[Git][security-tracker-team/security-tracker][master] Add fixed version for src:xen in unstable

Salvatore Bonaccorso carnil at debian.org
Sat Jul 14 23:16:47 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6d8c84b1 by Salvatore Bonaccorso at 2018-07-15T00:14:16+02:00
Add fixed version for src:xen in unstable

At point release time for 9.5 given there was no more recent version in
unstable for src:xen the package from stable was propped up from stable
to unstable.

As such mark for evey uploaded version which fix a set of CVE with the
respective version from stable, which is now as well in unstable.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -2586,15 +2586,15 @@ CVE-2018-12894
 	RESERVED
 CVE-2018-12893 (An issue was discovered in Xen through 4.10.x. One of the fixes in ...)
 	{DSA-4236-1}
-	- xen <unfixed>
+	- xen 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9
 	NOTE: https://xenbits.xen.org/xsa/advisory-265.html
 CVE-2018-12892 (An issue was discovered in Xen 4.7 through 4.10.x. libxl fails to pass ...)
 	{DSA-4236-1}
-	- xen <unfixed>
+	- xen 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9
 	NOTE: https://xenbits.xen.org/xsa/advisory-266.html
 CVE-2018-12891 (An issue was discovered in Xen through 4.10.x. Certain PV MMU ...)
 	{DSA-4236-1}
-	- xen <unfixed>
+	- xen 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9
 	NOTE: https://xenbits.xen.org/xsa/advisory-264.html
 CVE-2018-12890
 	RESERVED
@@ -7661,11 +7661,11 @@ CVE-2018-10992 (lilypond-invoke-editor in LilyPond 2.19.80 does not validate str
 	[wheezy] - lilypond <not-affected> (Incomplete fix not applied)
 CVE-2018-10982 (An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS ...)
 	{DSA-4201-1 DLA-1383-1}
-	- xen <unfixed>
+	- xen 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6
 	NOTE: https://xenbits.xen.org/xsa/advisory-261.html
 CVE-2018-10981 (An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS ...)
 	{DSA-4201-1 DLA-1383-1}
-	- xen <unfixed>
+	- xen 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6
 	NOTE: https://xenbits.xen.org/xsa/advisory-262.html
 CVE-2018-10980
 	RESERVED
@@ -9119,12 +9119,12 @@ CVE-2017-18262 (Blackboard Learn (Since at least 17th of October 2017) has allow
 	NOT-FOR-US: Blackboard Learn
 CVE-2018-10471 (An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS ...)
 	{DSA-4201-1}
-	- xen <unfixed>
+	- xen 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6
 	[wheezy] - xen <not-affected> (Regression for XSA-254 which was not applied in wheezy)
 	NOTE: https://xenbits.xen.org/xsa/advisory-259.html
 CVE-2018-10472 (An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS ...)
 	{DSA-4201-1}
-	- xen <unfixed>
+	- xen 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6
 	[wheezy] - xen <not-affected> (No QMP support in wheezy)
 	NOTE: https://xenbits.xen.org/xsa/advisory-258.html
 CVE-2018-10432
@@ -12965,7 +12965,7 @@ CVE-2018-8897 (A statement in the System Programming Guide of the Intel 64 and I
 	{DSA-4201-1 DSA-4196-1 DLA-1392-1 DLA-1383-1}
 	- linux 4.15.17-1
 	NOTE: Fixed by: https://git.kernel.org/linus/d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9 (4.16-rc7)
-	- xen <unfixed>
+	- xen 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6
 	NOTE: https://xenbits.xen.org/xsa/advisory-260.html
 	NOTE: http://www.openwall.com/lists/oss-security/2018/05/08/4
 CVE-2018-8896 (In 2345 Security Guard 3.6, the driver file (2345DumpBlock.sys) allows ...)
@@ -27797,7 +27797,7 @@ CVE-2018-3666
 CVE-2018-3665 (System software utilizing Lazy FP state restore technique on systems ...)
 	{DSA-4232-1 DLA-1422-1}
 	- linux 4.6.1-1
-	- xen <unfixed>
+	- xen 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u8
 	NOTE: https://xenbits.xen.org/xsa/advisory-267.html
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html
 	NOTE: Default eagerfpu=on on all CPUs: https://git.kernel.org/linus/58122bf1d856a4ea9581d62a07c557d997d46a19
@@ -27861,7 +27861,7 @@ CVE-2018-3639 (Systems with microprocessors utilizing speculative execution and 
 	- linux 4.16.12-1
 	[stretch] - linux 4.9.107-1
 	[wheezy] - linux <ignored> (Too much work to backport)
-	- xen <unfixed>
+	- xen 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7
 	NOTE: https://xenbits.xen.org/xsa/advisory-263.html
 	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1528
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6d8c84b1f4f6b8d432515d103394984b88e4f315

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6d8c84b1f4f6b8d432515d103394984b88e4f315
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180714/63dbf2b5/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list