[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 4 commits: lts: CVE-2018-5683 can be fixed in a future update

Tue Jan 16 11:13:07 UTC 2018

Guido Günther pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8ad480d1 by Guido Günther at 2018-01-16T12:01:50+01:00
lts: CVE-2018-5683 can be fixed in a future update

- - - - -
a9831228 by Guido Günther at 2018-01-16T12:01:55+01:00
lts: xen on arm is not supported in wheezy (CVE-2017-17046)

- - - - -
b4257c49 by Guido Günther at 2018-01-16T12:01:59+01:00
lts: upstream concludes only xen 4.2+ affected

- - - - -
1ea6a198 by Guido Günther at 2018-01-16T12:02:03+01:00
lts: add xen to dla-needed

for
    CVE-2017-15590 / xsa-237
    CVE-2016-9603 / xsa-211
    CVE-2016-9637 / xsa-199
    CVE-2016-2620 / xsa-209

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -57,7 +57,9 @@ CVE-2018-5684 (In Libav through 12.2, there is an invalid memcpy call in the ...
 CVE-2018-5683 [Out-of-bounds read in vga_draw_text routine]
 	RESERVED
 	- qemu <unfixed> (bug #887392)
+	[wheezy] - qemu <postponed> (Minor issue, can be fixed along in next DLA)
 	- qemu-kvm <removed>
+	[wheezy] - qemu-kvm <postponed> (Minor issue, can be fixed along in next DLA)
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-01/msg02131.html
 CVE-2017-18030 [Out-of-bounds access in cirrus_invalidate_region routine]
 	RESERVED
@@ -13107,6 +13109,7 @@ CVE-2017-17044 (An issue was discovered in Xen through 4.9.x allowing HVM guest 
 CVE-2017-17046 (An issue was discovered in Xen through 4.9.x on the ARM platform ...)
 	{DSA-4050-1}
 	- xen 4.8.2+xsa245-0+deb9u1
+	[wheezy] - xen <not-affected> (arm not supported)
 	NOTE: https://xenbits.xen.org/xsa/advisory-245.html
 CVE-2018-0705
 	RESERVED
@@ -18819,6 +18822,7 @@ CVE-2017-15598
 CVE-2017-15597 (An issue was discovered in Xen through 4.9.x. Grant copying code made ...)
 	{DSA-4050-1}
 	- xen 4.8.2+xsa245-0+deb9u1
+	[wheezy] - xen <not-affected> (Vulnerable code not present)
 	NOTE: https://xenbits.xen.org/xsa/advisory-236.html
 CVE-2017-15586
 	RESERVED


=====================================
data/dla-needed.txt
=====================================
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -73,3 +73,5 @@ wordpress
   NOTE: 2018-08-09: Upstream bug opened 6 years ago and no chages to upstream
   NOTE: bug in 7 weeks.
 --
+xen
+--



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/7286bf5ef4a3c02789c892a4bd193fca9da2d038...1ea6a19889836202aa15306c862068c7aae50239

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/7286bf5ef4a3c02789c892a4bd193fca9da2d038...1ea6a19889836202aa15306c862068c7aae50239
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180116/c221aa0b/attachment.html>
