Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
bfeccb6b by Moritz Mühlenhoff at 2022-04-10T19:58:49+02:00
thunderbird/xen DSAs
- - - - -
2 changed files:
- data/CVE/list
- data/DSA/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -6763,6 +6763,7 @@ CVE-2022-26357 (race in VT-d domain ID cleanup Xen domain
IDs are up to 15 bits
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-399.html
CVE-2022-26356 (Racy interactions between dirty vram tracking and paging log
dirty hyp ...)
+ - xen <unfixed>
[buster] - xen <end-of-life> (DSA 4677-1)
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-397.html
@@ -17340,19 +17341,16 @@ CVE-2022-23036 (Linux PV device frontends vulnerable
to attacks by backends T[hi
NOTE: https://xenbits.xen.org/xsa/advisory-396.html
CVE-2022-23035 (Insufficient cleanup of passed-through device IRQs The
management of I ...)
- xen 4.16.0+51-g0941d6cb-1
- [bullseye] - xen <postponed> (Fix along with next DSA round)
[buster] - xen <end-of-life> (DSA 4677-1)
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-395.html
CVE-2022-23034 (A PV guest could DoS Xen while unmapping a grant To address
XSA-380, r ...)
- xen 4.16.0+51-g0941d6cb-1
- [bullseye] - xen <postponed> (Fix along with next DSA round)
[buster] - xen <end-of-life> (DSA 4677-1)
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-394.html
CVE-2022-23033 (arm: guest_physmap_remove_page not removing the p2m mappings
The funct ...)
- xen 4.16.0+51-g0941d6cb-1
- [bullseye] - xen <postponed> (Fix along with next DSA round)
[buster] - xen <not-affected> (Vulnerable code introduced later)
[stretch] - xen <not-affected> (Vulnerable code introduced later)
NOTE: https://xenbits.xen.org/xsa/advisory-393.html
=====================================
data/DSA/list
=====================================
@@ -1,3 +1,10 @@
+[10 Apr 2022] DSA-5118-1 thunderbird - security update
+ {CVE-2022-1097 CVE-2022-1196 CVE-2022-1197 CVE-2022-24713
CVE-2022-28281 CVE-2022-28282 CVE-2022-28285 CVE-2022-28286 CVE-2022-28289}
+ [buster] - thunderbird 1:91.8.0-1~deb10u1
+ [bullseye] - thunderbird 1:91.8.0-1~deb11u1
+[10 Apr 2022] DSA-5117-1 xen - security update
+ {CVE-2022-23033 CVE-2022-23034 CVE-2022-23035 CVE-2022-26356
CVE-2022-26357 CVE-2022-26358 CVE-2022-26359 CVE-2022-26360 CVE-2022-26361}
+ [bullseye] - xen 4.14.4+74-gd7b22226b5-1
[08 Apr 2022] DSA-5116-1 wpewebkit - security update
{CVE-2022-22624 CVE-2022-22628 CVE-2022-22629}
[bullseye] - wpewebkit 2.36.0-2~deb11u1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bfeccb6b21ab9b645b846da70d756150516c1969
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bfeccb6b21ab9b645b846da70d756150516c1969
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
