[Git][security-tracker-team/security-tracker][master] thunderbird/xen DSAs

Sun Apr 10 18:59:19 BST 2022


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bfeccb6b by Moritz Mühlenhoff at 2022-04-10T19:58:49+02:00
thunderbird/xen DSAs

- - - - -


2 changed files:

- data/CVE/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -6763,6 +6763,7 @@ CVE-2022-26357 (race in VT-d domain ID cleanup Xen domain IDs are up to 15 bits
 	[stretch] - xen <end-of-life> (DSA 4602-1)
 	NOTE: https://xenbits.xen.org/xsa/advisory-399.html
 CVE-2022-26356 (Racy interactions between dirty vram tracking and paging log dirty hyp ...)
+	- xen <unfixed>
 	[buster] - xen <end-of-life> (DSA 4677-1)
 	[stretch] - xen <end-of-life> (DSA 4602-1)
 	NOTE: https://xenbits.xen.org/xsa/advisory-397.html
@@ -17340,19 +17341,16 @@ CVE-2022-23036 (Linux PV device frontends vulnerable to attacks by backends T[hi
 	NOTE: https://xenbits.xen.org/xsa/advisory-396.html
 CVE-2022-23035 (Insufficient cleanup of passed-through device IRQs The management of I ...)
 	- xen 4.16.0+51-g0941d6cb-1
-	[bullseye] - xen <postponed> (Fix along with next DSA round)
 	[buster] - xen <end-of-life> (DSA 4677-1)
 	[stretch] - xen <end-of-life> (DSA 4602-1)
 	NOTE: https://xenbits.xen.org/xsa/advisory-395.html
 CVE-2022-23034 (A PV guest could DoS Xen while unmapping a grant To address XSA-380, r ...)
 	- xen 4.16.0+51-g0941d6cb-1
-	[bullseye] - xen <postponed> (Fix along with next DSA round)
 	[buster] - xen <end-of-life> (DSA 4677-1)
 	[stretch] - xen <end-of-life> (DSA 4602-1)
 	NOTE: https://xenbits.xen.org/xsa/advisory-394.html
 CVE-2022-23033 (arm: guest_physmap_remove_page not removing the p2m mappings The funct ...)
 	- xen 4.16.0+51-g0941d6cb-1
-	[bullseye] - xen <postponed> (Fix along with next DSA round)
 	[buster] - xen <not-affected> (Vulnerable code introduced later)
 	[stretch] - xen <not-affected> (Vulnerable code introduced later)
 	NOTE: https://xenbits.xen.org/xsa/advisory-393.html


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,10 @@
+[10 Apr 2022] DSA-5118-1 thunderbird - security update
+	{CVE-2022-1097 CVE-2022-1196 CVE-2022-1197 CVE-2022-24713 CVE-2022-28281 CVE-2022-28282 CVE-2022-28285 CVE-2022-28286 CVE-2022-28289}
+	[buster] - thunderbird 1:91.8.0-1~deb10u1
+	[bullseye] - thunderbird 1:91.8.0-1~deb11u1
+[10 Apr 2022] DSA-5117-1 xen - security update
+	{CVE-2022-23033 CVE-2022-23034 CVE-2022-23035 CVE-2022-26356 CVE-2022-26357 CVE-2022-26358 CVE-2022-26359 CVE-2022-26360 CVE-2022-26361}
+	[bullseye] - xen 4.14.4+74-gd7b22226b5-1
 [08 Apr 2022] DSA-5116-1 wpewebkit - security update
 	{CVE-2022-22624 CVE-2022-22628 CVE-2022-22629}
 	[bullseye] - wpewebkit 2.36.0-2~deb11u1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bfeccb6b21ab9b645b846da70d756150516c1969

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bfeccb6b21ab9b645b846da70d756150516c1969
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220410/beca66d0/attachment.htm>
