Author: hle Date: 2016-12-26 14:40:49 +0000 (Mon, 26 Dec 2016) New Revision: 47443
Modified: data/CVE/list Log: CVE triage for Xen in wheezy. Modified: data/CVE/list =================================================================== --- data/CVE/list 2016-12-26 10:38:59 UTC (rev 47442) +++ data/CVE/list 2016-12-26 14:40:49 UTC (rev 47443) @@ -750,16 +750,21 @@ - qemu <unfixed> (bug #847960) [jessie] - qemu <no-dsa> (Minor issue) - qemu-kvm <removed> + - xen 4.4.0-1 + NOTE: Xen switched to qemu-system in 4.4.0-1 NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-12/msg00442.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1334398 NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=4299b90e9ba9ce5ca9024572804ba751aa1a7e70 (v2.8.0-rc3) NOTE: CVE for the "blit pitch values" issue. + NOTE: Should be fixed along with CVE-2014-8106 CVE-2016-9921 [display: cirrus_vga: a divide by zero in cirrus_do_copy] RESERVED {DLA-764-1} - qemu <unfixed> (bug #847960) [jessie] - qemu <no-dsa> (Minor issue) - qemu-kvm <removed> + - xen 4.4.0-1 + NOTE: Xen switched to qemu-system in 4.4.0-1 NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-12/msg00442.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1334398 NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=4299b90e9ba9ce5ca9024572804ba751aa1a7e70 (v2.8.0-rc3) @@ -1926,6 +1931,9 @@ [jessie] - qemu <not-affected> (Vulnerable code not present) [wheezy] - qemu <not-affected> (Vulnerable code not present) - qemu-kvm <not-affected> (Vulnerable code not present) + - xen 4.4.0-1 + [wheezy] - xen <not-affected> (Vulnerable code introduced in v2.4, embedded version is 0.10.2) + NOTE: Xen switched to qemu-system in 4.4.0-1 NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg05043.html NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/12 CVE-2016-9916 [9pfs: add cleanup operation for proxy backend driver] @@ -1988,6 +1996,9 @@ - qemu <unfixed> (bug #847951) [jessie] - qemu <no-dsa> (Minor issue) - qemu-kvm <removed> + - xen 4.4.0-1 + [wheezy] - xen <not-affected> (Vulnerable code introduced later) + NOTE: Xen switched to qemu-system in 4.4.0-1 NOTE: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=791f97758e223de3290592d169f (v2.8.0-rc0) NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/10 CVE-2016-9907 [usb: redirector: memory leakage when destroying redirector] @@ -1996,6 +2007,9 @@ [wheezy] - qemu <not-affected> (Vulnerable code not present) - qemu-kvm <removed> [wheezy] - qemu-kvm <not-affected> (Vulnerable code not present) + - xen 4.4.0-1 + [wheezy] - xen <not-affected> (Vulnerable code not present) + NOTE: Xen switched to qemu-system in 4.4.0-1 NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg01379.html NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=07b026fd82d6cf11baf7d7c603c4f5f6070b35bf NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/3 @@ -2006,6 +2020,9 @@ [jessie] - qemu <not-affected> (Vulnerable code not present) [wheezy] - qemu <not-affected> (Vulnerable code not present) - qemu-kvm <not-affected> (Vulnerable code not present) + - xen 4.4.0-1 + [wheezy] - xen <not-affected> (Vulnerable code introduced in v2.5, embedded version is 0.10.2) + NOTE: Xen switched to qemu-system in 4.4.0-1 NOTE: http://lists.gnu.org/archive/html/qemu-devel/2016-11/msg00059.html NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/2 CVE-2017-3229 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits