Author: carnil Date: 2013-10-10 12:37:17 +0000 (Thu, 10 Oct 2013) New Revision: 23941
Modified: data/CVE/list Log: Add CVE-2013-4371/xen Modified: data/CVE/list =================================================================== --- data/CVE/list 2013-10-10 12:35:05 UTC (rev 23940) +++ data/CVE/list 2013-10-10 12:37:17 UTC (rev 23941) @@ -3593,18 +3593,24 @@ RESERVED CVE-2013-4372 (Multiple cross-site scripting (XSS) vulnerabilities in Fuse Management ...) NOT-FOR-US: JBoss Fuse -CVE-2013-4371 +CVE-2013-4371 [use-after-free in libxl_list_cpupool under memory pressure] RESERVED + - xen <unfixed> + [wheezy] - xen <not-affected> (Vulnerable code only present from 4.2 onwards) + [squeeze] - xen <not-affected> (Vulnerable code only present from 4.2 onwards) + TODO: verify CVE-2013-4370 [misplaced free in ocaml xc_vcpu_getaffinity stub] RESERVED - xen <unfixed> [wheezy] - xen <not-affected> (Vulnerable code only present from 4.2 onwards) [squeeze] - xen <not-affected> (Vulnerable code only present from 4.2 onwards) + TODO: verify CVE-2013-4369 [possible null dereference when parsing vif ratelimiting info] RESERVED - xen <unfixed> [wheezy] - xen <not-affected> (Vulnerable code only present from 4.2 onwards) [squeeze] - xen <not-affected> (Vulnerable code only present from 4.2 onwards) + TODO: verify CVE-2013-4368 [Information leak through outs instruction emulation] RESERVED - xen <unfixed> _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits