Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
55f2a004 by Salvatore Bonaccorso at 2024-12-12T08:58:56+01:00
Track fixes for xen via experimental
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -70574,6 +70574,7 @@ CVE-2022-4965 (The Invitation Code Content Restriction
Plugin from CreativeMinds
CVE-2024-2201 [Native Branch History Injection]
{DSA-5658-1}
- linux 6.8.9-1
+ [experimental] - xen 4.19.0+14-g0918434e0f-1~exp1
- xen <unfixed>
[bookworm] - xen <postponed> (Minor issue, fix along in next DSA)
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
@@ -70582,10 +70583,12 @@ CVE-2024-2201 [Native Branch History Injection]
NOTE: https://download.vusec.net/papers/inspectre_sec24.pdf
NOTE: https://xenbits.xen.org/xsa/advisory-456.html
CVE-2024-31146 (When multiple devices share resources and one of them is to be
passed ...)
+ [experimental] - xen 4.19.0+14-g0918434e0f-1~exp1
- xen <unfixed>
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
NOTE: https://xenbits.xen.org/xsa/advisory-461.html
CVE-2024-31145 (Certain PCI devices in a system might be assigned Reserved
Memory Regi ...)
+ [experimental] - xen 4.19.0+14-g0918434e0f-1~exp1
- xen <unfixed>
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
NOTE: https://xenbits.xen.org/xsa/advisory-460.html
@@ -70593,11 +70596,13 @@ CVE-2024-31144 [Xapi: Metadata injection attack
against backup/restore functiona
- xen-api <removed>
NOTE: https://xenbits.xen.org/xsa/advisory-459.html
CVE-2024-31143 (An optional feature of PCI MSI called "Multiple Message"
allows a devi ...)
+ [experimental] - xen 4.19.0+14-g0918434e0f-1~exp1
- xen <unfixed>
[bookworm] - xen <postponed> (Minor issue, fix along in next DSA)
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
NOTE: https://xenbits.xen.org/xsa/advisory-458.html
CVE-2024-31142 (Because of a logical error in XSA-407 (Branch Type Confusion),
the mit ...)
+ [experimental] - xen 4.19.0+14-g0918434e0f-1~exp1
- xen <unfixed>
[bookworm] - xen <postponed> (Minor issue, fix along in next DSA)
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
@@ -79108,6 +79113,7 @@ CVE-2023-28746 (Information exposure through
microarchitectural state after tran
[bullseye] - intel-microcode 3.20240312.1~deb11u1
- linux 6.7.9-2
[bookworm] - linux 6.1.82-1
+ [experimental] - xen 4.19.0+14-g0918434e0f-1~exp1
- xen <unfixed>
[bookworm] - xen <postponed> (Minor issue, fix along in next DSA)
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
@@ -79119,6 +79125,7 @@ CVE-2023-28746 (Information exposure through
microarchitectural state after tran
NOTE:
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/register-file-data-sampling.html
CVE-2024-2193 (A Speculative Race Condition (SRC) vulnerability that impacts
modern C ...)
- linux <unfixed>
+ [experimental] - xen 4.19.0+14-g0918434e0f-1~exp1
- xen <unfixed>
[bookworm] - xen <postponed> (Minor issue, fix along in next DSA)
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
@@ -90691,6 +90698,7 @@ CVE-2020-36772 (CloudLinux CageFS 7.0.8-2 or below
insufficiently restricts file
CVE-2020-36771 (CloudLinux CageFS 7.1.1-1 or below passes the authentication
token as ...)
NOT-FOR-US: CloudLinux CageFS
CVE-2023-46842 (Unlike 32-bit PV guests, HVM guests may switch freely between
64-bit a ...)
+ [experimental] - xen 4.19.0+14-g0918434e0f-1~exp1
- xen <unfixed>
[bookworm] - xen <postponed> (Minor issue, fix along in next DSA)
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/55f2a00450bbfc0cc6ede30639fe9651c2b4aaf7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/55f2a00450bbfc0cc6ede30639fe9651c2b4aaf7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
