Author: hle
Date: 2016-11-06 21:46:25 +0000 (Sun, 06 Nov 2016)
New Revision: 46028
Modified:
data/CVE/list
Log:
CVE triage for Xen in wheezy.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-11-06 20:57:49 UTC (rev 46027)
+++ data/CVE/list 2016-11-06 21:46:25 UTC (rev 46028)
@@ -12145,6 +12145,8 @@
[wheezy] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <no-dsa> (Minor issue)
+ - xen 4.4.0-1
+ NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1343323
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg01507.html
NOTE:
http://git.qemu.org/?p=qemu.git;a=commit;h=ff589551c8e8e9e95e211b9d8daafb4ed39f1aec
@@ -13010,6 +13012,8 @@
[wheezy] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <no-dsa> (Minor issue)
+ - xen 4.4.0-1
+ NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1341931
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg00150.html
CVE-2016-5234 (Buffer overflow in Huawei VP9660, VP9650, and VP9630 multipoint
...)
@@ -14204,6 +14208,9 @@
[jessie] - qemu <not-affected> (LSI SAS1068 (mptsas) device support
added later)
[wheezy] - qemu <not-affected> (LSI SAS1068 (mptsas) device support
added later)
- qemu-kvm <not-affected> (LSI SAS1068 (mptsas) device support added
later)
+ - xen 4.4.0-1
+ [wheezy] - xen <not-affected> (Vulnerable code introduced later)
+ NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04027.html
NOTE: Introduced by:
http://git.qemu.org/?p=qemu.git;a=commit;h=e351b82611293683c4cabe4b69b7552bde5d4e2a
(v2.6.0-rc0)
CVE-2016-4950
@@ -14261,6 +14268,9 @@
[jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <not-affected> (VMWare PVSCSI paravirtual device
implementation introduced later)
- qemu-kvm <not-affected> (VMWare PVSCSI paravirtual device
implementation introduced later)
+ - xen 4.4.0-1
+ [wheezy] - xen <not-affected> (Vulnerable code introduced later)
+ NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg03774.html
NOTE: Introduced in:
http://git.qemu.org/?p=qemu.git;a=commit;h=881d588a98bf0dce98ddb65c15aa0854c0ac41ed
(v1.5.0-rc0)
CVE-2016-4951 (The tipc_nl_publ_dump function in net/tipc/socket.c in the
Linux ...)
@@ -15618,6 +15628,8 @@
[wheezy] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <no-dsa> (Minor issue)
+ - xen 4.4.0-1
+ NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg05271.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1336429
CVE-2016-4453 (The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU
allows ...)
@@ -15626,6 +15638,8 @@
[wheezy] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <no-dsa> (Minor issue)
+ - xen 4.4.0-1
+ NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg05270.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1336650
CVE-2016-4452
@@ -15673,6 +15687,8 @@
[wheezy] - qemu <no-dsa> (Minor issue; can be fixed along with a future
DSA)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <no-dsa> (Minor issue; can be fixed along with a
future DSA)
+ - xen 4.4.0-1
+ NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg03274.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1337505
CVE-2016-4440 (arch/x86/kvm/vmx.c in the Linux kernel through 4.6.3 mishandles
the ...)
@@ -15687,6 +15703,8 @@
- qemu 1:2.6+dfsg-2 (bug #824856)
[jessie] - qemu <no-dsa> (Minor issue; can be fixed along with a future
DSA)
- qemu-kvm <removed>
+ - xen 4.4.0-1
+ NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg03273.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1337502
CVE-2016-4438 (The REST plugin in Apache Struts 2 2.3.20 through 2.3.28.1
allows ...)
@@ -16782,6 +16800,9 @@
[wheezy] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <no-dsa> (Minor issue)
+ - xen 4.4.0-1
+ [wheezy] - xen <not-affected> (Vulnerable code introduced after
0.14.50, embedded version is 0.10.2)
+ NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg02691.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1325129
NOTE: http://www.openwall.com/lists/oss-security/2016/04/18/3
@@ -16872,6 +16893,9 @@
- qemu 1:2.6+dfsg-2 (bug #821062)
[jessie] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
+ - xen 4.4.0-1
+ [wheezy] - xen <not-affected> (Vulnerable code introduced after 1.0.50,
embedded version is 0.10.2)
+ NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01118.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1313686
NOTE: http://www.openwall.com/lists/oss-security/2016/04/13/6
@@ -16963,6 +16987,8 @@
[wheezy] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <no-dsa> (Minor issue)
+ - xen 4.4.0-1
+ NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1326082
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01131.html
NOTE: http://www.openwall.com/lists/oss-security/2016/04/11/6
@@ -16972,6 +16998,8 @@
[wheezy] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <no-dsa> (Minor issue)
+ - xen 4.4.0-1
+ NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1325884
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01334.html
NOTE:
http://git.qemu.org/?p=qemu.git;a=commit;h=3a15cc0e1ee7168db0782133d2607a6bfa422d66
(v2.6.0-rc2)
@@ -20055,6 +20083,9 @@
[wheezy] - qemu <not-affected> (Vulnerable code not present)
[squeeze] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <not-affected> (Vulnerable code not present)
+ - xen 4.4.0-1
+ [wheezy] - xen <not-affected> (Vulnerable code not present)
+ NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: Upstream patch:
http://git.qemu.org/?p=qemu.git;a=commit;h=60253ed1e6ec6d8e5ef2efe7bf755f475dce9956
(v2.6.0-rc0)
NOTE: Introduced in:
http://git.qemu.org/?p=qemu.git;a=commit;h=a9b7b2ad7b075dba5495271706670e5c6b1304bc
(v1.3.0-rc0)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1314676
@@ -20085,6 +20116,8 @@
- qemu 1:2.6+dfsg-1 (bug #817182)
[jessie] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
+ - xen 4.4.0-1
+ NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE:
http://git.qemu.org/?p=qemu.git;a=commit;h=362786f14a753d8a5256ef97d7c10ed576d6572b
(v2.6.0-rc0)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1296567
NOTE: http://www.openwall.com/lists/oss-security/2016/03/03/9
@@ -20413,6 +20446,8 @@
[wheezy] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <no-dsa> (Minor issue)
+ - xen 4.4.0-1
+ NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE:
http://git.qemu.org/?p=qemu.git;a=commit;h=415ab35a441eca767d033a2702223e785b9d5190
(v2.6.0-rc0)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1303106
NOTE: http://www.openwall.com/lists/oss-security/2016/03/02/8
@@ -22973,6 +23008,9 @@
[wheezy] - qemu <not-affected> (Introduced after v1.2.0)
[squeeze] - qemu <not-affected> (Introduced after v1.2.0)
- qemu-kvm <not-affected> (Introduced after v1.2.0)
+ - xen 4.4.0-1
+ [wheezy] - xen <not-affected> (Vulnerable code introduced after 1.2.0,
embedded version is 0.10.2)
+ NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: Fixed by:
http://git.qemu.org/?p=qemu.git;a=commit;h=dff0367cf66f489aa772320fa2937a8cac1ca30d
(v2.6.0-rc0)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1301643
CVE-2016-2197 [ide: ahci null pointer dereference when using FIS CLB engines]
@@ -22982,6 +23020,9 @@
[wheezy] - qemu <not-affected> (Vulnerable code introduced later)
[squeeze] - qemu <not-affected> (Vulnerable code introduced later)
- qemu-kvm <not-affected> (Vulnerable code introduced later)
+ - xen 4.4.0-1
+ [wheezy] - xen <not-affected> (Vulnerable code introduced later)
+ NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: Fixed by:
http://git.qemu.org/?p=qemu.git;a=commit;h=99b4cb71069f109b79b27bc629fc0cf0886dbc4b
(v2.6.0-rc0)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1302057
NOTE: http://www.openwall.com/lists/oss-security/2016/01/29/2
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
