[Git][security-tracker-team/security-tracker][master] xen fixed in sid

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Aug 23 14:00:30 BST 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a465c777 by Moritz Muehlenhoff at 2022-08-23T14:59:58+02:00
xen fixed in sid

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -12917,7 +12917,7 @@ CVE-2022-33747
 CVE-2022-33746
 	RESERVED
 CVE-2022-33745 (insufficient TLB flush for x86 PV guests in shadow mode For migration  ...)
-	- xen <unfixed>
+	- xen 4.16.2-1
 	[bullseye] - xen <postponed> (Minor issue, include in next security round)
 	[buster] - xen <end-of-life> (DSA 4677-1)
 	NOTE: https://xenbits.xen.org/xsa/advisory-408.html
@@ -12933,7 +12933,7 @@ CVE-2022-33743 (network backend may cause Linux netfront to use freed SKBs While
 CVE-2022-33742 (Linux disk/nic frontends data leaks T[his CNA information record relat ...)
 	{DSA-5191-1}
 	- linux 5.18.14-1
-	- xen <unfixed>
+	- xen 4.16.2-1
 	[bullseye] - xen <ignored> (Too intrusive too backport)
 	[buster] - xen <end-of-life> (DSA 4677-1)
 	[stretch] - xen <end-of-life> (DSA 4602-1)
@@ -12941,7 +12941,7 @@ CVE-2022-33742 (Linux disk/nic frontends data leaks T[his CNA information record
 CVE-2022-33741 (Linux disk/nic frontends data leaks T[his CNA information record relat ...)
 	{DSA-5191-1}
 	- linux 5.18.14-1
-	- xen <unfixed>
+	- xen 4.16.2-1
 	[bullseye] - xen <ignored> (Too intrusive too backport)
 	[buster] - xen <end-of-life> (DSA 4677-1)
 	[stretch] - xen <end-of-life> (DSA 4602-1)
@@ -12949,7 +12949,7 @@ CVE-2022-33741 (Linux disk/nic frontends data leaks T[his CNA information record
 CVE-2022-33740 (Linux disk/nic frontends data leaks T[his CNA information record relat ...)
 	{DSA-5191-1}
 	- linux 5.18.14-1
-	- xen <unfixed>
+	- xen 4.16.2-1
 	[bullseye] - xen <ignored> (Too intrusive too backport)
 	[buster] - xen <end-of-life> (DSA 4677-1)
 	[stretch] - xen <end-of-life> (DSA 4602-1)
@@ -23515,7 +23515,7 @@ CVE-2022-29901 (Intel microprocessor generations 6 to 8 are affected by a new Sp
 CVE-2022-29900 (Mis-trained branch predictions for return instructions may allow arbit ...)
 	{DSA-5207-1 DSA-5184-1}
 	- linux 5.18.14-1
-	- xen <unfixed>
+	- xen 4.16.2-1
 	[buster] - xen <end-of-life> (DSA 4677-1)
 	NOTE: https://comsec.ethz.ch/research/microarch/retbleed/
 	NOTE: https://comsec.ethz.ch/wp-content/files/retbleed_sec22.pdf
@@ -33842,26 +33842,26 @@ CVE-2022-0836 (The SEMA API WordPress plugin before 4.02 does not properly sanit
 CVE-2022-26365 (Linux disk/nic frontends data leaks T[his CNA information record relat ...)
 	{DSA-5191-1}
 	- linux 5.18.14-1
-	- xen <unfixed>
+	- xen 4.16.2-1 (bug #1014414)
 	[bullseye] - xen <ignored> (Too intrusive too backport)
 	[buster] - xen <end-of-life> (DSA 4677-1)
 	[stretch] - xen <end-of-life> (DSA 4602-1)
 	NOTE: https://xenbits.xen.org/xsa/advisory-403.html
 CVE-2022-26364 (x86 pv: Insufficient care with non-coherent mappings T[his CNA informa ...)
 	{DSA-5184-1}
-	- xen <unfixed> (bug #1014414)
+	- xen 4.16.2-1 (bug #1014414)
 	[buster] - xen <end-of-life> (DSA 4677-1)
 	[stretch] - xen <end-of-life> (DSA 4602-1)
 	NOTE: https://xenbits.xen.org/xsa/advisory-402.html
 CVE-2022-26363 (x86 pv: Insufficient care with non-coherent mappings T[his CNA informa ...)
 	{DSA-5184-1}
-	- xen <unfixed> (bug #1014414)
+	- xen 4.16.2-1 (bug #1014414)
 	[buster] - xen <end-of-life> (DSA 4677-1)
 	[stretch] - xen <end-of-life> (DSA 4602-1)
 	NOTE: https://xenbits.xen.org/xsa/advisory-402.html
 CVE-2022-26362 (x86 pv: Race condition in typeref acquisition Xen maintains a type ref ...)
 	{DSA-5184-1}
-	- xen <unfixed> (bug #1014414)
+	- xen 4.16.2-1 (bug #1014414)
 	[buster] - xen <end-of-life> (DSA 4677-1)
 	[stretch] - xen <end-of-life> (DSA 4602-1)
 	NOTE: https://xenbits.xen.org/xsa/advisory-401.html
@@ -42181,7 +42181,7 @@ CVE-2022-23826
 CVE-2022-23825 (Aliases in the branch predictor may cause some AMD processors to predi ...)
 	{DSA-5184-1}
 	- linux <unfixed>
-	- xen <unfixed>
+	- xen 4.16.2-1
 	[buster] - xen <end-of-life> (DSA 4677-1)
 	NOTE: https://comsec.ethz.ch/research/microarch/retbleed/
 	NOTE: https://comsec.ethz.ch/wp-content/files/retbleed_addendum_sec22.pdf
@@ -42209,7 +42209,7 @@ CVE-2022-23816
 	RESERVED
 	{DSA-5184-1}
 	- linux <unfixed>
-	- xen <unfixed>
+	- xen 4.16.2-1
 	[buster] - xen <end-of-life> (DSA 4677-1)
 	NOTE: This is the AMD assigned CVE for Retbleed (CVE-2022-29900), as AMD did not
 	NOTE: agree on the coverage for CVE-2022-29900: As stated in the Xen advisory 407:
@@ -57242,6 +57242,7 @@ CVE-2022-21180 (Improper input validation for some Intel(R) Processors may allow
 CVE-2022-21166 (Incomplete cleanup in specific special register write operations for s ...)
 	{DSA-5184-1 DSA-5178-1 DSA-5173-1 DLA-3065-1}
 	- intel-microcode 3.20220510.1
+	- xen 4.16.2-1
 	- linux 5.18.5-1
 	[bullseye] - linux 5.10.127-1
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html
@@ -57257,6 +57258,7 @@ CVE-2022-21127 (Incomplete cleanup in specific special register read operations
 CVE-2022-21125 (Incomplete cleanup of microarchitectural fill buffers on some Intel(R) ...)
 	{DSA-5184-1 DSA-5178-1 DSA-5173-1 DLA-3065-1}
 	- intel-microcode 3.20220510.1
+	- xen 4.16.2-1
 	- linux 5.18.5-1
 	[bullseye] - linux 5.10.127-1
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html
@@ -57266,6 +57268,7 @@ CVE-2022-21125 (Incomplete cleanup of microarchitectural fill buffers on some In
 CVE-2022-21123 (Incomplete cleanup of multi-core shared buffers for some Intel(R) Proc ...)
 	{DSA-5184-1 DSA-5178-1 DSA-5173-1 DLA-3065-1}
 	- intel-microcode 3.20220510.1
+	- xen 4.16.2-1
 	- linux 5.18.5-1
 	[bullseye] - linux 5.10.127-1
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a465c77783ed163ab7f0d503db473a48d3093a30

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a465c77783ed163ab7f0d503db473a48d3093a30
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220823/6c4e7642/attachment.htm>

More information about the debian-security-tracker-commits mailing list