[Git][security-tracker-team/security-tracker][master] Update xen infos

Bastian Blank Wed, 25 Sep 2019 00:44:33 -0700


Bastian Blank pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
cfc83a87 by Bastian Blank at 2019-09-25T07:43:44Z
Update xen infos

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -47796,6 +47796,7 @@ CVE-2018-19965 (An issue was discovered in Xen through 
4.11.x allowing 64-bit PV
        {DSA-4369-1}
        - xen 4.11.1-1
        NOTE: https://xenbits.xen.org/xsa/advisory-279.txt
+       [jessie] - xen <ignored> (Depends on fix for CVE-2017-5715, 
CVE-2017-5753, CVE-2017-5754)
 CVE-2018-19964 (An issue was discovered in Xen 4.11.x allowing x86 guest OS 
users to c ...)
        - xen 4.11.1-1
        [stretch] - xen <not-affected> (Only affects 4.11)
@@ -91115,6 +91116,7 @@ CVE-2018-3665 (System software utilizing Lazy FP state 
restore technique on syst
        NOTE: 
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html
        NOTE: Default eagerfpu=on on all CPUs: 
https://git.kernel.org/linus/58122bf1d856a4ea9581d62a07c557d997d46a19
        NOTE: Hard-disable lazy FPU mode: 
https://git.kernel.org/linus/ca6938a1cd8a1c5e861a99b67f84ac166fc2b9e7
+       [jessie] - xen <ignored> (Depends on fix for CVE-2017-5715, 
CVE-2017-5753, CVE-2017-5754)
 CVE-2018-3664
        RESERVED
 CVE-2018-3663 (Escalation of privilege in Intel Saffron MemoryBase before 11.4 
allows ...)
@@ -91164,6 +91166,7 @@ CVE-2018-3646 (Systems with microprocessors utilizing 
speculative execution and
        NOTE: Updates were already shipped with 20180703 release, but only 
disclosed later, see #906158
        NOTE: The 3.20180703.1 release for intel-microcode was the first batch 
of updates which targeted
        NOTE: most server type CPUs, additional models were supported in the 
3.20180807a.1 release
+       [jessie] - xen <ignored> (Depends on fix for CVE-2017-5715, 
CVE-2017-5753, CVE-2017-5754)
 CVE-2018-3645 (Escalation of privilege in all versions of the Intel Remote 
Keyboard a ...)
        NOT-FOR-US: Intel
 CVE-2018-3644
@@ -91199,6 +91202,7 @@ CVE-2018-3639 (Systems with microprocessors utilizing 
speculative execution and
        NOTE: 
https://git.qemu.org/?p=qemu.git;a=commit;h=d19d1f965904a533998739698020ff4ee8a103da
        NOTE: 
https://git.qemu.org/?p=qemu.git;a=commit;h=cfeea0c021db6234c154dbc723730e81553924ff
        NOTE: 
https://git.qemu.org/?p=qemu.git;a=commit;h=403503b162ffc33fb64cfefdf7b880acf41772cd
+       [jessie] - xen <ignored> (Depends on fix for CVE-2017-5715, 
CVE-2017-5753, CVE-2017-5754)
 CVE-2018-3638 (Escalation of privilege in all versions of the Intel Remote 
Keyboard a ...)
        NOT-FOR-US: Intel
 CVE-2018-3637
@@ -91250,6 +91254,7 @@ CVE-2018-3620 (Systems with microprocessors utilizing 
speculative execution and
        NOTE: https://xenbits.xen.org/xsa/advisory-273.html
        NOTE: The 3.20180703.1 release for intel-microcode was the first batch 
of updates which targeted
        NOTE: most server type CPUs, additional models were supported in the 
3.20180807a.1 release
+       [jessie] - xen <ignored> (Depends on fix for CVE-2017-5715, 
CVE-2017-5753, CVE-2017-5754)
 CVE-2018-3619 (Information disclosure vulnerability in storage media in 
systems with  ...)
        NOT-FOR-US: Intel
 CVE-2018-3618
@@ -137141,6 +137146,9 @@ CVE-2017-5754 (Systems with microprocessors utilizing 
speculative execution and
        NOTE: http://blog.cyberus-technology.de/posts/2018-01-03-meltdown.html
        NOTE: Paper: https://meltdownattack.com/meltdown.pdf
        NOTE: https://01.org/security/advisories/intel-oss-10003
+       - linux-grsec <removed>
+       [jessie] - xen <ignored> (Too intrusive to backport)
+       NOTE: https://xenbits.xen.org/xsa/advisory-254.html
 CVE-2017-5753 (Systems with microprocessors utilizing speculative execution 
and branc ...)
        {DSA-4188-1 DSA-4187-1 DLA-1731-1 DLA-1423-1 DLA-1422-1}
        - linux 4.15.11-1
@@ -137161,6 +137169,9 @@ CVE-2017-5753 (Systems with microprocessors utilizing 
speculative execution and
        NOTE: 
https://googleprojectzero.blogspot.co.uk/2018/01/reading-privileged-memory-with-side.html
        NOTE: Paper: https://spectreattack.com/spectre.pdf
        NOTE: https://01.org/security/advisories/intel-oss-10002
+       - linux-grsec <removed>
+       [jessie] - xen <ignored> (Too intrusive to backport)
+       NOTE: https://xenbits.xen.org/xsa/advisory-254.html
 CVE-2017-5752
        RESERVED
 CVE-2017-5751
@@ -137288,7 +137299,8 @@ CVE-2017-5715 (Systems with microprocessors utilizing 
speculative execution and
        [jessie] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not 
supported)
        - linux-grsec <removed>
        - xen 4.11.1~pre+1.733450b39b-1
-       [jessie] - xen <no-dsa> (Too intrusive to backport)
+       [jessie] - xen <ignored> (Too intrusive to backport)
+       NOTE: https://xenbits.xen.org/xsa/advisory-254.html
 CVE-2017-5714
        RESERVED
 CVE-2017-5713



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/cfc83a8703cb7ddfa9b0e9932c95b9eef806ad60

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/cfc83a8703cb7ddfa9b0e9932c95b9eef806ad60
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Update xen infos

Reply via email to