[Secure-testing-commits] r56518 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Sun Oct 8 14:32:32 UTC 2017 

Author: carnil
Date: 2017-10-08 14:32:32 +0000 (Sun, 08 Oct 2017)
New Revision: 56518

Modified:
   data/CVE/list
Log:
Add fixed version for xen in unstable

This happended due to that no xen update was done yet ever in unstable
with higher version than the version in stretch. Now at point release
time the SRM have to decide which source packages prop-up to the upper
suites, and xen needed to be accepted.

Although now the issues are fixed source-wise in unstable, and thus we
start tracking the fix with the given version, there is no quarantee
there is a functional xen in unstable. But that can be handled by
regular bug reports as they arise (if they arise, it's well possible xen
works yet).

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-10-08 14:18:34 UTC (rev 56517)
+++ data/CVE/list	2017-10-08 14:32:32 UTC (rev 56518)
@@ -2139,7 +2139,7 @@
 CVE-2015-9228 (In post-new.php in the Photocrati NextGEN Gallery plugin 2.1.10 for ...)
 	NOT-FOR-US: Photocrati NextGEN Gallery plugin for WordPress
 CVE-2017-XXXX [XSA 235]
-	- xen <unfixed>
+	- xen 4.8.1-1+deb9u3
 	[stretch] - xen 4.8.1-1+deb9u3
 	[jessie] - xen 4.4.1-9+deb8u10
 	[wheezy] - xen <not-affected> (No arm support in Wheezy)
@@ -6466,7 +6466,7 @@
 	NOTE: https://simplesamlphp.org/security/201708-01
 CVE-2017-12855 (Xen maintains the _GTF_{read,writ}ing bits as appropriate, to inform ...)
 	{DSA-3969-1}
-	- xen <unfixed>
+	- xen 4.8.1-1+deb9u3
 	NOTE: https://xenbits.xen.org/xsa/advisory-230.html
 CVE-2017-12853 (The RealTime RWR-3G-100 Router Firmware Version : Ver1.0.56 is ...)
 	NOT-FOR-US: RealTime RWR-3G-100 Router Firmware
@@ -8318,17 +8318,17 @@
 	NOT-FOR-US: XOOPS
 CVE-2017-12137 (arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS ...)
 	{DSA-3969-1}
-	- xen <unfixed>
+	- xen 4.8.1-1+deb9u3
 	NOTE: https://xenbits.xen.org/xsa/advisory-227.html
 CVE-2017-12136 (Race condition in the grant table code in Xen 4.6.x through 4.9.x ...)
-	- xen <unfixed>
+	- xen 4.8.1-1+deb9u3
 	[stretch] - xen 4.8.1-1+deb9u3
 	[jessie] - xen <not-affected> (Only affects 4.6 and later)
 	[wheezy] - xen <not-affected> (Only affects 4.6 and later)
 	NOTE: https://xenbits.xen.org/xsa/advisory-228.html
 CVE-2017-12135 (Xen allows local OS guest users to cause a denial of service (crash) ...)
 	{DSA-3969-1}
-	- xen <unfixed>
+	- xen 4.8.1-1+deb9u3
 	NOTE: https://xenbits.xen.org/xsa/advisory-226.html
 CVE-2017-12134 (The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in ...)
 	{DSA-3981-1 DLA-1099-1}
@@ -14740,59 +14740,59 @@
 	- flatpak 0.8.7-1 (bug #865413)
 	NOTE: https://github.com/flatpak/flatpak/issues/845
 CVE-2017-10923 (Xen through 4.8.x does not validate a vCPU array index upon the sending ...)
-	- xen <unfixed>
+	- xen 4.8.1-1+deb9u3
 	[stretch] - xen 4.8.1-1+deb9u3
 	[jessie] - xen <not-affected> (Vulnerable code not present)
 	[wheezy] - xen <not-affected> (Vulnerable code not present)
 	NOTE: https://xenbits.xen.org/xsa/advisory-225.html
 CVE-2017-10922 (The grant-table feature in Xen through 4.8.x mishandles MMIO region ...)
 	{DSA-3969-1}
-	- xen <unfixed>
+	- xen 4.8.1-1+deb9u3
 	NOTE: https://xenbits.xen.org/xsa/advisory-224.html
 CVE-2017-10921 (The grant-table feature in Xen through 4.8.x does not ensure sufficient ...)
 	{DSA-3969-1}
-	- xen <unfixed>
+	- xen 4.8.1-1+deb9u3
 	NOTE: https://xenbits.xen.org/xsa/advisory-224.html
 CVE-2017-10920 (The grant-table feature in Xen through 4.8.x mishandles a ...)
 	{DSA-3969-1}
-	- xen <unfixed>
+	- xen 4.8.1-1+deb9u3
 	NOTE: https://xenbits.xen.org/xsa/advisory-224.html
 CVE-2017-10919 (Xen through 4.8.x mishandles virtual interrupt injection, which allows ...)
-	- xen <unfixed>
+	- xen 4.8.1-1+deb9u3
 	[stretch] - xen 4.8.1-1+deb9u3
 	[jessie] - xen <ignored> (No backport available, limited to arm)
 	[wheezy] - xen <not-affected> (arm not supported)
 	NOTE: https://xenbits.xen.org/xsa/advisory-223.html
 CVE-2017-10918 (Xen through 4.8.x does not validate memory allocations during certain ...)
 	{DSA-3969-1}
-	- xen <unfixed>
+	- xen 4.8.1-1+deb9u3
 	NOTE: https://xenbits.xen.org/xsa/advisory-222.html
 CVE-2017-10917 (Xen through 4.8.x does not validate the port numbers of polled event ...)
 	{DSA-3969-1}
-	- xen <unfixed>
+	- xen 4.8.1-1+deb9u3
 	[wheezy] - xen <not-affected> (Vulnerable code not present)
 	NOTE: https://xenbits.xen.org/xsa/advisory-221.html
 CVE-2017-10916 (The vCPU context-switch implementation in Xen through 4.8.x improperly ...)
-	- xen <unfixed>
+	- xen 4.8.1-1+deb9u3
 	[stretch] - xen 4.8.1-1+deb9u3
 	[jessie] - xen <not-affected> (Vulnerable code not present)
 	[wheezy] - xen <not-affected> (Vulnerable code not present)
 	NOTE: https://xenbits.xen.org/xsa/advisory-220.html
 CVE-2017-10915 (The shadow-paging feature in Xen through 4.8.x mismanages page ...)
 	{DSA-3969-1}
-	- xen <unfixed>
+	- xen 4.8.1-1+deb9u3
 	NOTE: https://xenbits.xen.org/xsa/advisory-219.html
 CVE-2017-10914 (The grant-table feature in Xen through 4.8.x has a race condition ...)
 	{DSA-3969-1}
-	- xen <unfixed>
+	- xen 4.8.1-1+deb9u3
 	NOTE: https://xenbits.xen.org/xsa/advisory-218.html
 CVE-2017-10913 (The grant-table feature in Xen through 4.8.x provides false mapping ...)
 	{DSA-3969-1}
-	- xen <unfixed>
+	- xen 4.8.1-1+deb9u3
 	NOTE: https://xenbits.xen.org/xsa/advisory-218.html
 CVE-2017-10912 (Xen through 4.8.x mishandles page transfer, which allows guest OS users ...)
 	{DSA-3969-1}
-	- xen <unfixed>
+	- xen 4.8.1-1+deb9u3
 	NOTE: https://xenbits.xen.org/xsa/advisory-217.html
 CVE-2017-10911 (The make_response function in drivers/block/xen-blkback/blkback.c in ...)
 	{DSA-3945-1 DSA-3927-1 DSA-3920-1 DLA-1099-1}

More information about the Secure-testing-commits mailing list