[Git][security-tracker-team/security-tracker][master] 3 commits: Track xen source package as well CVE-2017-5715, CVE-2017-575{3,4}

Salvatore Bonaccorso carnil at debian.org
Tue Sep 24 14:05:46 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ffe4dd67 by Salvatore Bonaccorso at 2019-09-24T12:59:00Z
Track xen source package as well CVE-2017-5715, CVE-2017-575{3,4}

We originally did not, as they are for mitigations for those issues via
xen updates. But the same can be argued for the othe source packages
tracked. So be consistent.

- - - - -
cf49547d by Salvatore Bonaccorso at 2019-09-24T13:03:41Z
Track applied mitigation for CVE-2017-5754/xen

Reviewers: please double check (wrp to previous commit).

- - - - -
45c19e84 by Salvatore Bonaccorso at 2019-09-24T13:05:07Z
Slightly shuffle around notes for two CVEs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -137094,15 +137094,16 @@ CVE-2017-5754 (Systems with microprocessors utilizing speculative execution and
 	- nvidia-graphics-drivers-legacy-304xx <unfixed>
 	[stretch] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
 	[jessie] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
+	- linux-grsec <removed>
+	- xen 4.11.1~pre+1.733450b39b-1
+	[stretch] - xen 4.8.3+comet2+shim4.10.0+comet3-1+deb9u4
+	[jessie] - xen <no-dsa> (Too intrusive to backport)
 	NOTE: https://meltdownattack.com/
 	NOTE: https://xenbits.xen.org/xsa/advisory-254.html
 	NOTE: https://googleprojectzero.blogspot.co.uk/2018/01/reading-privileged-memory-with-side.html
 	NOTE: http://blog.cyberus-technology.de/posts/2018-01-03-meltdown.html
 	NOTE: Paper: https://meltdownattack.com/meltdown.pdf
 	NOTE: https://01.org/security/advisories/intel-oss-10003
-	- linux-grsec <removed>
-	[jessie] - xen <no-dsa> (Too intrusive to backport)
-	NOTE: https://xenbits.xen.org/xsa/advisory-254.html
 CVE-2017-5753 (Systems with microprocessors utilizing speculative execution and branc ...)
 	{DSA-4188-1 DSA-4187-1 DLA-1731-1 DLA-1423-1 DLA-1422-1}
 	- linux 4.15.11-1
@@ -137115,14 +137116,14 @@ CVE-2017-5753 (Systems with microprocessors utilizing speculative execution and
 	- nvidia-graphics-drivers-legacy-304xx <unfixed>
 	[stretch] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
 	[jessie] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
+	- linux-grsec <removed>
+	- xen 4.11.1~pre+1.733450b39b-1
+	[jessie] - xen <no-dsa> (Too intrusive to backport)
 	NOTE: https://spectreattack.com/
 	NOTE: https://xenbits.xen.org/xsa/advisory-254.html
 	NOTE: https://googleprojectzero.blogspot.co.uk/2018/01/reading-privileged-memory-with-side.html
 	NOTE: Paper: https://spectreattack.com/spectre.pdf
 	NOTE: https://01.org/security/advisories/intel-oss-10002
-	- linux-grsec <removed>
-	[jessie] - xen <no-dsa> (Too intrusive to backport)
-	NOTE: https://xenbits.xen.org/xsa/advisory-254.html
 CVE-2017-5752
 	RESERVED
 CVE-2017-5751
@@ -137249,8 +137250,8 @@ CVE-2017-5715 (Systems with microprocessors utilizing speculative execution and
 	[stretch] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
 	[jessie] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
 	- linux-grsec <removed>
+	- xen 4.11.1~pre+1.733450b39b-1
 	[jessie] - xen <no-dsa> (Too intrusive to backport)
-	NOTE: https://xenbits.xen.org/xsa/advisory-254.html
 CVE-2017-5714
 	RESERVED
 CVE-2017-5713



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/5d1dcf1bac7ece5a9ea0070ec333c71698425f0f...45c19e84676d7bf0345e741209eea41be21bae72

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/5d1dcf1bac7ece5a9ea0070ec333c71698425f0f...45c19e84676d7bf0345e741209eea41be21bae72
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190924/44184ef1/attachment.html>

More information about the debian-security-tracker-commits mailing list