Thorsten Alteholz pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4a0bd102 by Thorsten Alteholz at 2020-09-23T14:31:55+02:00
mark CVE-2020-8252 as not-affected
- - - - -
75e5491c by Thorsten Alteholz at 2020-09-23T14:34:05+02:00
mark xen CVEs as EOL in Stretch (not checked whether affected)
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -485,26 +485,32 @@ CVE-2020-25605
CVE-2020-25604 [race when migrating timers between x86 HVM vCPU-s]
RESERVED
- xen <unfixed>
+ [stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-336.html
CVE-2020-25603 [Missing memory barriers when accessing/allocating an event
channel]
RESERVED
- xen <unfixed>
+ [stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-340.html
CVE-2020-25602 [x86 pv: Crash when handling guest access to MSR_MISC_ENABLE]
RESERVED
- xen <unfixed>
+ [stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-333.html
CVE-2020-25601 [lack of preemption in evtchn_reset() / evtchn_destroy()]
RESERVED
- xen <unfixed>
+ [stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-344.html
CVE-2020-25600 [out of bounds event channels available to 32-bit x86 domains]
RESERVED
- xen <unfixed>
+ [stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-342.html
CVE-2020-25599 [races with evtchn_reset()]
RESERVED
- xen <unfixed>
+ [stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-343.html
CVE-2020-25598 [Missing unlock in XENMEM_acquire_resource error path]
RESERVED
@@ -514,14 +520,17 @@ CVE-2020-25598 [Missing unlock in XENMEM_acquire_resource
error path]
CVE-2020-25597 [once valid event channels may not turn invalid]
RESERVED
- xen <unfixed>
+ [stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-338.html
CVE-2020-25596 [x86 pv guest kernel DoS via SYSENTER]
RESERVED
- xen <unfixed>
+ [stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-339.html
CVE-2020-25595 [PCI passthrough code reading back hardware registers]
RESERVED
- xen <unfixed>
+ [stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-337.html
CVE-2020-25594
RESERVED
@@ -41398,6 +41407,7 @@ CVE-2020-8253 (Improper authentication in Citrix
XenMobile Server 10.12 before R
NOT-FOR-US: Citrix
CVE-2020-8252 (The implementation of realpath in libuv < 10.22.1, <
12.18.4, an ...)
- libuv1 1.39.0-1
+ [stretch] - libuv1 <not-affected> (Vulnerable code introduced later)
NOTE:
https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/#fs-realpath-native-on-may-cause-buffer-overflow-medium-cve-2020-8252
NOTE: Debian's version of nodejs uses the shared system library of
libuv1 instead
NOTE: of the bundled one.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/de21c7d34512df5a18f1ea67aea69411c5af80f1...75e5491c4a88686257c727dd9769be42777dee8d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/de21c7d34512df5a18f1ea67aea69411c5af80f1...75e5491c4a88686257c727dd9769be42777dee8d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
