[Git][security-tracker-team/security-tracker][master] 5 commits: CVE-2018-19963/xen assigned for XSA-276

Sat Dec 8 07:47:15 GMT 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c46e9882 by Salvatore Bonaccorso at 2018-12-08T07:42:43Z
CVE-2018-19963/xen assigned for XSA-276

- - - - -
23168825 by Salvatore Bonaccorso at 2018-12-08T07:43:22Z
CVE-2018-19964/xen assigned for XSA-277

- - - - -
5a92b478 by Salvatore Bonaccorso at 2018-12-08T07:44:02Z
CVE-2018-19965/xen assigned for XSA-279

- - - - -
d3609170 by Salvatore Bonaccorso at 2018-12-08T07:44:46Z
CVE-2018-19966/xen assigned for XSA-280

- - - - -
e3734d29 by Salvatore Bonaccorso at 2018-12-08T07:46:53Z
CVE-2018-19967/xen assigned for XSA-282

- - - - -


2 changed files:

- data/CVE/list
- data/DLA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4969,18 +4969,18 @@ CVE-2018-19368
 	RESERVED
 CVE-2018-19367 (Portainer through 1.19.2 provides an API endpoint ...)
 	NOT-FOR-US: Portainer
-CVE-2018-XXXX [XSA-280: Fix for XSA-240 conflicts with shadow paging]
+CVE-2018-19966 [XSA-280: Fix for XSA-240 conflicts with shadow paging]
 	- xen <unfixed>
 	NOTE: https://xenbits.xen.org/xsa/advisory-280.txt
-CVE-2018-XXXX [XSA-279: x86: DoS from attempting to use INVPCID with a non-canonical addresses]
+CVE-2018-19965 [XSA-279: x86: DoS from attempting to use INVPCID with a non-canonical addresses]
 	- xen <unfixed>
 	NOTE: https://xenbits.xen.org/xsa/advisory-279.txt
-CVE-2018-XXXX [XSA-277: x86: incorrect error handling for guest p2m page removals]
+CVE-2018-19964 [XSA-277: x86: incorrect error handling for guest p2m page removals]
 	- xen <unfixed>
 	[stretch] - xen <not-affected> (Only affects 4.11)
 	[jessie] - xen <not-affected> (Only affects 4.11)
 	NOTE: https://xenbits.xen.org/xsa/advisory-277.txt
-CVE-2018-XXXX [XSA-276: resource accounting issues in x86 IOREQ server handling]
+CVE-2018-19963 [XSA-276: resource accounting issues in x86 IOREQ server handling]
 	- xen <unfixed>
 	[stretch] - xen <not-affected> (Only affects 4.11)
 	[jessie] - xen <not-affected> (Only affects 4.11)
@@ -5896,10 +5896,9 @@ CVE-2018-19117
 	RESERVED
 CVE-2018-19116
 	RESERVED
-CVE-2018-XXXX [XSA-282: guest use of HLE constructs may lock up host]
+CVE-2018-19967 [XSA-282: guest use of HLE constructs may lock up host]
 	- xen <unfixed>
 	[stretch] - xen <postponed> (Hold back until next DSA)
-	[jessie] - xen 4.4.4lts4-0+deb8u1
 	NOTE: https://xenbits.xen.org/xsa/advisory-282.txt
 CVE-2018-19115 (keepalived before 2.0.7 has a heap-based buffer overflow when parsing ...)
 	{DLA-1589-1}


=====================================
data/DLA/list
=====================================
@@ -79,7 +79,7 @@
 	{CVE-2016-1238 CVE-2017-15705 CVE-2018-11780 CVE-2018-11781}
 	[jessie] - spamassassin 3.4.2-0+deb8u1
 [12 Nov 2018] DLA-1577-1 xen - security update
-	{CVE-2018-7540 CVE-2018-7541 CVE-2018-8897 CVE-2018-12891 CVE-2018-12893 CVE-2018-15469 CVE-2018-15470}
+	{CVE-2018-7540 CVE-2018-7541 CVE-2018-8897 CVE-2018-12891 CVE-2018-12893 CVE-2018-15469 CVE-2018-15470 CVE-2018-19967}
 	[jessie] - xen 4.4.4lts4-0+deb8u1
 [12 Nov 2018] DLA-1576-1 ansible - security update
 	{CVE-2018-16837}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/ac99d3dd92263422b24cc456429f9949df08dcf8...e3734d29d2712f5063ecc7d41bb255ff62ea7d96

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/ac99d3dd92263422b24cc456429f9949df08dcf8...e3734d29d2712f5063ecc7d41bb255ff62ea7d96
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181208/b8c058f7/attachment.html>
