[Git][security-tracker-team/security-tracker][master] Add workaround entry for XSA-206 and remove no-dsa tagged entries with an update

Salvatore Bonaccorso carnil at debian.org
Wed Sep 5 12:58:05 BST 2018


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
73790b6f by Salvatore Bonaccorso at 2018-09-05T10:40:15Z
Add workaround entry for XSA-206 and remove no-dsa tagged entries with an update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -79302,12 +79302,11 @@ CVE-2017-5995 (The NetApp ONTAP Select Deploy administration utility 2.0 through
 	NOT-FOR-US: NetApp ONTAP Select Deploy administration utility
 CVE-2017-14431 (Memory leak in Xen 3.3 through 4.8.x allows guest OS users to cause a ...)
 	- xen 4.8.1-1 (bug #856229)
-	[jessie] - xen <no-dsa> (Minor issue)
 	[wheezy] - xen <no-dsa> (Minor issue)
 	NOTE: https://xenbits.xen.org/xsa/advisory-207.html
 CVE-2017-XXXX [XSA-206: xenstore denial of service via repeated update]
 	- xen 4.8.1-1 (bug #860565)
-	[jessie] - xen <ignored> (Too intrusive to backport)
+	[jessie] - xen 4.4.4lts1-0+deb8u1
 	[wheezy] - xen <ignored> (Too intrusive to backport)
 	NOTE: https://xenbits.xen.org/xsa/advisory-206.html
 CVE-2017-5994 (Heap-based buffer overflow in the vrend_create_vertex_elements_state ...)
@@ -111392,7 +111391,6 @@ CVE-2016-5026 (hs.py in OnionShare before 0.9.1 allows local users to modify the
 	NOTE: Neutralised by kernel hardening (also contrib and non-free not supported)
 CVE-2016-4963 (The libxl device-handling in Xen through 4.6.x allows local guest OS ...)
 	- xen 4.8.0~rc3-1
-	[jessie] - xen <ignored> (Minor issue, too intrusive to backport)
 	[wheezy] - xen <no-dsa> (Minor issue, too intrusive to backport, libvirt doesn't have libxl driver enabled)
 	NOTE: http://xenbits.xen.org/xsa/advisory-178.html
 CVE-2016-4962 (The libxl device-handling in Xen 4.6.x and earlier allows local OS ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/73790b6f0cc9ed7f3362476d0d08338af65f4784

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/73790b6f0cc9ed7f3362476d0d08338af65f4784
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180905/8b129b11/attachment.html>


More information about the debian-security-tracker-commits mailing list