[Secure-testing-commits] r46412 - data/CVE

Mon, 21 Nov 2016 14:33:39 -0800 

Author: hle
Date: 2016-11-21 22:30:01 +0000 (Mon, 21 Nov 2016)
New Revision: 46412

Modified:
   data/CVE/list
Log:
CVE triage for Xen in wheezy.

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2016-11-21 22:24:47 UTC (rev 46411)
+++ data/CVE/list       2016-11-21 22:30:01 UTC (rev 46412)
@@ -40382,6 +40382,8 @@
        [squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
        - qemu-kvm <removed>
        [squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
+       - xen 4.4.0-1
+       NOTE: Xen switched to qemu-system in 4.4.0-1
        NOTE: 
https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg03984.html
 CVE-2015-5278 [net: avoid infinite loop when receiving packets]
        RESERVED
@@ -40390,6 +40392,8 @@
        [squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
        - qemu-kvm <removed>
        [squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
+       - xen 4.4.0-1
+       NOTE: Xen switched to qemu-system in 4.4.0-1
        NOTE: Fix: 
https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg03985.html
        NOTE: Possibly introduced around 
http://git.qemu.org/?p=qemu.git;a=commitdiff;h=0ae045ae439ad83692ad039a554f7d62acf9de5c
 (v0.9.1)
 CVE-2015-5277 (The get_contents function in nss_files/files-XXX.c in the Name 
Service ...)
@@ -40553,6 +40557,8 @@
        [squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
        - qemu-kvm <removed>
        [squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
+       - xen 4.4.0-1
+       NOTE: Xen switched to qemu-system in 4.4.0-1
        NOTE: Upstream fix: 
http://git.qemu.org/?p=qemu.git;a=commit;h=f9a70e79391f6d7c2a912d785239ee8effc1922d
 (v2.1.0-rc0)
 CVE-2015-5238
        RESERVED
@@ -46379,6 +46385,9 @@
        [wheezy] - qemu <not-affected> (Introduced in 1.3.0)
        [squeeze] - qemu <not-affected> (Introduced in 1.3.0)
        - qemu-kvm <not-affected> (Introduced in 1.3.0)
+       - xen 4.4.0-1
+       [wheezy] - xen <not-affected> (Vulnerable code introduced in 1.3.0, 
embedded version is 0.10.2)
+       NOTE: Xen switched to qemu-system in 4.4.0-1
        NOTE: Upstream commit: 
http://git.qemu.org/?p=qemu.git;a=commitdiff;h=d4862a87e31a51de9eb260f25c9e99a75efe3235
        NOTE: Introduced in 
http://git.qemu.org/?p=qemu.git;a=commitdiff;h=0505bcdec8228d8de39ab1a02644e71999e7c052
 (v1.3.0-rc0)
        - linux <not-affected> (Fixed before linux-2.6 -> linux rename, 
v2.6.33-rc8)
@@ -72481,8 +72490,12 @@
        [squeeze] - qemu <not-affected> (Vulnerable code not present)
        - qemu-kvm <removed>
        [squeeze] - qemu-kvm <not-affected> (Vulnerable code not present)
+       - xen 4.4.0-1
+       [wheezy] - xen <not-affected> (Vulnerable code introduced in 1.3, 
embedded version is 0.10.2)
+       NOTE: Xen switched to qemu-system in 4.4.0-1
        NOTE: 
https://lists.gnu.org/archive/html/qemu-devel/2014-06/msg05283.html
        NOTE: Upstream fix: 
http://git.qemu.org/?p=qemu.git;a=commit;h=554f802da3f8b09b16b9a84ad5847b2eb0e9ad2b
 (v2.1.0-rc0)
+        NOTE: PCIe support introduced in v1.3: 
http://wiki.qemu.org/ChangeLog/1.3
 CVE-2014-3470 (The ssl3_send_client_key_exchange function in s3_clnt.c in 
OpenSSL ...)
        {DSA-2950-1 DLA-0003-1}
        - openssl 1.0.1h-1 (bug #750665)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to