Author: hle Date: 2016-11-21 22:30:01 +0000 (Mon, 21 Nov 2016) New Revision: 46412
Modified: data/CVE/list Log: CVE triage for Xen in wheezy. Modified: data/CVE/list =================================================================== --- data/CVE/list 2016-11-21 22:24:47 UTC (rev 46411) +++ data/CVE/list 2016-11-21 22:30:01 UTC (rev 46412) @@ -40382,6 +40382,8 @@ [squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS) - qemu-kvm <removed> [squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS) + - xen 4.4.0-1 + NOTE: Xen switched to qemu-system in 4.4.0-1 NOTE: https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg03984.html CVE-2015-5278 [net: avoid infinite loop when receiving packets] RESERVED @@ -40390,6 +40392,8 @@ [squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS) - qemu-kvm <removed> [squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS) + - xen 4.4.0-1 + NOTE: Xen switched to qemu-system in 4.4.0-1 NOTE: Fix: https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg03985.html NOTE: Possibly introduced around http://git.qemu.org/?p=qemu.git;a=commitdiff;h=0ae045ae439ad83692ad039a554f7d62acf9de5c (v0.9.1) CVE-2015-5277 (The get_contents function in nss_files/files-XXX.c in the Name Service ...) @@ -40553,6 +40557,8 @@ [squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS) - qemu-kvm <removed> [squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS) + - xen 4.4.0-1 + NOTE: Xen switched to qemu-system in 4.4.0-1 NOTE: Upstream fix: http://git.qemu.org/?p=qemu.git;a=commit;h=f9a70e79391f6d7c2a912d785239ee8effc1922d (v2.1.0-rc0) CVE-2015-5238 RESERVED @@ -46379,6 +46385,9 @@ [wheezy] - qemu <not-affected> (Introduced in 1.3.0) [squeeze] - qemu <not-affected> (Introduced in 1.3.0) - qemu-kvm <not-affected> (Introduced in 1.3.0) + - xen 4.4.0-1 + [wheezy] - xen <not-affected> (Vulnerable code introduced in 1.3.0, embedded version is 0.10.2) + NOTE: Xen switched to qemu-system in 4.4.0-1 NOTE: Upstream commit: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=d4862a87e31a51de9eb260f25c9e99a75efe3235 NOTE: Introduced in http://git.qemu.org/?p=qemu.git;a=commitdiff;h=0505bcdec8228d8de39ab1a02644e71999e7c052 (v1.3.0-rc0) - linux <not-affected> (Fixed before linux-2.6 -> linux rename, v2.6.33-rc8) @@ -72481,8 +72490,12 @@ [squeeze] - qemu <not-affected> (Vulnerable code not present) - qemu-kvm <removed> [squeeze] - qemu-kvm <not-affected> (Vulnerable code not present) + - xen 4.4.0-1 + [wheezy] - xen <not-affected> (Vulnerable code introduced in 1.3, embedded version is 0.10.2) + NOTE: Xen switched to qemu-system in 4.4.0-1 NOTE: https://lists.gnu.org/archive/html/qemu-devel/2014-06/msg05283.html NOTE: Upstream fix: http://git.qemu.org/?p=qemu.git;a=commit;h=554f802da3f8b09b16b9a84ad5847b2eb0e9ad2b (v2.1.0-rc0) + NOTE: PCIe support introduced in v1.3: http://wiki.qemu.org/ChangeLog/1.3 CVE-2014-3470 (The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL ...) {DSA-2950-1 DLA-0003-1} - openssl 1.0.1h-1 (bug #750665) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits