[Secure-testing-commits] r47790 - data/CVE

Fri, 06 Jan 2017 08:21:18 -0800 

Author: hle
Date: 2017-01-06 16:20:45 +0000 (Fri, 06 Jan 2017)
New Revision: 47790

Modified:
   data/CVE/list
Log:
Mark various issues as not-affecting Xen in wheezy (qemu/{virtio, qcow and ui} 
issues irrelevant)

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-01-06 15:36:37 UTC (rev 47789)
+++ data/CVE/list       2017-01-06 16:20:45 UTC (rev 47790)
@@ -25432,7 +25432,7 @@
        [jessie] - qemu <no-dsa> (Minor issue; can be fixed in future DSA or 
point release)
        - qemu-kvm <removed>
        - xen 4.4.0-1
-       [wheezy] - xen <no-dsa> (Minor issue)
+       [wheezy] - xen <not-affected> (Vulnerable code irrelevant in Xen)
        NOTE: Xen switched to qemu-system in 4.4.0-1
 CVE-2016-5402
        RESERVED
@@ -47625,6 +47625,7 @@
        [wheezy] - qemu-kvm <no-dsa> (Minor issue; can be fixed along in a 
later DSA)
        [squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
        - xen 4.4.0-1
+       [wheezy] - xen <not-affected> (Vulnerable code irrelevant in Xen)
        NOTE: Xen switched to qemu-system in 4.4.0-1
        NOTE: http://www.openwall.com/lists/oss-security/2015/09/18/5
        NOTE: 
https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg04729.html
@@ -94574,6 +94575,7 @@
        [squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
        [squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts)
        - xen 4.4.0-1
+       [wheezy] - xen <not-affected> (Vulnerable code irrelevant in Xen)
        NOTE: Xen switched to qemu-system in 4.4.0-1
        NOTE: 
https://lists.gnu.org/archive/html/qemu-devel/2014-05/msg02156.html
 CVE-2014-0222 (Integer overflow in the qcow_open function in block/qcow.c in 
QEMU ...)
@@ -94583,6 +94585,7 @@
        [squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
        [squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts)
        - xen 4.4.0-1
+       [wheezy] - xen <not-affected> (Vulnerable code irrelevant in Xen)
        NOTE: Xen switched to qemu-system in 4.4.0-1
        NOTE: 
https://lists.gnu.org/archive/html/qemu-devel/2014-05/msg02155.html
 CVE-2014-0221 (The dtls1_get_message_fragment function in d1_both.c in OpenSSL 
before ...)
@@ -96904,6 +96907,7 @@
        - qemu-kvm <removed> (low)
        [squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in 
practice)
        - xen 4.4.0-1
+       [wheezy] - xen <not-affected> (Vulnerable code irrelevant in Xen)
        NOTE: Xen switched to qemu-system in 4.4.0-1
 CVE-2013-6398 (The virtual router in Apache CloudStack before 4.2.1 does not 
preserve ...)
        NOT-FOR-US: Apache CloudStack
@@ -102917,6 +102921,7 @@
        - qemu-kvm <removed> (low)
        [squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in 
practice)
        - xen 4.4.0-1
+       [wheezy] - xen <not-affected> (Vulnerable code irrelevant in Xen)
        NOTE: Xen switched to qemu-system in 4.4.0-1
 CVE-2013-4150 (The virtio_net_load function in hw/net/virtio-net.c in QEMU 
1.5.0 ...)
        - qemu 2.1+dfsg-1 (low; bug #739589)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to