Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6d8c84b1 by Salvatore Bonaccorso at 2018-07-15T00:14:16+02:00
Add fixed version for src:xen in unstable
At point release time for 9.5 given there was no more recent version in
unstable for src:xen the package from stable was propped up from stable
to unstable.
As such mark for evey uploaded version which fix a set of CVE with the
respective version from stable, which is now as well in unstable.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -2586,15 +2586,15 @@ CVE-2018-12894
RESERVED
CVE-2018-12893 (An issue was discovered in Xen through 4.10.x. One of the
fixes in ...)
{DSA-4236-1}
- - xen <unfixed>
+ - xen 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9
NOTE: https://xenbits.xen.org/xsa/advisory-265.html
CVE-2018-12892 (An issue was discovered in Xen 4.7 through 4.10.x. libxl fails
to pass ...)
{DSA-4236-1}
- - xen <unfixed>
+ - xen 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9
NOTE: https://xenbits.xen.org/xsa/advisory-266.html
CVE-2018-12891 (An issue was discovered in Xen through 4.10.x. Certain PV MMU
...)
{DSA-4236-1}
- - xen <unfixed>
+ - xen 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9
NOTE: https://xenbits.xen.org/xsa/advisory-264.html
CVE-2018-12890
RESERVED
@@ -7661,11 +7661,11 @@ CVE-2018-10992 (lilypond-invoke-editor in LilyPond
2.19.80 does not validate str
[wheezy] - lilypond <not-affected> (Incomplete fix not applied)
CVE-2018-10982 (An issue was discovered in Xen through 4.10.x allowing x86 HVM
guest OS ...)
{DSA-4201-1 DLA-1383-1}
- - xen <unfixed>
+ - xen 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6
NOTE: https://xenbits.xen.org/xsa/advisory-261.html
CVE-2018-10981 (An issue was discovered in Xen through 4.10.x allowing x86 HVM
guest OS ...)
{DSA-4201-1 DLA-1383-1}
- - xen <unfixed>
+ - xen 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6
NOTE: https://xenbits.xen.org/xsa/advisory-262.html
CVE-2018-10980
RESERVED
@@ -9119,12 +9119,12 @@ CVE-2017-18262 (Blackboard Learn (Since at least 17th
of October 2017) has allow
NOT-FOR-US: Blackboard Learn
CVE-2018-10471 (An issue was discovered in Xen through 4.10.x allowing x86 PV
guest OS ...)
{DSA-4201-1}
- - xen <unfixed>
+ - xen 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6
[wheezy] - xen <not-affected> (Regression for XSA-254 which was not
applied in wheezy)
NOTE: https://xenbits.xen.org/xsa/advisory-259.html
CVE-2018-10472 (An issue was discovered in Xen through 4.10.x allowing x86 HVM
guest OS ...)
{DSA-4201-1}
- - xen <unfixed>
+ - xen 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6
[wheezy] - xen <not-affected> (No QMP support in wheezy)
NOTE: https://xenbits.xen.org/xsa/advisory-258.html
CVE-2018-10432
@@ -12965,7 +12965,7 @@ CVE-2018-8897 (A statement in the System Programming
Guide of the Intel 64 and I
{DSA-4201-1 DSA-4196-1 DLA-1392-1 DLA-1383-1}
- linux 4.15.17-1
NOTE: Fixed by:
https://git.kernel.org/linus/d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9 (4.16-rc7)
- - xen <unfixed>
+ - xen 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6
NOTE: https://xenbits.xen.org/xsa/advisory-260.html
NOTE: http://www.openwall.com/lists/oss-security/2018/05/08/4
CVE-2018-8896 (In 2345 Security Guard 3.6, the driver file (2345DumpBlock.sys)
allows ...)
@@ -27797,7 +27797,7 @@ CVE-2018-3666
CVE-2018-3665 (System software utilizing Lazy FP state restore technique on
systems ...)
{DSA-4232-1 DLA-1422-1}
- linux 4.6.1-1
- - xen <unfixed>
+ - xen 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u8
NOTE: https://xenbits.xen.org/xsa/advisory-267.html
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html
NOTE: Default eagerfpu=on on all CPUs:
https://git.kernel.org/linus/58122bf1d856a4ea9581d62a07c557d997d46a19
@@ -27861,7 +27861,7 @@ CVE-2018-3639 (Systems with microprocessors utilizing
speculative execution and
- linux 4.16.12-1
[stretch] - linux 4.9.107-1
[wheezy] - linux <ignored> (Too much work to backport)
- - xen <unfixed>
+ - xen 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7
NOTE: https://xenbits.xen.org/xsa/advisory-263.html
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1528
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6d8c84b1f4f6b8d432515d103394984b88e4f315
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6d8c84b1f4f6b8d432515d103394984b88e4f315
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
