git;a=commit;h=fff39a7ad09da07ef490de05c92c91f22f8002f2
CVE-2016-7110 (Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 allows ...)
@@ -20475,9 +20367,6 @@
[wheezy] - qemu <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
- - xen 4.4.0-1
- [wheezy] - xen <not-affected> (Vulnerable code introduced in 1.5, embedded version is 0.10.2)
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg03176.html
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=47882fa4975bf0b58dd74474329fdd7154e8f04c
CVE-2016-6875 [Fix infinite recursion in wddx]
@@ -20959,9 +20848,6 @@
[wheezy] - qemu <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
- - xen 4.4.0-1
- [wheezy] - xen <not-affected> (Vulnerable code introduced in 1.5, embedded version is 0.10.2)
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=6c352ca9b4ee3e1e286ea9e8434bd8e69ac7d0d8
NOTE: Upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01602.html
NOTE: http://www.openwall.com/lists/oss-security/2016/08/12/1
@@ -20971,9 +20857,6 @@
[wheezy] - qemu <not-affected> (Vulnerable code not present, packet abstraction introduced in 1.5)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present, packet abstraction introduced in 1.5)
- - xen 4.4.0-1
- [wheezy] - xen <not-affected> (Vulnerable code introduced in 1.5, embedded version is 0.10.2)
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=ead315e43ea0c2ca3491209c6c8db8ce3f2bbe05
NOTE: Upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01601.html
NOTE: http://www.openwall.com/lists/oss-security/2016/08/11/8
@@ -20982,9 +20865,6 @@
[wheezy] - qemu <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
- - xen 4.4.0-1
- [wheezy] - xen <not-affected> (Vulnerable code introduced in 1.5, embedded version is 0.10.2)
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: Upstream patch: https://lists.gnu.org/archive/html/qemu-stable/2016-08/msg00077.html
NOTE: http://www.openwall.com/lists/oss-security/2016/08/11/7
CVE-2016-6836 (The vmxnet3_complete_packet function in hw/net/vmxnet3.c in QEMU (aka ...)
@@ -20993,9 +20873,6 @@
[wheezy] - qemu <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
- - xen 4.4.0-1
- [wheezy] - xen <not-affected> (Vulnerable code introduced in 1.5, embedded version is 0.10.2)
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: Upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg02108.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1366369
NOTE: http://www.openwall.com/lists/oss-security/2016/08/11/5
@@ -21935,9 +21812,6 @@
[wheezy] - qemu <not-affected> (Issue introduced later)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <not-affected> (Issue introduced later)
- - xen 4.4.0-1
- [wheezy] - xen <not-affected> (Vulnerable code introduced later.)
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-07/msg06246.html
NOTE: Introduced by: http://git.qemu.org/?p=qemu.git;a=commit;h=3b3b0628217e2726069990ff9942a5d6d9816bd7 (v2.6.0-rc0)
CVE-2016-6483 (The media-file upload feature in vBulletin before 3.8.7 Patch Level 6, ...)
@@ -22445,8 +22319,6 @@
- qemu 1:2.6+dfsg-3.1 (bug #832621)
[jessie] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
- - xen 4.4.0-1
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=926cde5f3e4d2504ed161ed0cb771ac7cad6fd11 (v2.7.0-rc0)
NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=cc96677469388bad3d66479379735cf75db069e3 (v2.7.0-rc0)
NOTE: http://www.openwall.com/lists/oss-security/2016/07/25/14
@@ -25666,8 +25538,6 @@
[wheezy] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <no-dsa> (Minor issue)
- - xen 4.4.0-1
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1343323
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg01507.html
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=ff589551c8e8e9e95e211b9d8daafb4ed39f1aec
@@ -25676,8 +25546,6 @@
[jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <not-affected> (Vulnerable code not present)
- - xen 4.4.0-1
- [wheezy] - xen <not-affected> (Vulnerable code not present)
NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1343909
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg01969.html
@@ -26612,8 +26480,6 @@
[wheezy] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <no-dsa> (Minor issue)
- - xen 4.4.0-1
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1341931
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg00150.html
CVE-2016-5234 (Buffer overflow in Huawei VP9660, VP9650, and VP9630 multipoint ...)
@@ -27248,9 +27114,6 @@
[wheezy] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
- - xen 4.4.0-1
- [wheezy] - xen <not-affected> (Vulnerable code not present)
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://lists.gnu.org/archive/html/qemu-block/2016-05/msg00779.html
NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=a6b3167fa0e825aebb5a7cd8b437b6d41584a196
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1340924
@@ -27648,9 +27511,6 @@
[jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <not-affected> (Vulnerable code not present)
- - xen 4.4.0-1
- [wheezy] - xen <not-affected> (Vulnerable code not present)
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04424.html
NOTE: Introduced after: http://git.qemu.org/?p=qemu.git;a=commit;h=e8f943c3bcc2a578bfd30b825f2ebaf345c63a09 (v1.2.0-rc0)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1336461
@@ -27659,9 +27519,6 @@
[jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <not-affected> (Vulnerable code not present)
- - xen 4.4.0-1
- [wheezy] - xen <not-affected> (Vulnerable code not present)
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: Introduced after: http://git.qemu.org/?p=qemu.git;a=commit;h=e8f943c3bcc2a578bfd30b825f2ebaf345c63a09 (v1.2.0-rc0)
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04340.html
CVE-2016-5105 (The megasas_dcmd_cfg_read function in hw/scsi/megasas.c in QEMU, when ...)
@@ -27669,9 +27526,6 @@
[jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <not-affected> (Vulnerable code not present)
- - xen 4.4.0-1
- [wheezy] - xen <not-affected> (Vulnerable code not present)
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: Introduced after: http://git.qemu.org/?p=qemu.git;a=commit;h=e8f943c3bcc2a578bfd30b825f2ebaf345c63a09 (v1.2.0-rc0)
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04419.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1339583
@@ -27904,9 +27758,6 @@
[jessie] - qemu <not-affected> (LSI SAS1068 (mptsas) device support added later)
[wheezy] - qemu <not-affected> (LSI SAS1068 (mptsas) device support added later)
- qemu-kvm <not-affected> (LSI SAS1068 (mptsas) device support added later)
- - xen 4.4.0-1
- [wheezy] - xen <not-affected> (Vulnerable code introduced later)
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04027.html
NOTE: Introduced by: http://git.qemu.org/?p=qemu.git;a=commit;h=e351b82611293683c4cabe4b69b7552bde5d4e2a (v2.6.0-rc0)
CVE-2016-4950
@@ -27964,9 +27815,6 @@
[jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <not-affected> (VMWare PVSCSI paravirtual device implementation introduced later)
- qemu-kvm <not-affected> (VMWare PVSCSI paravirtual device implementation introduced later)
- - xen 4.4.0-1
- [wheezy] - xen <not-affected> (Vulnerable code introduced later)
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg03774.html
NOTE: Introduced in: http://git.qemu.org/?p=qemu.git;a=commit;h=881d588a98bf0dce98ddb65c15aa0854c0ac41ed (v1.5.0-rc0)
CVE-2016-4951 (The tipc_nl_publ_dump function in net/tipc/socket.c in the Linux ...)
@@ -29325,8 +29173,6 @@
[wheezy] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <no-dsa> (Minor issue)
- - xen 4.4.0-1
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg05271.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1336429
CVE-2016-4453 (The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU allows ...)
@@ -29335,8 +29181,6 @@
[wheezy] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <no-dsa> (Minor issue)
- - xen 4.4.0-1
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg05270.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1336650
CVE-2016-4452
@@ -29383,8 +29227,6 @@
[wheezy] - qemu <no-dsa> (Minor issue; can be fixed along with a future DSA)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <no-dsa> (Minor issue; can be fixed along with a future DSA)
- - xen 4.4.0-1
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg03274.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1337505
CVE-2016-4440 (arch/x86/kvm/vmx.c in the Linux kernel through 4.6.3 mishandles the ...)
@@ -29399,8 +29241,6 @@
- qemu 1:2.6+dfsg-2 (bug #824856)
[jessie] - qemu <no-dsa> (Minor issue; can be fixed along with a future DSA)
- qemu-kvm <removed>
- - xen 4.4.0-1
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg03273.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1337502
CVE-2016-4438 (The REST plugin in Apache Struts 2 2.3.20 through 2.3.28.1 allows ...)
@@ -30516,9 +30356,6 @@
[wheezy] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <no-dsa> (Minor issue)
- - xen 4.4.0-1
- [wheezy] - xen <not-affected> (Vulnerable code introduced after 0.14.50, embedded version is 0.10.2)
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg02691.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1325129
NOTE: http://www.openwall.com/lists/oss-security/2016/04/18/3
@@ -30609,9 +30446,6 @@
- qemu 1:2.6+dfsg-2 (bug #821062)
[jessie] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
- - xen 4.4.0-1
- [wheezy] - xen <not-affected> (Vulnerable code introduced after 1.0.50, embedded version is 0.10.2)
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01118.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1313686
NOTE: http://www.openwall.com/lists/oss-security/2016/04/13/6
@@ -30703,8 +30537,6 @@
[wheezy] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <no-dsa> (Minor issue)
- - xen 4.4.0-1
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1326082
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01131.html
NOTE: http://www.openwall.com/lists/oss-security/2016/04/11/6
@@ -30714,8 +30546,6 @@
[wheezy] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <no-dsa> (Minor issue)
- - xen 4.4.0-1
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1325884
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01334.html
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=3a15cc0e1ee7168db0782133d2607a6bfa422d66 (v2.6.0-rc2)
@@ -33806,9 +33636,6 @@
[wheezy] - qemu <not-affected> (Vulnerable code not present)
[squeeze] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <not-affected> (Vulnerable code not present)
- - xen 4.4.0-1
- [wheezy] - xen <not-affected> (Vulnerable code not present)
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: Upstream patch: http://git.qemu.org/?p=qemu.git;a=commit;h=60253ed1e6ec6d8e5ef2efe7bf755f475dce9956 (v2.6.0-rc0)
NOTE: Introduced in: http://git.qemu.org/?p=qemu.git;a=commit;h=a9b7b2ad7b075dba5495271706670e5c6b1304bc (v1.3.0-rc0)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1314676
@@ -33838,8 +33665,6 @@
- qemu 1:2.6+dfsg-1 (bug #817182)
[jessie] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
- - xen 4.4.0-1
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=362786f14a753d8a5256ef97d7c10ed576d6572b (v2.6.0-rc0)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1296567
NOTE: http://www.openwall.com/lists/oss-security/2016/03/03/9
@@ -34168,8 +33993,6 @@
[wheezy] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <no-dsa> (Minor issue)
- - xen 4.4.0-1
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=415ab35a441eca767d033a2702223e785b9d5190 (v2.6.0-rc0)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1303106
NOTE: http://www.openwall.com/lists/oss-security/2016/03/02/8
@@ -34195,9 +34018,6 @@
[wheezy] - qemu <not-affected> (Affects Qemu versions >= 1.6.0 and <= 2.3.1)
[squeeze] - qemu <not-affected> (Affects Qemu versions >= 1.6.0 and <= 2.3.1)
- qemu-kvm <not-affected> (Affects Qemu versions >= 1.6.0 and <= 2.3.1)
- - xen 4.4.0-1
- [wheezy] - xen <not-affected> (Affects Qemu versions >= 1.6.0 and <= 2.3.1, embedded version is 0.10.2)
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: http://www.openwall.com/lists/oss-security/2016/03/01/10
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=b242e0e0e2969c044a318e56f7988bbd84de1f63 (v2.4.0-rc0)
TODO: check again after the CVE id split
@@ -34207,9 +34027,6 @@
[wheezy] - qemu <not-affected> (Affects Qemu versions >= 1.6.0 and <= 2.3.1)
[squeeze] - qemu <not-affected> (Affects Qemu versions >= 1.6.0 and <= 2.3.1)
- qemu-kvm <not-affected> (Affects Qemu versions >= 1.6.0 and <= 2.3.1)
- - xen 4.4.0-1
- [wheezy] - xen <not-affected> (Affects Qemu versions >= 1.6.0 and <= 2.3.1, embedded version is 0.10.2)
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: http://www.openwall.com/lists/oss-security/2016/03/01/10
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=c3c1bb99d1c11978d9ce94d1bdcf0705378c1459 (v2.3.0-rc1)
NOTE: https://lists.gnu.org/archive/html/qemu-stable/2016-01/msg00060.html
@@ -35087,8 +34904,6 @@
- qemu-kvm <removed>
[wheezy] - qemu-kvm <no-dsa> (Minor issue)
[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
- - xen 4.4.0-1
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg03658.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1303120
NOTE: Upstream commit: http://git.qemu.org/?p=qemu.git;a=commit;h=fe3c546c5ff2a6210f9a4d8561cc64051ca8603e (v2.6.0-rc0)
@@ -35415,8 +35230,6 @@
- qemu-kvm <removed>
[wheezy] - qemu-kvm <no-dsa> (Minor issue)
[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
- - xen 4.4.0-1
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=80eecda8e5d09c442c24307f340840a5b70ea3b9 (v2.6.0-rc0)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1302299
CVE-2016-2391 (The ohci_bus_start function in the USB OHCI emulation support ...)
@@ -35427,8 +35240,6 @@
- qemu-kvm <removed>
[wheezy] - qemu-kvm <no-dsa> (Minor issue)
[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
- - xen 4.4.0-1
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=fa1298c2d623522eda7b4f1f721fcb935abb7360 (v2.6.0-rc0)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1304794
NOTE: http://www.openwall.com/lists/oss-security/2016/02/16/2
@@ -36742,9 +36553,6 @@
[wheezy] - qemu <not-affected> (Introduced after v1.2.0)
[squeeze] - qemu <not-affected> (Introduced after v1.2.0)
- qemu-kvm <not-affected> (Introduced after v1.2.0)
- - xen 4.4.0-1
- [wheezy] - xen <not-affected> (Vulnerable code introduced after 1.2.0, embedded version is 0.10.2)
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=dff0367cf66f489aa772320fa2937a8cac1ca30d (v2.6.0-rc0)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1301643
CVE-2016-2197 (QEMU (aka Quick Emulator) built with an IDE AHCI emulation support is ...)
@@ -36753,9 +36561,6 @@
[wheezy] - qemu <not-affected> (Vulnerable code introduced later)
[squeeze] - qemu <not-affected> (Vulnerable code introduced later)
- qemu-kvm <not-affected> (Vulnerable code introduced later)
- - xen 4.4.0-1
- [wheezy] - xen <not-affected> (Vulnerable code introduced later)
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=99b4cb71069f109b79b27bc629fc0cf0886dbc4b (v2.6.0-rc0)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1302057
NOTE: http://www.openwall.com/lists/oss-security/2016/01/29/2
@@ -37528,8 +37333,6 @@
[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
- qemu-kvm <removed>
[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
- - xen 4.4.0-1
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: Upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg03454.html
NOTE: Introduced in http://git.qemu.org/?p=qemu.git;a=commit;h=7c23b8920329180f48b8a147b629d8837709d201 (v0.10.0)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1298570
@@ -38735,8 +38538,6 @@
[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
- qemu-kvm <removed>
[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
- - xen 4.4.0-1
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1296060
NOTE: Upstream fix: https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg00428.html
NOTE: http://www.openwall.com/lists/oss-security/2016/01/11/7
@@ -38763,9 +38564,6 @@
[squeeze] - qemu <not-affected> (Vulnerable code introduced later)
- qemu-kvm <removed>
[squeeze] - qemu-kvm <not-affected> (Vulnerable code introduced later)
- - xen 4.4.0-1
- [wheezy] - xen <not-affected> (Vulnerable code introduced later)
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: Fixed by: https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg01184.html
NOTE: ahci emulation added in: http://git.qemu.org/?p=qemu.git;a=commit;h=f6ad2e32f8d833c7f1c75dc084a84a8f02704d64 (v0.14.0-rc0)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1288532
@@ -39778,9 +39576,6 @@
[wheezy] - qemu <not-affected> (Vulnerable code introduced later)
[squeeze] - qemu <not-affected> (Vulnerable code introduced later)
- qemu-kvm <not-affected> (Vulnerable code not present)
- - xen 4.4.0-1
- [wheezy] - xen <not-affected> (Vulnerable code introduced later)
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=a7278b36fcab9af469563bd7b9dadebe2ae25e48 (v2.5.0-rc0)
NOTE: VMXNET3 device implementation introduced in http://git.qemu.org/?p=qemu.git;a=commit;h=786fd2b0f87baded8c9e55307b99719eea3e016e (v1.5.0-rc0)
CVE-2015-8745 (QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC ...)
@@ -39789,9 +39584,6 @@
[wheezy] - qemu <not-affected> (Vulnerable code introduced later)
[squeeze] - qemu <not-affected> (Vulnerable code introduced later)
- qemu-kvm <not-affected> (Vulnerable code not present)
- - xen 4.4.0-1
- [wheezy] - xen <not-affected> (Vulnerable code introduced later)
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=c6048f849c7e3f009786df76206e895a69de032c (v2.5.0-rc0)
NOTE: VMXNET3 device implementation introduced in http://git.qemu.org/?p=qemu.git;a=commit;h=786fd2b0f87baded8c9e55307b99719eea3e016e (v1.5.0-rc0)
CVE-2015-8743 (QEMU (aka Quick Emulator) built with the NE2000 device emulation ...)
@@ -39800,8 +39592,6 @@
[squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
- qemu-kvm <removed>
[squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts)
- - xen 4.4.0-1
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1264929
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg00050.html
NOTE: Introduced by (at least after): http://git.qemu.org/?p=qemu.git;a=commit;h=69b910399a3c40620a5213adaeb14a37366d97ac
@@ -39922,9 +39712,6 @@
[wheezy] - qemu <not-affected> (Vulnerable code introduced after qemu 2.3)
[squeeze] - qemu <not-affected> (Vulnerable code introduced after qemu 2.3)
- qemu-kvm <not-affected> (Vulnerable code introduced after qemu 2.3)
- - xen 4.4.0-1
- [wheezy] - xen <not-affected> (Vulnerable code introduced after 2.3, embedded version is 0.10.2)
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: http://www.openwall.com/lists/oss-security/2015/12/28/6
CVE-2015-8700
RESERVED
@@ -40464,9 +40251,6 @@
- qemu-kvm <removed>
[squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts)
[wheezy] - qemu-kvm <no-dsa> (Minor issue)
- - xen 4.4.0-1
- [wheezy] - xen <not-affected> (Vulnerable code introduced after 0.14.50, embedded version is 0.10.2)
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: Upstream commit: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=d9a3b33d2c9f996537b7f1d0246dee2d0120cefb (v2.5.0-rc1)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283722
NOTE: http://www.openwall.com/lists/oss-security/2015/12/24/1
@@ -40974,9 +40758,6 @@
[wheezy] - qemu <not-affected> (Vulnerable code not present)
[squeeze] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <not-affected> (Vulnerable code not present)
- - xen 4.4.0-1
- [wheezy] - xen <not-affected> (Vulnerable code not present)
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg03737.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1284008
NOTE: http://www.openwall.com/lists/oss-security/2015/12/21/7
@@ -41003,9 +40784,6 @@
[squeeze] - qemu <not-affected> (Issue introduced afer 1.2)
- qemu-kvm <removed>
- qemu-kvm <not-affected> (Introduced after 1.2)
- - xen 4.4.0-1
- [wheezy] - xen <not-affected> (Vulnerable code introduced after 1.2, embedded version is 0.10.2)
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: According maintainer in https://bugs.debian.org/809237#17 introduced after 1.2
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg02930.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283926
@@ -41015,9 +40793,6 @@
[squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
- qemu-kvm <removed>
[squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts)
- - xen 4.4.0-1
- [wheezy] - xen <not-affected> (Vulnerable code introduced after 1.0.50, embedded version is 0.10.2)
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg02812.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283934
NOTE: http://www.openwall.com/lists/oss-security/2016/01/16/1
@@ -41929,9 +41704,6 @@
[wheezy] - qemu <not-affected> (Vulnerable code not present)
[squeeze] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <not-affected> (Vulnerable code not present)
- - xen 4.4.0-1
- [wheezy] - xen <not-affected> (Vulnerable code introduced later)
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg02299.html
NOTE: http://www.openwall.com/lists/oss-security/2015/12/15/4
CVE-2015-8567 [net: vmxnet3: host memory leakage -- does not check if the device is active before activating it]
@@ -41941,9 +41713,6 @@
[wheezy] - qemu <not-affected> (Vulnerable code not present)
[squeeze] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <not-affected> (Vulnerable code not present)
- - xen 4.4.0-1
- [wheezy] - xen <not-affected> (Vulnerable code introduced later)
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg02299.html
NOTE: http://www.openwall.com/lists/oss-security/2015/12/15/4
CVE-2015-8559 [knife bootstrap leaks validator privkey into system logs]
@@ -41960,9 +41729,6 @@
[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
- qemu-kvm <removed>
[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
- - xen 4.4.0-1
- [wheezy] - xen <not-affected> (EHCI support introduced after 0.14.50, embedded version is 0.10.2)
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: Upstream commit: http://git.qemu.org/?p=qemu.git;a=commit;h=156a2e4dbffa85997636a7a39ef12da6f1b40254
NOTE: http://www.openwall.com/lists/oss-security/2015/12/14/9
CVE-2015-8557 (The FontManager._get_nix_font_path function in formatters/img.py in ...)
@@ -43408,8 +43174,6 @@
[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
- qemu-kvm <removed>
[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
- - xen 4.4.0-1
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: Fixed by http://git.qemu.org/?p=qemu.git;a=commitdiff;h=4c65fed8bdf96780735dbdb92a8bd0d6b6526cc3 (v2.5.0-rc3)
NOTE: Issue possibly introduced after http://git.qemu.org/?p=qemu.git;a=commitdiff;h=6cec5487990bf3f1f22b3fcb871978255e92ae0d (v0.10.0)
NOTE: http://www.openwall.com/lists/oss-security/2015/12/08/4
@@ -44326,8 +44090,6 @@
[jessie] - qemu-kvm <no-dsa> (Minor issue, can be fixed along in a later DSA)
[wheezy] - qemu-kvm <no-dsa> (Minor issue, can be fixed along in a later DSA)
[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
- - xen 4.4.0-1
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2015-10/msg03911.html
NOTE: http://www.openwall.com/lists/oss-security/2015/11/25/3
CVE-2015-8346 (app/views/timelog/_form.html.erb in Redmine before 2.6.8, 3.0.x before ...)
@@ -46828,9 +46590,6 @@
- qemu-kvm <removed>
[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
[squeeze] - qemu-kvm <not-affected> (Vulnerable code not present)
- - xen 4.4.0-1
- [wheezy] - xen <not-affected> (Vulnerable code introduced later)
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: Upstream commit: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=43b11a91dd861a946b231b89b7542856ade23d1b (v2.5.0-rc0)
NOTE: Introduced by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=d35e428c8400f9ddc07e5a15ff19622c869b9ba0 (v1.2.0-rc0)
CVE-2015-7548 (OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before ...)
@@ -46957,8 +46716,6 @@
[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
- qemu-kvm <removed>
[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
- - xen 4.4.0-1
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2015-11/msg06341.html
CVE-2015-7511 (Libgcrypt before 1.6.5 does not properly perform elliptic-point curve ...)
{DSA-3478-1 DSA-3474-1}
@@ -48665,8 +48422,6 @@
- qemu-kvm <removed>
[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
- - xen 4.4.0-1
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: http://www.openwall.com/lists/oss-security/2015/09/10/1
NOTE: Fix commit: http://git.qemu.org/?p=qemu.git;a=commit;h=d9033e1d3aa666c5071580617a57bd853c5d794a
NOTE: exec_cmd introduced in http://git.qemu.org/?p=qemu.git;a=commit;h=7cff87ff6ab117799e32e42c2e4dc4c0588e583a
@@ -48812,8 +48567,6 @@
[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
- qemu-kvm <removed>
[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
- - xen 4.4.0-1
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: http://www.openwall.com/lists/oss-security/2015/09/04/4
NOTE: Upstream fix: https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg01199.html
CVE-2015-6816 [Ganglia-web auth bypass]
@@ -51402,9 +51155,6 @@
[squeeze] - qemu <not-affected> (Vulnerable code introduced later)
- qemu-kvm <removed>
[squeeze] - qemu-kvm <not-affected> (Vulnerable code introduced later)
- - xen 4.4.0-1
- [wheezy] - xen <not-affected> (Vulnerable code introduced later)
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: http://www.openwall.com/lists/oss-security/2015/08/06/3
NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=7882080388be5088e72c425b02223c02e6cb4295 (v2.4.0-rc3)
NOTE: Introduced in: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=98b19252cf1bd97c54bc4613f3537c5ec0aae263 (v0.13.0-rc0)
@@ -53006,8 +52756,6 @@
[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
- qemu-kvm <removed>
[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
- - xen 4.4.0-1
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg03984.html
CVE-2015-5278 [net: avoid infinite loop when receiving packets]
RESERVED
@@ -53016,8 +52764,6 @@
[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
- qemu-kvm <removed>
[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
- - xen 4.4.0-1
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: Fix: https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg03985.html
NOTE: Possibly introduced around http://git.qemu.org/?p=qemu.git;a=commitdiff;h=0ae045ae439ad83692ad039a554f7d62acf9de5c (v0.9.1)
CVE-2015-5277 (The get_contents function in nss_files/files-XXX.c in the Name Service ...)
@@ -53181,8 +52927,6 @@
[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
- qemu-kvm <removed>
[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
- - xen 4.4.0-1
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: Upstream fix: http://git.qemu.org/?p=qemu.git;a=commit;h=f9a70e79391f6d7c2a912d785239ee8effc1922d (v2.1.0-rc0)
CVE-2015-5238
RESERVED
@@ -53234,9 +52978,6 @@
[wheezy] - qemu <not-affected> (Vulnerable code introduced in 2.1.0)
[squeeze] - qemu <not-affected> (Vulnerable code introduced in 2.1.0)
- qemu-kvm <not-affected> (Vulnerable code introduced in 2.1.0)
- - xen 4.4.0-1
- [wheezy] - xen <not-affected> (Vulnerable code introduced in 2.1.0, embedded version is 0.10.2)
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: Fix: https://lists.gnu.org/archive/html/qemu-devel/2015-08/msg02495.html
NOTE: Introduced by: http://git.qemu.org/?p=qemu.git;a=commit;h=bea60dd7679364493a0d7f5b (v2.1.0-rc0)
CVE-2015-5224 [login-utils: file name collision due to incorrect mkstemp use]
@@ -53525,9 +53266,6 @@
[wheezy] - qemu <not-affected> (Vulnerable code not present)
[squeeze] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <not-affected> (Vulnerable code not present)
- - xen 4.4.0-1
- [wheezy] - xen <not-affected> (Vulnerable code not present)
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2015-07/msg04558.html
NOTE: Introduced in http://git.qemu.org/?p=qemu.git;a=commitdiff;h=1894df02811f6b79ea3ffbf1084599d96f316173 (v2.2.0-rc0)
CVE-2015-5157 (arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the ...)
@@ -63523,9 +63261,6 @@
[wheezy] - qemu <not-affected> (Websocket protocol support introduced in v1.4.0-rc0)
[squeeze] - qemu <not-affected> (Websocket protocol support introduced in v1.4.0-rc0)
- qemu-kvm <not-affected> (Websocket protocol support introduced in v1.4.0-rc0)
- - xen 4.4.0-1
- [wheezy] - xen <not-affected> (Vulnerable code introduced in 1.4.0-rc0, embedded version is 0.10.2)
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2015-03/msg04894.html
NOTE: Original patches have problem: https://lists.gnu.org/archive/html/qemu-devel/2015-03/msg04995.html
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=a2bebfd6e09d
@@ -73583,8 +73318,6 @@
[squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
- qemu-kvm <removed>
[squeeze] - qemu-kvm <end-of-life>
- - xen 4.4.0-1
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2014-12/msg00508.html
CVE-2014-8105 (389 Directory Server before 1.3.2.27 and 1.3.3.x before 1.3.3.9 does ...)
- 389-ds-base 1.3.3.5-4 (bug #779909)
@@ -74468,8 +74201,6 @@
[squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
- qemu-kvm <removed>
[squeeze] - qemu-kvm <end-of-life>
- - xen 4.4.0-1
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: Upstream commit: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=e6908bfe8e07f2b452e78e677da1b45b1c0f6829
CVE-2014-7814 (SQL injection vulnerability in Red Hat CloudForms 3.1 Management ...)
NOT-FOR-US: Red Hat CloudForms Management Engine
@@ -79949,9 +79680,6 @@
- qemu-kvm <removed>
[squeeze] - qemu-kvm <not-affected> (Introduced in 1.7)
[wheezy] - qemu-kvm <not-affected> (Introduced in 1.7)
- - xen 4.4.0-1
- [wheezy] - xen <not-affected> (Vulnerable code introduced in 1.7, embedded version is 0.10.2)
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2014-08/msg03338.html
NOTE: Introduced in http://git.qemu.org/?p=qemu.git;a=commit;h=db4728e6fec0364b866d3106125974eedc00e091
CVE-2014-5382 (Multiple cross-site scripting (XSS) vulnerabilities in the web ...)
@@ -80353,9 +80081,6 @@
[wheezy] - qemu <not-affected> (Vulnerable code introduced in v1.6.0)
[squeeze] - qemu <not-affected> (Vulnerable code introduced in v1.6.0)
- qemu-kvm <not-affected> (Vulnerable code not present)
- - xen 4.4.0-1
- [wheezy] - xen <not-affected> (Vulnerable code introduced in 1.6.0, embedded version is 0.10.2)
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: patch http://git.qemu.org/?p=qemu.git;a=commit;h=3afca1d6d413592c2b78cf28f52fa24a586d8f56
CVE-2014-5269 (Plack::App::File in Plack before 1.0031 removes trailing slash ...)
{DLA-61-1}
@@ -84378,8 +84103,6 @@
- qemu-kvm <removed>
[squeeze] - qemu-kvm <end-of-life>
[squeeze] - qemu <end-of-life>
- - xen 4.4.0-1
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: http://lists.nongnu.org/archive/html/qemu-devel/2014-09/msg03543.html
CVE-2014-3639 (The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not ...)
{DSA-3026-1 DLA-87-1}
@@ -85110,9 +84833,6 @@
[squeeze] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <removed>
[squeeze] - qemu-kvm <not-affected> (Vulnerable code not present)
- - xen 4.4.0-1
- [wheezy] - xen <not-affected> (Vulnerable code introduced in 1.3, embedded version is 0.10.2)
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2014-06/msg05283.html
NOTE: Upstream fix: http://git.qemu.org/?p=qemu.git;a=commit;h=554f802da3f8b09b16b9a84ad5847b2eb0e9ad2b (v2.1.0-rc0)
NOTE: PCIe support introduced in v1.3: http://wiki.qemu.org/ChangeLog/1.3
@@ -87107,9 +86827,6 @@
[squeeze] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <removed>
[squeeze] - qemu-kvm <not-affected> (Vulnerable code not present)
- - xen 4.4.0-1
- [wheezy] - xen <not-affected> (Vulnerable code introduced in 0.11.50, embedded version is 0.10.2)
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: Upstream fix https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02016.html
NOTE: Vulnerable code introduced in 0.11.50: http://git.qemu.org/?p=qemu.git;a=commit;h=e8b54394950f975c1b31d2359cf58ca4d9f51b00
CVE-2014-2855 (The check_secret function in authenticate.c in rsync 3.1.0 and earlier ...)
@@ -94872,9 +94589,6 @@
[squeeze] - qemu <not-affected> (vhdx support introduced in 1.5)
[wheezy] - qemu <not-affected> (vhdx support introduced in 1.5)
- qemu-kvm <not-affected> (vhdx support introduced in 1.5)
- - xen 4.4.0-1
- [wheezy] - xen <not-affected> (Vulnerable code introduced in 1.5, embedded version is 0.10.2)
- NOTE: Xen switched to qemu-system in 4.4.0-1
CVE-2014-0147
RESERVED
{DSA-3045-1 DSA-3044-1}
@@ -94889,8 +94603,6 @@
- qemu-kvm <removed>
[squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
[squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts)
- - xen 4.4.0-1
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: Upstream commit: http://git.qemu.org/?p=qemu.git;a=commit;h=11b128f4062dd7f89b14abc8877ff20d41b28be9
CVE-2014-0145
RESERVED
@@ -101455,9 +101167,6 @@
[wheezy] - qemu <not-affected> (Introduced in 1.4)
[squeeze] - qemu <not-affected> (Introduced in 1.4)
- qemu-kvm <not-affected> (Introduced in 1.4)
- - xen 4.4.0-1
- [wheezy] - xen <not-affected> (Vulnerable code introduced in 1.4, embedded version is 0.10.2)
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: see BTS bug #744213
CVE-2013-4543
REJECTED
@@ -101468,9 +101177,6 @@
[wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
- qemu-kvm <removed> (low)
[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
- - xen 4.4.0-1
- [wheezy] - xen <not-affected> (Vulnerable code introduced in 1.1, embedded version is 0.10.2)
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: virtio-scsi support introduced in v1.1: http://wiki.qemu.org/ChangeLog/1.1
CVE-2013-4541 (The usb_device_post_load function in hw/usb/bus.c in QEMU before 1.7.2 ...)
- qemu 2.1+dfsg-1 (low; bug #739589)
@@ -101500,8 +101206,6 @@
[wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
- qemu-kvm <removed> (low)
[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
- - xen 4.4.0-1
- NOTE: Xen switched to qemu-system in 4.4.0-1
CVE-2013-4537 (The ssi_sd_transfer function in hw/sd/ssi-sd.c in QEMU before 1.7.2 ...)
- qemu 2.1+dfsg-1 (low; bug #739589)
[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
@@ -101509,8 +101213,6 @@
[wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
- qemu-kvm <removed> (low)
[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
- - xen 4.4.0-1
- NOTE: Xen switched to qemu-system in 4.4.0-1
CVE-2013-4536
RESERVED
- qemu 2.1+dfsg-1 (low; bug #739589)
@@ -101541,8 +101243,6 @@
[wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
- qemu-kvm <removed> (low)
[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
- - xen 4.4.0-1
- NOTE: Xen switched to qemu-system in 4.4.0-1
CVE-2013-4532
RESERVED
- qemu 2.1+dfsg-1 (low; bug #739589)
@@ -101551,8 +101251,6 @@
[wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
- qemu-kvm <removed> (low)
[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
- - xen 4.4.0-1
- NOTE: Xen switched to qemu-system in 4.4.0-1
CVE-2013-4531 (Buffer overflow in target-arm/machine.c in QEMU before 1.7.2 allows ...)
- qemu 2.1+dfsg-1 (low; bug #739589)
[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
@@ -102123,9 +101821,6 @@
[wheezy] - qemu <not-affected> (Introduced in 1.4)
[squeeze] - qemu <not-affected> (Introduced in 1.4)
- qemu-kvm <not-affected> (Introduced in 1.4)
- - xen 4.4.0-1
- [wheezy] - xen <not-affected> (Vulnerable code introduced in 1.4, embedded version is 0.10.2)
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: patches: http://thread.gmane.org/gmane.comp.emulators.qemu/234440
CVE-2013-4376 (The setgid wrapper libx2go-server-db-sqlite3-wrapper.c in X2Go Server ...)
- x2goserver <itp> (bug #465821)
@@ -102964,8 +102659,6 @@
[squeeze] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
- qemu-kvm <removed> (low)
[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
- - xen 4.4.0-1
- NOTE: Xen switched to qemu-system in 4.4.0-1
CVE-2013-4147 (Multiple format string vulnerabilities in Yet Another Radius Daemon ...)
- yardradius <removed> (low; bug #714612)
[squeeze] - yardradius <no-dsa> (Minor issue)
@@ -108539,9 +108232,6 @@
[wheezy] - qemu <not-affected> (vulnerability introduced in 1.3.0)
[squeeze] - qemu <not-affected> (vulnerability introduced in 1.3.0)
- qemu-kvm <not-affected> (vulnerability introduced in 1.3.0)
- - xen 4.4.0-1
- [wheezy] - xen <not-affected> (Vulnerable code introduced in 1.3.0, embedded version is 0.10.2)
- NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2013-04/msg05013.html
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2013-04/msg05254.html
NOTE: http://marc.info/?l=oss-security&m=136722323931507&w=2
@@ -108579,9 +108269,6 @@
CVE-2013-2007 (The qemu guest agent in Qemu 1.4.1 and earlier, as used by Xen, when ...)
- qemu <not-affected> (qemu guest agent introduced in 1.4, vulnerable versions were only in experimental)
- qemu-kvm <not-affected> (qemu guest agent introduced in 1.4)
- - xen 4.4.0-1
- [wheezy] - xen <not-affected> (Vulnerable code introduced in 1.4, embedded version is 0.10.2)
- NOTE: Xen switched to qemu-system in 4.4.0-1
CVE-2013-2006 (OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode ...)
- keystone 2013.1.1-2
[wheezy] - keystone <no-dsa> (Minor issue)
More information about the Secure-testing-commits
mailing list