[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] lts: Mark CVE-2017-15590 as too intrusive to backort

[Guido Günther]

Guido Günther pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a7579ca4 by Guido Günther at 2018-01-31T10:32:43+01:00
lts: Mark CVE-2017-15590 as too intrusive to backort

Can be avoided by not passing through devices to untrusted guests (will
be mentioned in next DLA).

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -21949,6 +21949,7 @@ CVE-2017-15591 (An issue was discovered in Xen 4.5.x through 4.9.x allowing atta
 CVE-2017-15590 (An issue was discovered in Xen through 4.9.x allowing x86 guest OS ...)
 	{DSA-4050-1}
 	- xen 4.8.2+xsa245-0+deb9u1
+	[wheezy] - xen <no-dsa> (Patches too intrusive to backport)
 	NOTE: https://xenbits.xen.org/xsa/advisory-237.html
 CVE-2017-15289 (The mode4and5 write functions in hw/display/cirrus_vga.c in Qemu allow ...)
 	- qemu 1:2.11+dfsg-1 (bug #880832)


=====================================
data/dla-needed.txt
=====================================
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -70,4 +70,6 @@ squid
 squid3 (Roberto C. Sánchez)
 --
 xen
+  NOTE: mention mitigation for CVE-2017-15590 in next DLA
+  NOTE: https://xenbits.xen.org/xsa/advisory-237.html
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a7579ca446e5012fbba85552500e750a0e055592

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a7579ca446e5012fbba85552500e750a0e055592
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180131/56d6ff5d/attachment-0001.html>