[Git][security-tracker-team/security-tracker][master] Track fixed version for xen issues fixed via unstable upload
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Nov 29 12:49:30 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
de628d35 by Salvatore Bonaccorso at 2025-11-29T13:46:16+01:00
Track fixed version for xen issues fixed via unstable upload
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -47055,7 +47055,7 @@ CVE-2024-36357 (A transient execution vulnerability in some AMD processors may a
{DSA-5973-1 DLA-4328-1 DLA-4327-1}
- amd64-microcode <unfixed> (bug #1109035)
- linux 6.12.37-1
- - xen <unfixed>
+ - xen 4.20.2+7-g1badcf5035-1
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
NOTE: https://xenbits.xen.org/xsa/advisory-471.html
NOTE: https://www.amd.com/content/dam/amd/en/documents/resources/bulletin/technical-guidance-for-mitigating-transient-scheduler-attacks.pdf
@@ -47068,7 +47068,7 @@ CVE-2024-36350 (A transient execution vulnerability in some AMD processors may a
{DSA-5973-1 DLA-4328-1 DLA-4327-1}
- amd64-microcode <unfixed> (bug #1109035)
- linux 6.12.37-1
- - xen <unfixed>
+ - xen 4.20.2+7-g1badcf5035-1
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
NOTE: https://xenbits.xen.org/xsa/advisory-471.html
NOTE: https://www.amd.com/content/dam/amd/en/documents/resources/bulletin/technical-guidance-for-mitigating-transient-scheduler-attacks.pdf
@@ -48124,42 +48124,42 @@ CVE-2025-23970 (Incorrect Privilege Assignment vulnerability in aonetheme Servic
CVE-2024-9453 (A vulnerability was found in Red Hat OpenShift Jenkins. The bearer tok ...)
NOT-FOR-US: Red Hat OpenShift Jenkins
CVE-2025-58149 (When passing through PCI devices, the detach logic in libxl won't remo ...)
- - xen <unfixed> (bug #1120075)
+ - xen 4.20.2+7-g1badcf5035-1 (bug #1120075)
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
NOTE: https://xenbits.xen.org/xsa/advisory-476.html
CVE-2025-58148 ([This CNA information record relates to multiple CVEs; the text explai ...)
- - xen <unfixed> (bug #1120075)
+ - xen 4.20.2+7-g1badcf5035-1 (bug #1120075)
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
NOTE: https://xenbits.xen.org/xsa/advisory-475.html
CVE-2025-58147 ([This CNA information record relates to multiple CVEs; the text explai ...)
- - xen <unfixed> (bug #1120075)
+ - xen 4.20.2+7-g1badcf5035-1 (bug #1120075)
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
NOTE: https://xenbits.xen.org/xsa/advisory-475.html
CVE-2025-58146
- xen-api <removed>
NOTE: https://xenbits.xen.org/xsa/advisory-474.html
CVE-2025-58144 ([This CNA information record relates to multiple CVEs; the text explai ...)
- - xen <unfixed> (bug #1120075)
+ - xen 4.20.2+7-g1badcf5035-1 (bug #1120075)
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
NOTE: https://xenbits.xen.org/xsa/advisory-473.html
CVE-2025-58145 ([This CNA information record relates to multiple CVEs; the text explai ...)
- - xen <unfixed> (bug #1120075)
+ - xen 4.20.2+7-g1badcf5035-1 (bug #1120075)
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
NOTE: https://xenbits.xen.org/xsa/advisory-473.html
CVE-2025-27466 ([This CNA information record relates to multiple CVEs; the text explai ...)
- - xen <unfixed> (bug #1120075)
+ - xen 4.20.2+7-g1badcf5035-1 (bug #1120075)
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
NOTE: https://xenbits.xen.org/xsa/advisory-472.html
CVE-2025-58142 ([This CNA information record relates to multiple CVEs; the text explai ...)
- - xen <unfixed> (bug #1120075)
+ - xen 4.20.2+7-g1badcf5035-1 (bug #1120075)
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
NOTE: https://xenbits.xen.org/xsa/advisory-472.html
CVE-2025-58143 ([This CNA information record relates to multiple CVEs; the text explai ...)
- - xen <unfixed> (bug #1120075)
+ - xen 4.20.2+7-g1badcf5035-1 (bug #1120075)
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
NOTE: https://xenbits.xen.org/xsa/advisory-472.html
CVE-2025-27465 (Certain instructions need intercepting and emulating by Xen. In some ...)
- - xen <unfixed> (bug #1120075)
+ - xen 4.20.2+7-g1badcf5035-1 (bug #1120075)
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
NOTE: https://xenbits.xen.org/xsa/advisory-470.html
CVE-2025-38234 (In the Linux kernel, the following vulnerability has been resolved: s ...)
@@ -64549,7 +64549,7 @@ CVE-2024-28956 (Exposure of Sensitive Information in Shared Microarchitectural S
{DSA-5925-1 DSA-5924-1 DLA-4327-1 DLA-4271-1 DLA-4170-1}
- intel-microcode 3.20250512.1 (bug #1105172)
- linux 6.12.29-1
- - xen <unfixed> (bug #1105193)
+ - xen 4.20.2+7-g1badcf5035-1 (bug #1105193)
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
NOTE: https://xenbits.xen.org/xsa/advisory-469.html
NOTE: https://www.vusec.net/projects/training-solo/
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/de628d354ea16aef8e26ccdbdad4bc62602d0c9b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/de628d354ea16aef8e26ccdbdad4bc62602d0c9b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251129/66d4ddf8/attachment.htm>
More information about the debian-security-tracker-commits
mailing list