Author: hle
Date: 2016-11-21 18:08:48 +0000 (Mon, 21 Nov 2016)
New Revision: 46385
Modified:
data/CVE/list
Log:
CVE triage for Xen in wheezy.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-11-21 16:17:56 UTC (rev 46384)
+++ data/CVE/list 2016-11-21 18:08:48 UTC (rev 46385)
@@ -34948,6 +34948,8 @@
- qemu-kvm <removed>
[wheezy] - qemu-kvm <no-dsa> (Minor issue; can be fixed along in a
later DSA)
[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
+ - xen 4.4.0-1
+ NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: http://www.openwall.com/lists/oss-security/2015/09/18/5
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg04729.html
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg04730.html
@@ -35953,7 +35955,12 @@
- qemu-kvm <removed>
[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
+ - xen 4.4.0-1
+ NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: http://www.openwall.com/lists/oss-security/2015/09/10/1
+ NOTE: Fix commit:
http://git.qemu.org/?p=qemu.git;a=commit;h=d9033e1d3aa666c5071580617a57bd853c5d794a
+ NOTE: exec_cmd introduced in
http://git.qemu.org/?p=qemu.git;a=commit;h=7cff87ff6ab117799e32e42c2e4dc4c0588e583a
+ NOTE: cmd_table introduced in
http://git.qemu.org/?p=qemu.git;a=commit;h=844505b12e722d9ba7060480e766351fc6313501
CVE-2015-6927 (vzctl before 4.9.4 determines the virtual environment (VE)
layout ...)
{DSA-3357-1}
- vzctl 4.9.4-1
@@ -36095,6 +36102,8 @@
[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
- qemu-kvm <removed>
[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
+ - xen 4.4.0-1
+ NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: http://www.openwall.com/lists/oss-security/2015/09/04/4
NOTE: Upstream fix:
https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg01199.html
CVE-2015-6816 [Ganglia-web auth bypass]
@@ -38683,6 +38692,9 @@
[squeeze] - qemu <not-affected> (Vulnerable code introduced later)
- qemu-kvm <removed>
[squeeze] - qemu-kvm <not-affected> (Vulnerable code introduced later)
+ - xen 4.4.0-1
+ [wheezy] - xen <not-affected> (Vulnerable code introduced later)
+ NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: http://www.openwall.com/lists/oss-security/2015/08/06/3
NOTE: Fixed by:
http://git.qemu.org/?p=qemu.git;a=commitdiff;h=7882080388be5088e72c425b02223c02e6cb4295
(v2.4.0-rc3)
NOTE: Introduced in:
http://git.qemu.org/?p=qemu.git;a=commitdiff;h=98b19252cf1bd97c54bc4613f3537c5ec0aae263
(v0.13.0-rc0)
@@ -121312,6 +121324,10 @@
- qemu 0.15.1+dfsg-2
[lenny] - qemu <not-affected> (Vulnerable CCID code not present)
[squeeze] - qemu <not-affected> (Vulnerable CCID code not present)
+ - xen 4.4.0-1
+ [wheezy] - xen <not-affected> (Vulnerable code introduced after
0.14.50, embedded version is 0.10.2)
+ NOTE: Xen switched to qemu-system in 4.4.0-1
+ NOTE: Vulnerable code introduced after 0.14.50:
http://git.qemu.org/?p=qemu.git;a=commit;h=edbb21363fbfe40e050f583df921484cbc31c79d
CVE-2011-4110 (The user_update function in security/keys/user_defined.c in the
Linux ...)
{DSA-2389-1}
- linux-2.6 3.1.4-1
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
