[Git][security-tracker-team/security-tracker][master] Track fixes for xen via experimental

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Dec 12 08:13:18 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
55f2a004 by Salvatore Bonaccorso at 2024-12-12T08:58:56+01:00
Track fixes for xen via experimental

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -70574,6 +70574,7 @@ CVE-2022-4965 (The Invitation Code Content Restriction Plugin from CreativeMinds
 CVE-2024-2201 [Native Branch History Injection]
 	{DSA-5658-1}
 	- linux 6.8.9-1
+	[experimental] - xen 4.19.0+14-g0918434e0f-1~exp1
 	- xen <unfixed>
 	[bookworm] - xen <postponed> (Minor issue, fix along in next DSA)
 	[bullseye] - xen <end-of-life> (EOLed in Bullseye)
@@ -70582,10 +70583,12 @@ CVE-2024-2201 [Native Branch History Injection]
 	NOTE: https://download.vusec.net/papers/inspectre_sec24.pdf
 	NOTE: https://xenbits.xen.org/xsa/advisory-456.html
 CVE-2024-31146 (When multiple devices share resources and one of them is to be passed  ...)
+	[experimental] - xen 4.19.0+14-g0918434e0f-1~exp1
 	- xen <unfixed>
 	[bullseye] - xen <end-of-life> (EOLed in Bullseye)
 	NOTE: https://xenbits.xen.org/xsa/advisory-461.html
 CVE-2024-31145 (Certain PCI devices in a system might be assigned Reserved Memory Regi ...)
+	[experimental] - xen 4.19.0+14-g0918434e0f-1~exp1
 	- xen <unfixed>
 	[bullseye] - xen <end-of-life> (EOLed in Bullseye)
 	NOTE: https://xenbits.xen.org/xsa/advisory-460.html
@@ -70593,11 +70596,13 @@ CVE-2024-31144 [Xapi: Metadata injection attack against backup/restore functiona
 	- xen-api <removed>
 	NOTE: https://xenbits.xen.org/xsa/advisory-459.html
 CVE-2024-31143 (An optional feature of PCI MSI called "Multiple Message" allows a devi ...)
+	[experimental] - xen 4.19.0+14-g0918434e0f-1~exp1
 	- xen <unfixed>
 	[bookworm] - xen <postponed> (Minor issue, fix along in next DSA)
 	[bullseye] - xen <end-of-life> (EOLed in Bullseye)
 	NOTE: https://xenbits.xen.org/xsa/advisory-458.html
 CVE-2024-31142 (Because of a logical error in XSA-407 (Branch Type Confusion), the mit ...)
+	[experimental] - xen 4.19.0+14-g0918434e0f-1~exp1
 	- xen <unfixed>
 	[bookworm] - xen <postponed> (Minor issue, fix along in next DSA)
 	[bullseye] - xen <end-of-life> (EOLed in Bullseye)
@@ -79108,6 +79113,7 @@ CVE-2023-28746 (Information exposure through microarchitectural state after tran
 	[bullseye] - intel-microcode 3.20240312.1~deb11u1
 	- linux 6.7.9-2
 	[bookworm] - linux 6.1.82-1
+	[experimental] - xen 4.19.0+14-g0918434e0f-1~exp1
 	- xen <unfixed>
 	[bookworm] - xen <postponed> (Minor issue, fix along in next DSA)
 	[bullseye] - xen <end-of-life> (EOLed in Bullseye)
@@ -79119,6 +79125,7 @@ CVE-2023-28746 (Information exposure through microarchitectural state after tran
 	NOTE: https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/register-file-data-sampling.html
 CVE-2024-2193 (A Speculative Race Condition (SRC) vulnerability that impacts modern C ...)
 	- linux <unfixed>
+	[experimental] - xen 4.19.0+14-g0918434e0f-1~exp1
 	- xen <unfixed>
 	[bookworm] - xen <postponed> (Minor issue, fix along in next DSA)
 	[bullseye] - xen <end-of-life> (EOLed in Bullseye)
@@ -90691,6 +90698,7 @@ CVE-2020-36772 (CloudLinux CageFS 7.0.8-2 or below insufficiently restricts file
 CVE-2020-36771 (CloudLinux CageFS 7.1.1-1 or below passes the authentication token as  ...)
 	NOT-FOR-US: CloudLinux CageFS
 CVE-2023-46842 (Unlike 32-bit PV guests, HVM guests may switch freely between 64-bit a ...)
+	[experimental] - xen 4.19.0+14-g0918434e0f-1~exp1
 	- xen <unfixed>
 	[bookworm] - xen <postponed> (Minor issue, fix along in next DSA)
 	[bullseye] - xen <end-of-life> (EOLed in Bullseye)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/55f2a00450bbfc0cc6ede30639fe9651c2b4aaf7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/55f2a00450bbfc0cc6ede30639fe9651c2b4aaf7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241212/56981584/attachment.htm>

More information about the debian-security-tracker-commits mailing list