[Secure-testing-commits] r46095 - data/CVE

Thu, 10 Nov 2016 01:34:19 -0800 

Author: hle
Date: 2016-11-10 09:33:21 +0000 (Thu, 10 Nov 2016)
New Revision: 46095

Modified:
   data/CVE/list
Log:
CVE triage for Xen in wheezy.

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2016-11-10 07:57:54 UTC (rev 46094)
+++ data/CVE/list       2016-11-10 09:33:21 UTC (rev 46095)
@@ -21573,6 +21573,8 @@
        - qemu-kvm <removed>
        [wheezy] - qemu-kvm <no-dsa> (Minor issue)
        [squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
+       - xen 4.4.0-1
+       NOTE: Xen switched to qemu-system in 4.4.0-1
        NOTE: 
https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg03658.html
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1303120
        NOTE: Upstream commit: 
http://git.qemu.org/?p=qemu.git;a=commit;h=fe3c546c5ff2a6210f9a4d8561cc64051ca8603e
 (v2.6.0-rc0)
@@ -25233,6 +25235,9 @@
        [squeeze] - qemu <not-affected> (Vulnerable code introduced later)
        - qemu-kvm <removed>
        [squeeze] - qemu-kvm <not-affected> (Vulnerable code introduced later)
+       - xen 4.4.0-1
+       [wheezy] - xen <not-affected> (Vulnerable code introduced later)
+       NOTE: Xen switched to qemu-system in 4.4.0-1
        NOTE: Fixed by: 
https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg01184.html
        NOTE: ahci emulation added in: 
http://git.qemu.org/?p=qemu.git;a=commit;h=f6ad2e32f8d833c7f1c75dc084a84a8f02704d64
 (v0.14.0-rc0)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1288532
@@ -26249,6 +26254,9 @@
        [wheezy] - qemu <not-affected> (Vulnerable code introduced later)
        [squeeze] - qemu <not-affected> (Vulnerable code introduced later)
        - qemu-kvm <not-affected> (Vulnerable code not present)
+       - xen 4.4.0-1
+       [wheezy] - xen <not-affected> (Vulnerable code introduced later)
+       NOTE: Xen switched to qemu-system in 4.4.0-1
        NOTE: Fixed by: 
http://git.qemu.org/?p=qemu.git;a=commit;h=a7278b36fcab9af469563bd7b9dadebe2ae25e48
 (v2.5.0-rc0)
        NOTE: VMXNET3 device implementation introduced in 
http://git.qemu.org/?p=qemu.git;a=commit;h=786fd2b0f87baded8c9e55307b99719eea3e016e
 (v1.5.0-rc0)
 CVE-2015-8745 [net: vmxnet3: reading IMR registers leads to a crash]
@@ -26258,6 +26266,9 @@
        [wheezy] - qemu <not-affected> (Vulnerable code introduced later)
        [squeeze] - qemu <not-affected> (Vulnerable code introduced later)
        - qemu-kvm <not-affected> (Vulnerable code not present)
+       - xen 4.4.0-1
+       [wheezy] - xen <not-affected> (Vulnerable code introduced later)
+       NOTE: Xen switched to qemu-system in 4.4.0-1
        NOTE: Fixed by: 
http://git.qemu.org/?p=qemu.git;a=commit;h=c6048f849c7e3f009786df76206e895a69de032c
 (v2.5.0-rc0)
        NOTE: VMXNET3 device implementation introduced in 
http://git.qemu.org/?p=qemu.git;a=commit;h=786fd2b0f87baded8c9e55307b99719eea3e016e
 (v1.5.0-rc0)
 CVE-2015-8743 [net: ne2000: OOB r/w in ioport operations]
@@ -28347,6 +28358,9 @@
        [wheezy] - qemu <not-affected> (Vulnerable code not present)
        [squeeze] - qemu <not-affected> (Vulnerable code not present)
        - qemu-kvm <not-affected> (Vulnerable code not present)
+       - xen 4.4.0-1
+       [wheezy] - xen <not-affected> (Vulnerable code introduced later)
+       NOTE: Xen switched to qemu-system in 4.4.0-1
        NOTE: 
https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg02299.html
        NOTE: http://www.openwall.com/lists/oss-security/2015/12/15/4
 CVE-2015-8567 [net: vmxnet3: host memory leakage -- does not check if the 
device is active before activating it]
@@ -28356,6 +28370,9 @@
        [wheezy] - qemu <not-affected> (Vulnerable code not present)
        [squeeze] - qemu <not-affected> (Vulnerable code not present)
        - qemu-kvm <not-affected> (Vulnerable code not present)
+       - xen 4.4.0-1
+       [wheezy] - xen <not-affected> (Vulnerable code introduced later)
+       NOTE: Xen switched to qemu-system in 4.4.0-1
        NOTE: 
https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg02299.html
        NOTE: http://www.openwall.com/lists/oss-security/2015/12/15/4
 CVE-2015-8559 [knife bootstrap leaks validator privkey into system logs]
@@ -33232,6 +33249,9 @@
        - qemu-kvm <removed>
        [wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
        [squeeze] - qemu-kvm <not-affected> (Vulnerable code not present)
+       - xen 4.4.0-1
+       [wheezy] - xen <not-affected> (Vulnerable code introduced later)
+       NOTE: Xen switched to qemu-system in 4.4.0-1
        NOTE: Upstream commit: 
http://git.qemu.org/?p=qemu.git;a=commitdiff;h=43b11a91dd861a946b231b89b7542856ade23d1b
 (v2.5.0-rc0)
        NOTE: Introduced by: 
http://git.qemu.org/?p=qemu.git;a=commitdiff;h=d35e428c8400f9ddc07e5a15ff19622c869b9ba0
 (v1.2.0-rc0)
 CVE-2015-7548 (OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x 
before ...)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to