[Git][security-tracker-team/security-tracker][master] 2 commits: mark CVE-2020-8252 as not-affected

Wed Sep 23 13:57:27 BST 2020


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4a0bd102 by Thorsten Alteholz at 2020-09-23T14:31:55+02:00
mark CVE-2020-8252 as not-affected

- - - - -
75e5491c by Thorsten Alteholz at 2020-09-23T14:34:05+02:00
mark xen CVEs as EOL in Stretch (not checked whether affected)

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -485,26 +485,32 @@ CVE-2020-25605
 CVE-2020-25604 [race when migrating timers between x86 HVM vCPU-s]
 	RESERVED
 	- xen <unfixed>
+	[stretch] - xen <end-of-life> (DSA 4602-1)
 	NOTE: https://xenbits.xen.org/xsa/advisory-336.html
 CVE-2020-25603 [Missing memory barriers when accessing/allocating an event channel]
 	RESERVED
 	- xen <unfixed>
+	[stretch] - xen <end-of-life> (DSA 4602-1)
 	NOTE: https://xenbits.xen.org/xsa/advisory-340.html
 CVE-2020-25602 [x86 pv: Crash when handling guest access to MSR_MISC_ENABLE]
 	RESERVED
 	- xen <unfixed>
+	[stretch] - xen <end-of-life> (DSA 4602-1)
 	NOTE: https://xenbits.xen.org/xsa/advisory-333.html
 CVE-2020-25601 [lack of preemption in evtchn_reset() / evtchn_destroy()]
 	RESERVED
 	- xen <unfixed>
+	[stretch] - xen <end-of-life> (DSA 4602-1)
 	NOTE: https://xenbits.xen.org/xsa/advisory-344.html
 CVE-2020-25600 [out of bounds event channels available to 32-bit x86 domains]
 	RESERVED
 	- xen <unfixed>
+	[stretch] - xen <end-of-life> (DSA 4602-1)
 	NOTE: https://xenbits.xen.org/xsa/advisory-342.html
 CVE-2020-25599 [races with evtchn_reset()]
 	RESERVED
 	- xen <unfixed>
+	[stretch] - xen <end-of-life> (DSA 4602-1)
 	NOTE: https://xenbits.xen.org/xsa/advisory-343.html
 CVE-2020-25598 [Missing unlock in XENMEM_acquire_resource error path]
 	RESERVED
@@ -514,14 +520,17 @@ CVE-2020-25598 [Missing unlock in XENMEM_acquire_resource error path]
 CVE-2020-25597 [once valid event channels may not turn invalid]
 	RESERVED
 	- xen <unfixed>
+	[stretch] - xen <end-of-life> (DSA 4602-1)
 	NOTE: https://xenbits.xen.org/xsa/advisory-338.html
 CVE-2020-25596 [x86 pv guest kernel DoS via SYSENTER]
 	RESERVED
 	- xen <unfixed>
+	[stretch] - xen <end-of-life> (DSA 4602-1)
 	NOTE: https://xenbits.xen.org/xsa/advisory-339.html
 CVE-2020-25595 [PCI passthrough code reading back hardware registers]
 	RESERVED
 	- xen <unfixed>
+	[stretch] - xen <end-of-life> (DSA 4602-1)
 	NOTE: https://xenbits.xen.org/xsa/advisory-337.html
 CVE-2020-25594
 	RESERVED
@@ -41398,6 +41407,7 @@ CVE-2020-8253 (Improper authentication in Citrix XenMobile Server 10.12 before R
 	NOT-FOR-US: Citrix
 CVE-2020-8252 (The implementation of realpath in libuv < 10.22.1, < 12.18.4, an ...)
 	- libuv1 1.39.0-1
+	[stretch] - libuv1 <not-affected> (Vulnerable code introduced later)
 	NOTE: https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/#fs-realpath-native-on-may-cause-buffer-overflow-medium-cve-2020-8252
 	NOTE: Debian's version of nodejs uses the shared system library of libuv1 instead
 	NOTE: of the bundled one.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/de21c7d34512df5a18f1ea67aea69411c5af80f1...75e5491c4a88686257c727dd9769be42777dee8d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/de21c7d34512df5a18f1ea67aea69411c5af80f1...75e5491c4a88686257c727dd9769be42777dee8d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200923/67fd8442/attachment.html>
