Ola Lundqvist pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ebd93992 by Ola Lundqvist at 2020-03-29T22:45:12+02:00
Added comment for EOL entries for xen and tor for jessie.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1165,7 +1165,7 @@ CVE-2020-10592 (Tor before 0.3.5.10, 0.4.x before
0.4.1.9, and 0.4.2.x before 0.
{DSA-4644-1}
- tor 0.4.2.7-1
[stretch] - tor <end-of-life> (See DSA 4644)
- [jessie] - tor <end-of-life>
+ [jessie] - tor <end-of-life> (Not supported in jessie LTS)
NOTE: https://blog.torproject.org/new-releases-03510-0419-0427
NOTE: https://bugs.torproject.org/33120
CVE-2020-10591 (An issue was discovered in Walmart Labs Concord before 1.44.0.
CORS Ac ...)
@@ -22042,37 +22042,38 @@ CVE-2019-19584
CVE-2019-19583 (An issue was discovered in Xen through 4.12.x allowing x86
HVM/PVH gue ...)
{DSA-4602-1}
- xen 4.11.3+24-g14b62ab3e5-1 (bug #947944)
- [jessie] - xen <end-of-life>
+ [jessie] - xen <end-of-life> (Not supported in jessie LTS)
+
NOTE: https://xenbits.xen.org/xsa/advisory-308.html
CVE-2019-19582 (An issue was discovered in Xen through 4.12.x allowing x86
guest OS us ...)
{DSA-4602-1}
- xen 4.11.3+24-g14b62ab3e5-1 (bug #947944)
- [jessie] - xen <end-of-life>
+ [jessie] - xen <end-of-life> (Not supported in jessie LTS)
NOTE: https://xenbits.xen.org/xsa/advisory-307.html
CVE-2019-19581 (An issue was discovered in Xen through 4.12.x allowing 32-bit
Arm gues ...)
{DSA-4602-1}
- xen 4.11.3+24-g14b62ab3e5-1 (bug #947944)
- [jessie] - xen <end-of-life>
+ [jessie] - xen <end-of-life> (Not supported in jessie LTS)
NOTE: https://xenbits.xen.org/xsa/advisory-307.html
CVE-2019-19580 (An issue was discovered in Xen through 4.12.x allowing x86 PV
guest OS ...)
{DSA-4602-1}
- xen 4.11.3+24-g14b62ab3e5-1 (bug #947944)
- [jessie] - xen <end-of-life>
+ [jessie] - xen <end-of-life> (Not supported in jessie LTS)
NOTE: https://xenbits.xen.org/xsa/advisory-310.html
CVE-2019-19578 (An issue was discovered in Xen through 4.12.x allowing x86 PV
guest OS ...)
{DSA-4602-1}
- xen 4.11.3+24-g14b62ab3e5-1 (bug #947944)
- [jessie] - xen <end-of-life>
+ [jessie] - xen <end-of-life> (Not supported in jessie LTS)
NOTE: https://xenbits.xen.org/xsa/advisory-309.html
CVE-2019-19577 (An issue was discovered in Xen through 4.12.x allowing x86 AMD
HVM gue ...)
{DSA-4602-1}
- xen 4.11.3+24-g14b62ab3e5-1 (bug #947944)
- [jessie] - xen <end-of-life>
+ [jessie] - xen <end-of-life> (Not supported in jessie LTS)
NOTE: https://xenbits.xen.org/xsa/advisory-311.html
CVE-2019-19579 (An issue was discovered in Xen through 4.12.x allowing
attackers to ga ...)
{DSA-4602-1}
- xen 4.11.3+24-g14b62ab3e5-1 (bug #947944)
- [jessie] - xen <end-of-life>
+ [jessie] - xen <end-of-life> (Not supported in jessie LTS)
NOTE: https://xenbits.xen.org/xsa/advisory-306.html
CVE-2019-19576 (class.upload.php in verot.net class.upload before 1.0.3 and
2.x before ...)
NOT-FOR-US: K2 extension for Joomla!
@@ -28278,32 +28279,32 @@ CVE-2019-18426 (A vulnerability in WhatsApp Desktop
versions prior to 0.3.9309 w
CVE-2019-18425 (An issue was discovered in Xen through 4.12.x allowing 32-bit
PV guest ...)
{DSA-4602-1}
- xen 4.11.3+24-g14b62ab3e5-1 (bug #947944)
- [jessie] - xen <end-of-life>
+ [jessie] - xen <end-of-life> (Not supported in jessie LTS)
NOTE: https://xenbits.xen.org/xsa/advisory-298.html
CVE-2019-18424 (An issue was discovered in Xen through 4.12.x allowing
attackers to ga ...)
{DSA-4602-1}
- xen 4.11.3+24-g14b62ab3e5-1 (bug #947944)
- [jessie] - xen <end-of-life>
+ [jessie] - xen <end-of-life> (Not supported in jessie LTS)
NOTE: https://xenbits.xen.org/xsa/advisory-302.html
CVE-2019-18423 (An issue was discovered in Xen through 4.12.x allowing ARM
guest OS us ...)
{DSA-4602-1}
- xen 4.11.3+24-g14b62ab3e5-1 (bug #947944)
- [jessie] - xen <end-of-life>
+ [jessie] - xen <end-of-life> (Not supported in jessie LTS)
NOTE: https://xenbits.xen.org/xsa/advisory-301.html
CVE-2019-18422 (An issue was discovered in Xen through 4.12.x allowing ARM
guest OS us ...)
{DSA-4602-1}
- xen 4.11.3+24-g14b62ab3e5-1 (bug #947944)
- [jessie] - xen <end-of-life>
+ [jessie] - xen <end-of-life> (Not supported in jessie LTS)
NOTE: https://xenbits.xen.org/xsa/advisory-303.html
CVE-2019-18421 (An issue was discovered in Xen through 4.12.x allowing x86 PV
guest OS ...)
{DSA-4602-1}
- xen 4.11.3+24-g14b62ab3e5-1 (bug #947944)
- [jessie] - xen <end-of-life>
+ [jessie] - xen <end-of-life> (Not supported in jessie LTS)
NOTE: https://xenbits.xen.org/xsa/advisory-299.html
CVE-2019-18420 (An issue was discovered in Xen through 4.12.x allowing x86 PV
guest OS ...)
{DSA-4602-1}
- xen 4.11.3+24-g14b62ab3e5-1 (bug #947944)
- [jessie] - xen <end-of-life>
+ [jessie] - xen <end-of-life> (Not supported in jessie LTS)
NOTE: https://xenbits.xen.org/xsa/advisory-296.html
CVE-2019-18419 (A cross-site scripting (XSS) vulnerability in index.php in
ClonOS WEB ...)
NOT-FOR-US: ClonOS
@@ -51541,7 +51542,7 @@ CVE-2019-11135 (TSX Asynchronous Abort condition on
some CPUs utilizing speculat
- linux 5.3.9-2
- intel-microcode 3.20191112.1
- xen 4.11.3+24-g14b62ab3e5-1 (bug #947944)
- [jessie] - xen <end-of-life>
+ [jessie] - xen <end-of-life> (Not supported in jessie LTS)
NOTE:
https://software.intel.com/security-software-guidance/insights/deep-dive-intel-transactional-synchronization-extensions-intel-tsx-asynchronous-abort
NOTE: https://xenbits.xen.org/xsa/advisory-305.html
NOTE: The 3.20191112.1 release for intel-microcode did contain most
updates, additional
@@ -56933,12 +56934,12 @@ CVE-2019-9577
CVE-2019-17350 (An issue was discovered in Xen through 4.12.x allowing Arm
domU attack ...)
{DSA-4602-1}
- xen 4.11.3+24-g14b62ab3e5-1
- [jessie] - xen <end-of-life>
+ [jessie] - xen <end-of-life> (Not supported in jessie LTS)
NOTE: https://xenbits.xen.org/xsa/advisory-295.html
CVE-2019-17349 (An issue was discovered in Xen through 4.12.x allowing Arm
domU attack ...)
{DSA-4602-1}
- xen 4.11.3+24-g14b62ab3e5-1
- [jessie] - xen <end-of-life>
+ [jessie] - xen <end-of-life> (Not supported in jessie LTS)
NOTE: https://xenbits.xen.org/xsa/advisory-295.html
CVE-2019-17348 (An issue was discovered in Xen through 4.11.x allowing x86 PV
guest OS ...)
- xen 4.11.1+92-g6c33308a8d-1 (bug #929992)
@@ -56948,7 +56949,7 @@ CVE-2019-17348 (An issue was discovered in Xen through
4.11.x allowing x86 PV gu
CVE-2019-17347 (An issue was discovered in Xen through 4.11.x allowing x86 PV
guest OS ...)
- xen 4.11.1+92-g6c33308a8d-1 (bug #929999)
[stretch] - xen 4.8.5.final+shim4.10.4-1+deb9u12
- [jessie] - xen <end-of-life>
+ [jessie] - xen <end-of-life> (Not supported in jessie LTS)
NOTE: https://xenbits.xen.org/xsa/advisory-293.html
CVE-2019-17346 (An issue was discovered in Xen through 4.11.x allowing x86 PV
guest OS ...)
- xen 4.11.1+92-g6c33308a8d-1 (bug #929993)
@@ -102474,7 +102475,7 @@ CVE-2018-12207 (Improper invalidation for page table
updates by a virtual guest
- linux 5.3.9-2
[jessie] - linux <ignored> (Untrusted guests are no longer supportable)
- xen 4.11.3+24-g14b62ab3e5-1 (bug #947944)
- [jessie] - xen <end-of-life>
+ [jessie] - xen <end-of-life> (Not supported in jessie LTS)
NOTE:
https://software.intel.com/security-software-guidance/insights/deep-dive-machine-check-error-avoidance-page-size-change-0
NOTE: https://xenbits.xen.org/xsa/advisory-304.html
CVE-2018-12206 (Improper configuration of hardware access in Intel QuickAssist
Technol ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ebd93992fc5e3826160524b0cf4f6cf1c754f809
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ebd93992fc5e3826160524b0cf4f6cf1c754f809
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
