Author: hle Date: 2016-11-06 21:46:25 +0000 (Sun, 06 Nov 2016) New Revision: 46028
Modified: data/CVE/list Log: CVE triage for Xen in wheezy. Modified: data/CVE/list =================================================================== --- data/CVE/list 2016-11-06 20:57:49 UTC (rev 46027) +++ data/CVE/list 2016-11-06 21:46:25 UTC (rev 46028) @@ -12145,6 +12145,8 @@ [wheezy] - qemu <no-dsa> (Minor issue) - qemu-kvm <removed> [wheezy] - qemu-kvm <no-dsa> (Minor issue) + - xen 4.4.0-1 + NOTE: Xen switched to qemu-system in 4.4.0-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1343323 NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg01507.html NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=ff589551c8e8e9e95e211b9d8daafb4ed39f1aec @@ -13010,6 +13012,8 @@ [wheezy] - qemu <no-dsa> (Minor issue) - qemu-kvm <removed> [wheezy] - qemu-kvm <no-dsa> (Minor issue) + - xen 4.4.0-1 + NOTE: Xen switched to qemu-system in 4.4.0-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1341931 NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg00150.html CVE-2016-5234 (Buffer overflow in Huawei VP9660, VP9650, and VP9630 multipoint ...) @@ -14204,6 +14208,9 @@ [jessie] - qemu <not-affected> (LSI SAS1068 (mptsas) device support added later) [wheezy] - qemu <not-affected> (LSI SAS1068 (mptsas) device support added later) - qemu-kvm <not-affected> (LSI SAS1068 (mptsas) device support added later) + - xen 4.4.0-1 + [wheezy] - xen <not-affected> (Vulnerable code introduced later) + NOTE: Xen switched to qemu-system in 4.4.0-1 NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04027.html NOTE: Introduced by: http://git.qemu.org/?p=qemu.git;a=commit;h=e351b82611293683c4cabe4b69b7552bde5d4e2a (v2.6.0-rc0) CVE-2016-4950 @@ -14261,6 +14268,9 @@ [jessie] - qemu <no-dsa> (Minor issue) [wheezy] - qemu <not-affected> (VMWare PVSCSI paravirtual device implementation introduced later) - qemu-kvm <not-affected> (VMWare PVSCSI paravirtual device implementation introduced later) + - xen 4.4.0-1 + [wheezy] - xen <not-affected> (Vulnerable code introduced later) + NOTE: Xen switched to qemu-system in 4.4.0-1 NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg03774.html NOTE: Introduced in: http://git.qemu.org/?p=qemu.git;a=commit;h=881d588a98bf0dce98ddb65c15aa0854c0ac41ed (v1.5.0-rc0) CVE-2016-4951 (The tipc_nl_publ_dump function in net/tipc/socket.c in the Linux ...) @@ -15618,6 +15628,8 @@ [wheezy] - qemu <no-dsa> (Minor issue) - qemu-kvm <removed> [wheezy] - qemu-kvm <no-dsa> (Minor issue) + - xen 4.4.0-1 + NOTE: Xen switched to qemu-system in 4.4.0-1 NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg05271.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1336429 CVE-2016-4453 (The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU allows ...) @@ -15626,6 +15638,8 @@ [wheezy] - qemu <no-dsa> (Minor issue) - qemu-kvm <removed> [wheezy] - qemu-kvm <no-dsa> (Minor issue) + - xen 4.4.0-1 + NOTE: Xen switched to qemu-system in 4.4.0-1 NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg05270.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1336650 CVE-2016-4452 @@ -15673,6 +15687,8 @@ [wheezy] - qemu <no-dsa> (Minor issue; can be fixed along with a future DSA) - qemu-kvm <removed> [wheezy] - qemu-kvm <no-dsa> (Minor issue; can be fixed along with a future DSA) + - xen 4.4.0-1 + NOTE: Xen switched to qemu-system in 4.4.0-1 NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg03274.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1337505 CVE-2016-4440 (arch/x86/kvm/vmx.c in the Linux kernel through 4.6.3 mishandles the ...) @@ -15687,6 +15703,8 @@ - qemu 1:2.6+dfsg-2 (bug #824856) [jessie] - qemu <no-dsa> (Minor issue; can be fixed along with a future DSA) - qemu-kvm <removed> + - xen 4.4.0-1 + NOTE: Xen switched to qemu-system in 4.4.0-1 NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg03273.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1337502 CVE-2016-4438 (The REST plugin in Apache Struts 2 2.3.20 through 2.3.28.1 allows ...) @@ -16782,6 +16800,9 @@ [wheezy] - qemu <no-dsa> (Minor issue) - qemu-kvm <removed> [wheezy] - qemu-kvm <no-dsa> (Minor issue) + - xen 4.4.0-1 + [wheezy] - xen <not-affected> (Vulnerable code introduced after 0.14.50, embedded version is 0.10.2) + NOTE: Xen switched to qemu-system in 4.4.0-1 NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg02691.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1325129 NOTE: http://www.openwall.com/lists/oss-security/2016/04/18/3 @@ -16872,6 +16893,9 @@ - qemu 1:2.6+dfsg-2 (bug #821062) [jessie] - qemu <no-dsa> (Minor issue) - qemu-kvm <removed> + - xen 4.4.0-1 + [wheezy] - xen <not-affected> (Vulnerable code introduced after 1.0.50, embedded version is 0.10.2) + NOTE: Xen switched to qemu-system in 4.4.0-1 NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01118.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1313686 NOTE: http://www.openwall.com/lists/oss-security/2016/04/13/6 @@ -16963,6 +16987,8 @@ [wheezy] - qemu <no-dsa> (Minor issue) - qemu-kvm <removed> [wheezy] - qemu-kvm <no-dsa> (Minor issue) + - xen 4.4.0-1 + NOTE: Xen switched to qemu-system in 4.4.0-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1326082 NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01131.html NOTE: http://www.openwall.com/lists/oss-security/2016/04/11/6 @@ -16972,6 +16998,8 @@ [wheezy] - qemu <no-dsa> (Minor issue) - qemu-kvm <removed> [wheezy] - qemu-kvm <no-dsa> (Minor issue) + - xen 4.4.0-1 + NOTE: Xen switched to qemu-system in 4.4.0-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1325884 NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01334.html NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=3a15cc0e1ee7168db0782133d2607a6bfa422d66 (v2.6.0-rc2) @@ -20055,6 +20083,9 @@ [wheezy] - qemu <not-affected> (Vulnerable code not present) [squeeze] - qemu <not-affected> (Vulnerable code not present) - qemu-kvm <not-affected> (Vulnerable code not present) + - xen 4.4.0-1 + [wheezy] - xen <not-affected> (Vulnerable code not present) + NOTE: Xen switched to qemu-system in 4.4.0-1 NOTE: Upstream patch: http://git.qemu.org/?p=qemu.git;a=commit;h=60253ed1e6ec6d8e5ef2efe7bf755f475dce9956 (v2.6.0-rc0) NOTE: Introduced in: http://git.qemu.org/?p=qemu.git;a=commit;h=a9b7b2ad7b075dba5495271706670e5c6b1304bc (v1.3.0-rc0) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1314676 @@ -20085,6 +20116,8 @@ - qemu 1:2.6+dfsg-1 (bug #817182) [jessie] - qemu <no-dsa> (Minor issue) - qemu-kvm <removed> + - xen 4.4.0-1 + NOTE: Xen switched to qemu-system in 4.4.0-1 NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=362786f14a753d8a5256ef97d7c10ed576d6572b (v2.6.0-rc0) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1296567 NOTE: http://www.openwall.com/lists/oss-security/2016/03/03/9 @@ -20413,6 +20446,8 @@ [wheezy] - qemu <no-dsa> (Minor issue) - qemu-kvm <removed> [wheezy] - qemu-kvm <no-dsa> (Minor issue) + - xen 4.4.0-1 + NOTE: Xen switched to qemu-system in 4.4.0-1 NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=415ab35a441eca767d033a2702223e785b9d5190 (v2.6.0-rc0) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1303106 NOTE: http://www.openwall.com/lists/oss-security/2016/03/02/8 @@ -22973,6 +23008,9 @@ [wheezy] - qemu <not-affected> (Introduced after v1.2.0) [squeeze] - qemu <not-affected> (Introduced after v1.2.0) - qemu-kvm <not-affected> (Introduced after v1.2.0) + - xen 4.4.0-1 + [wheezy] - xen <not-affected> (Vulnerable code introduced after 1.2.0, embedded version is 0.10.2) + NOTE: Xen switched to qemu-system in 4.4.0-1 NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=dff0367cf66f489aa772320fa2937a8cac1ca30d (v2.6.0-rc0) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1301643 CVE-2016-2197 [ide: ahci null pointer dereference when using FIS CLB engines] @@ -22982,6 +23020,9 @@ [wheezy] - qemu <not-affected> (Vulnerable code introduced later) [squeeze] - qemu <not-affected> (Vulnerable code introduced later) - qemu-kvm <not-affected> (Vulnerable code introduced later) + - xen 4.4.0-1 + [wheezy] - xen <not-affected> (Vulnerable code introduced later) + NOTE: Xen switched to qemu-system in 4.4.0-1 NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=99b4cb71069f109b79b27bc629fc0cf0886dbc4b (v2.6.0-rc0) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1302057 NOTE: http://www.openwall.com/lists/oss-security/2016/01/29/2 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits