[Secure-testing-commits] r55669 - in data: . CVE DSA

Moritz Muehlenhoff jmm at moszumanska.debian.org
Mon Sep 11 22:50:37 UTC 2017


Author: jmm
Date: 2017-09-11 22:50:36 +0000 (Mon, 11 Sep 2017)
New Revision: 55669

Modified:
   data/CVE/list
   data/DSA/list
   data/dsa-needed.txt
Log:
reserve DSA ID for Xen


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-09-11 21:49:01 UTC (rev 55668)
+++ data/CVE/list	2017-09-11 22:50:36 UTC (rev 55669)
@@ -1,3 +1,8 @@
+CVE-2017-XXXX [XSA 235]
+	- xen <unfixed>
+	[stretch] - xen 4.8.1-1+deb9u3
+	[jessie] - xen 4.4.1-9+deb8u10
+	NOTE: https://xenbits.xen.org/xsa/advisory-235.html
 CVE-2017-14311
 	RESERVED
 CVE-2017-14310 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or ...)
@@ -5963,6 +5968,7 @@
 	NOTE: https://xenbits.xen.org/xsa/advisory-227.html
 CVE-2017-12136 (Race condition in the grant table code in Xen 4.6.x through 4.9.x ...)
 	- xen <unfixed>
+	[stretch] - xen 4.8.1-1+deb9u3
 	[jessie] - xen <not-affected> (Only affects 4.6 and later)
 	[wheezy] - xen <not-affected> (Only affects 4.6 and later)
 	NOTE: https://xenbits.xen.org/xsa/advisory-228.html
@@ -12393,6 +12399,7 @@
 	NOTE: https://xenbits.xen.org/xsa/advisory-224.html
 CVE-2017-10919 (Xen through 4.8.x mishandles virtual interrupt injection, which allows ...)
 	- xen <unfixed>
+	[jessie] - xen <ignored> (No backport available, limited to arm)
 	[wheezy] - xen <not-affected> (arm not supported)
 	NOTE: https://xenbits.xen.org/xsa/advisory-223.html
 CVE-2017-10918 (Xen through 4.8.x does not validate memory allocations during certain ...)
@@ -12404,6 +12411,7 @@
 	NOTE: https://xenbits.xen.org/xsa/advisory-221.html
 CVE-2017-10916 (The vCPU context-switch implementation in Xen through 4.8.x improperly ...)
 	- xen <unfixed>
+	[stretch] - xen 4.8.1-1+deb9u3
 	[jessie] - xen <not-affected> (Vulnerable code not present)
 	[wheezy] - xen <not-affected> (Vulnerable code not present)
 	NOTE: https://xenbits.xen.org/xsa/advisory-220.html

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2017-09-11 21:49:01 UTC (rev 55668)
+++ data/DSA/list	2017-09-11 22:50:36 UTC (rev 55669)
@@ -1,3 +1,7 @@
+[12 Sep 2017] DSA-3969-1 xen - security update
+	{CVE-2017-10912 CVE-2017-10913 CVE-2017-10914 CVE-2017-10915 CVE-2017-10917 CVE-2017-10918 CVE-2017-10919 CVE-2017-10920 CVE-2017-10921 CVE-2017-10922 CVE-2017-12135 CVE-2017-12137 CVE-2017-12855}
+	[jessie] - xen 4.4.1-9+deb8u10
+	[stretch] - xen 4.8.1-1+deb9u3
 [11 Sep 2017] DSA-3968-1 icedove - security update
 	{CVE-2017-7753 CVE-2017-7779 CVE-2017-7784 CVE-2017-7785 CVE-2017-7786 CVE-2017-7787 CVE-2017-7791 CVE-2017-7792 CVE-2017-7800 CVE-2017-7801 CVE-2017-7802 CVE-2017-7803 CVE-2017-7807 CVE-2017-7809}
 	[jessie] - icedove 52.3.0-4~deb8u2

Modified: data/dsa-needed.txt
===================================================================
--- data/dsa-needed.txt	2017-09-11 21:49:01 UTC (rev 55668)
+++ data/dsa-needed.txt	2017-09-11 22:50:36 UTC (rev 55669)
@@ -95,9 +95,5 @@
   2017-05-13: asked balint@ if he wants to prepare an update now
   2017-07-28: re-ping balint@
 --
-xen (jmm)
-  Maintainer prepared updates, but only for stretch-security, needs
-  clarification for jessie-security.
---
 zendframework/oldstable
 --




More information about the Secure-testing-commits mailing list