Author: hle Date: 2017-01-06 16:20:45 +0000 (Fri, 06 Jan 2017) New Revision: 47790
Modified: data/CVE/list Log: Mark various issues as not-affecting Xen in wheezy (qemu/{virtio, qcow and ui} issues irrelevant) Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-01-06 15:36:37 UTC (rev 47789) +++ data/CVE/list 2017-01-06 16:20:45 UTC (rev 47790) @@ -25432,7 +25432,7 @@ [jessie] - qemu <no-dsa> (Minor issue; can be fixed in future DSA or point release) - qemu-kvm <removed> - xen 4.4.0-1 - [wheezy] - xen <no-dsa> (Minor issue) + [wheezy] - xen <not-affected> (Vulnerable code irrelevant in Xen) NOTE: Xen switched to qemu-system in 4.4.0-1 CVE-2016-5402 RESERVED @@ -47625,6 +47625,7 @@ [wheezy] - qemu-kvm <no-dsa> (Minor issue; can be fixed along in a later DSA) [squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS) - xen 4.4.0-1 + [wheezy] - xen <not-affected> (Vulnerable code irrelevant in Xen) NOTE: Xen switched to qemu-system in 4.4.0-1 NOTE: http://www.openwall.com/lists/oss-security/2015/09/18/5 NOTE: https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg04729.html @@ -94574,6 +94575,7 @@ [squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts) [squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts) - xen 4.4.0-1 + [wheezy] - xen <not-affected> (Vulnerable code irrelevant in Xen) NOTE: Xen switched to qemu-system in 4.4.0-1 NOTE: https://lists.gnu.org/archive/html/qemu-devel/2014-05/msg02156.html CVE-2014-0222 (Integer overflow in the qcow_open function in block/qcow.c in QEMU ...) @@ -94583,6 +94585,7 @@ [squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts) [squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts) - xen 4.4.0-1 + [wheezy] - xen <not-affected> (Vulnerable code irrelevant in Xen) NOTE: Xen switched to qemu-system in 4.4.0-1 NOTE: https://lists.gnu.org/archive/html/qemu-devel/2014-05/msg02155.html CVE-2014-0221 (The dtls1_get_message_fragment function in d1_both.c in OpenSSL before ...) @@ -96904,6 +96907,7 @@ - qemu-kvm <removed> (low) [squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice) - xen 4.4.0-1 + [wheezy] - xen <not-affected> (Vulnerable code irrelevant in Xen) NOTE: Xen switched to qemu-system in 4.4.0-1 CVE-2013-6398 (The virtual router in Apache CloudStack before 4.2.1 does not preserve ...) NOT-FOR-US: Apache CloudStack @@ -102917,6 +102921,7 @@ - qemu-kvm <removed> (low) [squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice) - xen 4.4.0-1 + [wheezy] - xen <not-affected> (Vulnerable code irrelevant in Xen) NOTE: Xen switched to qemu-system in 4.4.0-1 CVE-2013-4150 (The virtio_net_load function in hw/net/virtio-net.c in QEMU 1.5.0 ...) - qemu 2.1+dfsg-1 (low; bug #739589) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits