Author: hle Date: 2016-11-21 18:08:48 +0000 (Mon, 21 Nov 2016) New Revision: 46385
Modified: data/CVE/list Log: CVE triage for Xen in wheezy. Modified: data/CVE/list =================================================================== --- data/CVE/list 2016-11-21 16:17:56 UTC (rev 46384) +++ data/CVE/list 2016-11-21 18:08:48 UTC (rev 46385) @@ -34948,6 +34948,8 @@ - qemu-kvm <removed> [wheezy] - qemu-kvm <no-dsa> (Minor issue; can be fixed along in a later DSA) [squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS) + - xen 4.4.0-1 + NOTE: Xen switched to qemu-system in 4.4.0-1 NOTE: http://www.openwall.com/lists/oss-security/2015/09/18/5 NOTE: https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg04729.html NOTE: https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg04730.html @@ -35953,7 +35955,12 @@ - qemu-kvm <removed> [squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS) [squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS) + - xen 4.4.0-1 + NOTE: Xen switched to qemu-system in 4.4.0-1 NOTE: http://www.openwall.com/lists/oss-security/2015/09/10/1 + NOTE: Fix commit: http://git.qemu.org/?p=qemu.git;a=commit;h=d9033e1d3aa666c5071580617a57bd853c5d794a + NOTE: exec_cmd introduced in http://git.qemu.org/?p=qemu.git;a=commit;h=7cff87ff6ab117799e32e42c2e4dc4c0588e583a + NOTE: cmd_table introduced in http://git.qemu.org/?p=qemu.git;a=commit;h=844505b12e722d9ba7060480e766351fc6313501 CVE-2015-6927 (vzctl before 4.9.4 determines the virtual environment (VE) layout ...) {DSA-3357-1} - vzctl 4.9.4-1 @@ -36095,6 +36102,8 @@ [squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS) - qemu-kvm <removed> [squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS) + - xen 4.4.0-1 + NOTE: Xen switched to qemu-system in 4.4.0-1 NOTE: http://www.openwall.com/lists/oss-security/2015/09/04/4 NOTE: Upstream fix: https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg01199.html CVE-2015-6816 [Ganglia-web auth bypass] @@ -38683,6 +38692,9 @@ [squeeze] - qemu <not-affected> (Vulnerable code introduced later) - qemu-kvm <removed> [squeeze] - qemu-kvm <not-affected> (Vulnerable code introduced later) + - xen 4.4.0-1 + [wheezy] - xen <not-affected> (Vulnerable code introduced later) + NOTE: Xen switched to qemu-system in 4.4.0-1 NOTE: http://www.openwall.com/lists/oss-security/2015/08/06/3 NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=7882080388be5088e72c425b02223c02e6cb4295 (v2.4.0-rc3) NOTE: Introduced in: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=98b19252cf1bd97c54bc4613f3537c5ec0aae263 (v0.13.0-rc0) @@ -121312,6 +121324,10 @@ - qemu 0.15.1+dfsg-2 [lenny] - qemu <not-affected> (Vulnerable CCID code not present) [squeeze] - qemu <not-affected> (Vulnerable CCID code not present) + - xen 4.4.0-1 + [wheezy] - xen <not-affected> (Vulnerable code introduced after 0.14.50, embedded version is 0.10.2) + NOTE: Xen switched to qemu-system in 4.4.0-1 + NOTE: Vulnerable code introduced after 0.14.50: http://git.qemu.org/?p=qemu.git;a=commit;h=edbb21363fbfe40e050f583df921484cbc31c79d CVE-2011-4110 (The user_update function in security/keys/user_defined.c in the Linux ...) {DSA-2389-1} - linux-2.6 3.1.4-1 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits