Author: carnil
Date: 2013-10-10 12:37:17 +0000 (Thu, 10 Oct 2013)
New Revision: 23941
Modified:
data/CVE/list
Log:
Add CVE-2013-4371/xen
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-10-10 12:35:05 UTC (rev 23940)
+++ data/CVE/list 2013-10-10 12:37:17 UTC (rev 23941)
@@ -3593,18 +3593,24 @@
RESERVED
CVE-2013-4372 (Multiple cross-site scripting (XSS) vulnerabilities in Fuse
Management ...)
NOT-FOR-US: JBoss Fuse
-CVE-2013-4371
+CVE-2013-4371 [use-after-free in libxl_list_cpupool under memory pressure]
RESERVED
+ - xen <unfixed>
+ [wheezy] - xen <not-affected> (Vulnerable code only present from 4.2
onwards)
+ [squeeze] - xen <not-affected> (Vulnerable code only present from 4.2
onwards)
+ TODO: verify
CVE-2013-4370 [misplaced free in ocaml xc_vcpu_getaffinity stub]
RESERVED
- xen <unfixed>
[wheezy] - xen <not-affected> (Vulnerable code only present from 4.2
onwards)
[squeeze] - xen <not-affected> (Vulnerable code only present from 4.2
onwards)
+ TODO: verify
CVE-2013-4369 [possible null dereference when parsing vif ratelimiting info]
RESERVED
- xen <unfixed>
[wheezy] - xen <not-affected> (Vulnerable code only present from 4.2
onwards)
[squeeze] - xen <not-affected> (Vulnerable code only present from 4.2
onwards)
+ TODO: verify
CVE-2013-4368 [Information leak through outs instruction emulation]
RESERVED
- xen <unfixed>
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
