[Git][security-tracker-team/security-tracker][master] Add additional references for speculation issues variants

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
20d990a2 by Salvatore Bonaccorso at 2022-03-09T08:42:40+01:00
Add additional references for speculation issues variants

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7876,6 +7876,7 @@ CVE-2022-23960
        - linux <unfixed>
        NOTE: https://www.vusec.net/projects/bhi-spectre-bhb/
        NOTE: 
https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/spectre-bhb
+       NOTE: https://xenbits.xen.org/xsa/advisory-398.html
 CVE-2022-23959 (In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish 
Cache 6.0  ...)
        {DSA-5088-1 DLA-2920-1}
        - varnish <unfixed> (bug #1004433)
@@ -68401,6 +68402,9 @@ CVE-2021-26402
        RESERVED
 CVE-2021-26401
        RESERVED
+       NOTE: 
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1036
+       NOTE: https://xenbits.xen.org/xsa/advisory-398.html
+       TODO: check if we need to track mitigations in src:linux
 CVE-2021-26400
        RESERVED
 CVE-2021-26399
@@ -68521,6 +68525,10 @@ CVE-2021-26342
        RESERVED
 CVE-2021-26341
        RESERVED
+       NOTE: 
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1026
+       NOTE: 
https://grsecurity.net/amd_branch_mispredictor_part_2_where_no_cpu_has_gone_before
+       NOTE: https://xenbits.xen.org/xsa/advisory-398.html
+       TODO: check if we need to track mitigations in src:linux
 CVE-2021-26340 (A malicious hypervisor in conjunction with an unprivileged 
attacker pr ...)
        NOT-FOR-US: AMD
 CVE-2021-26339



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/20d990a228f1391ce17209ede806d6117009befc

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/20d990a228f1391ce17209ede806d6117009befc
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits