Author: carnil Date: 2016-04-09 17:49:43 +0000 (Sat, 09 Apr 2016) New Revision: 40837
Modified: data/CVE/list Log: Add verbatim notes for CVE-2016-315{8,9} Modified: data/CVE/list =================================================================== --- data/CVE/list 2016-04-09 17:43:43 UTC (rev 40836) +++ data/CVE/list 2016-04-09 17:49:43 UTC (rev 40837) @@ -1820,11 +1820,19 @@ - xen <unfixed> [jessie] - xen <no-dsa> (Minor issue, can be fixed along in a future DSA) NOTE: http://xenbits.xen.org/xsa/advisory-172.html + NOTE: CVE-2016-3159 is for the code change which is applicable for later + NOTE: versions only, but which must always be combined with the code change + NOTE: for CVE-2016-3158. Ie for the first hunk in xsa172.patch, which + NOTE: patches the function fpu_fxrstor. CVE-2016-3158 RESERVED - xen <unfixed> [jessie] - xen <no-dsa> (Minor issue, can be fixed along in a future DSA) NOTE: http://xenbits.xen.org/xsa/advisory-172.html + NOTE: CVE-2016-3158 is for the code change which is required for all + NOTE: versions (but which is sufficient only on Xen 4.3.x, and insufficient + NOTE: on later versions). Ie for the second hunk in xsa172.patch (the only + NOTE: hunk in xsa172-4.3.patch), which patches the function xrstor. CVE-2016-3157 [I/O port access privilege escalation in x86-64 Linux] RESERVED - linux <unfixed> _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits