Author: hle
Date: 2016-12-26 14:40:49 +0000 (Mon, 26 Dec 2016)
New Revision: 47443
Modified:
data/CVE/list
Log:
CVE triage for Xen in wheezy.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-12-26 10:38:59 UTC (rev 47442)
+++ data/CVE/list 2016-12-26 14:40:49 UTC (rev 47443)
@@ -750,16 +750,21 @@
- qemu <unfixed> (bug #847960)
[jessie] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
+ - xen 4.4.0-1
+ NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2016-12/msg00442.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1334398
NOTE: Fixed by:
http://git.qemu.org/?p=qemu.git;a=commit;h=4299b90e9ba9ce5ca9024572804ba751aa1a7e70
(v2.8.0-rc3)
NOTE: CVE for the "blit pitch values" issue.
+ NOTE: Should be fixed along with CVE-2014-8106
CVE-2016-9921 [display: cirrus_vga: a divide by zero in cirrus_do_copy]
RESERVED
{DLA-764-1}
- qemu <unfixed> (bug #847960)
[jessie] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
+ - xen 4.4.0-1
+ NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2016-12/msg00442.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1334398
NOTE: Fixed by:
http://git.qemu.org/?p=qemu.git;a=commit;h=4299b90e9ba9ce5ca9024572804ba751aa1a7e70
(v2.8.0-rc3)
@@ -1926,6 +1931,9 @@
[jessie] - qemu <not-affected> (Vulnerable code not present)
[wheezy] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <not-affected> (Vulnerable code not present)
+ - xen 4.4.0-1
+ [wheezy] - xen <not-affected> (Vulnerable code introduced in v2.4,
embedded version is 0.10.2)
+ NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg05043.html
NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/12
CVE-2016-9916 [9pfs: add cleanup operation for proxy backend driver]
@@ -1988,6 +1996,9 @@
- qemu <unfixed> (bug #847951)
[jessie] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
+ - xen 4.4.0-1
+ [wheezy] - xen <not-affected> (Vulnerable code introduced later)
+ NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE:
http://git.qemu.org/?p=qemu.git;a=commitdiff;h=791f97758e223de3290592d169f
(v2.8.0-rc0)
NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/10
CVE-2016-9907 [usb: redirector: memory leakage when destroying redirector]
@@ -1996,6 +2007,9 @@
[wheezy] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
+ - xen 4.4.0-1
+ [wheezy] - xen <not-affected> (Vulnerable code not present)
+ NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg01379.html
NOTE:
http://git.qemu.org/?p=qemu.git;a=commit;h=07b026fd82d6cf11baf7d7c603c4f5f6070b35bf
NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/3
@@ -2006,6 +2020,9 @@
[jessie] - qemu <not-affected> (Vulnerable code not present)
[wheezy] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <not-affected> (Vulnerable code not present)
+ - xen 4.4.0-1
+ [wheezy] - xen <not-affected> (Vulnerable code introduced in v2.5,
embedded version is 0.10.2)
+ NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: http://lists.gnu.org/archive/html/qemu-devel/2016-11/msg00059.html
NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/2
CVE-2017-3229
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
