[Git][security-tracker-team/security-tracker][master] 5 commits: CVE-2018-19963/xen assigned for XSA-276
Salvatore Bonaccorso
carnil at debian.org
Sat Dec 8 07:47:15 GMT 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c46e9882 by Salvatore Bonaccorso at 2018-12-08T07:42:43Z
CVE-2018-19963/xen assigned for XSA-276
- - - - -
23168825 by Salvatore Bonaccorso at 2018-12-08T07:43:22Z
CVE-2018-19964/xen assigned for XSA-277
- - - - -
5a92b478 by Salvatore Bonaccorso at 2018-12-08T07:44:02Z
CVE-2018-19965/xen assigned for XSA-279
- - - - -
d3609170 by Salvatore Bonaccorso at 2018-12-08T07:44:46Z
CVE-2018-19966/xen assigned for XSA-280
- - - - -
e3734d29 by Salvatore Bonaccorso at 2018-12-08T07:46:53Z
CVE-2018-19967/xen assigned for XSA-282
- - - - -
2 changed files:
- data/CVE/list
- data/DLA/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4969,18 +4969,18 @@ CVE-2018-19368
RESERVED
CVE-2018-19367 (Portainer through 1.19.2 provides an API endpoint ...)
NOT-FOR-US: Portainer
-CVE-2018-XXXX [XSA-280: Fix for XSA-240 conflicts with shadow paging]
+CVE-2018-19966 [XSA-280: Fix for XSA-240 conflicts with shadow paging]
- xen <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-280.txt
-CVE-2018-XXXX [XSA-279: x86: DoS from attempting to use INVPCID with a non-canonical addresses]
+CVE-2018-19965 [XSA-279: x86: DoS from attempting to use INVPCID with a non-canonical addresses]
- xen <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-279.txt
-CVE-2018-XXXX [XSA-277: x86: incorrect error handling for guest p2m page removals]
+CVE-2018-19964 [XSA-277: x86: incorrect error handling for guest p2m page removals]
- xen <unfixed>
[stretch] - xen <not-affected> (Only affects 4.11)
[jessie] - xen <not-affected> (Only affects 4.11)
NOTE: https://xenbits.xen.org/xsa/advisory-277.txt
-CVE-2018-XXXX [XSA-276: resource accounting issues in x86 IOREQ server handling]
+CVE-2018-19963 [XSA-276: resource accounting issues in x86 IOREQ server handling]
- xen <unfixed>
[stretch] - xen <not-affected> (Only affects 4.11)
[jessie] - xen <not-affected> (Only affects 4.11)
@@ -5896,10 +5896,9 @@ CVE-2018-19117
RESERVED
CVE-2018-19116
RESERVED
-CVE-2018-XXXX [XSA-282: guest use of HLE constructs may lock up host]
+CVE-2018-19967 [XSA-282: guest use of HLE constructs may lock up host]
- xen <unfixed>
[stretch] - xen <postponed> (Hold back until next DSA)
- [jessie] - xen 4.4.4lts4-0+deb8u1
NOTE: https://xenbits.xen.org/xsa/advisory-282.txt
CVE-2018-19115 (keepalived before 2.0.7 has a heap-based buffer overflow when parsing ...)
{DLA-1589-1}
=====================================
data/DLA/list
=====================================
@@ -79,7 +79,7 @@
{CVE-2016-1238 CVE-2017-15705 CVE-2018-11780 CVE-2018-11781}
[jessie] - spamassassin 3.4.2-0+deb8u1
[12 Nov 2018] DLA-1577-1 xen - security update
- {CVE-2018-7540 CVE-2018-7541 CVE-2018-8897 CVE-2018-12891 CVE-2018-12893 CVE-2018-15469 CVE-2018-15470}
+ {CVE-2018-7540 CVE-2018-7541 CVE-2018-8897 CVE-2018-12891 CVE-2018-12893 CVE-2018-15469 CVE-2018-15470 CVE-2018-19967}
[jessie] - xen 4.4.4lts4-0+deb8u1
[12 Nov 2018] DLA-1576-1 ansible - security update
{CVE-2018-16837}
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/ac99d3dd92263422b24cc456429f9949df08dcf8...e3734d29d2712f5063ecc7d41bb255ff62ea7d96
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/ac99d3dd92263422b24cc456429f9949df08dcf8...e3734d29d2712f5063ecc7d41bb255ff62ea7d96
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181208/b8c058f7/attachment.html>
More information about the debian-security-tracker-commits
mailing list