[Git][security-tracker-team/security-tracker][master] xen DSA

Thu, 26 Dec 2024 06:42:41 -0800 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
1e2bb804 by Moritz Mühlenhoff at 2024-12-26T15:40:51+01:00
xen DSA

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -73611,7 +73611,6 @@ CVE-2024-2201 (A cross-privilege Spectre v2 
vulnerability allows attackers to by
        - linux 6.8.9-1
        [experimental] - xen 4.19.0+14-g0918434e0f-1~exp1
        - xen 4.19.1-1
-       [bookworm] - xen <postponed> (Minor issue, fix along in next DSA)
        [bullseye] - xen <end-of-life> (EOLed in Bullseye)
        [buster] - xen <end-of-life> (DSA 4677-1)
        NOTE: https://vusec.net/projects/native-bhi
@@ -73633,13 +73632,11 @@ CVE-2024-31144 [Xapi: Metadata injection attack 
against backup/restore functiona
 CVE-2024-31143 (An optional feature of PCI MSI called "Multiple Message" 
allows a devi ...)
        [experimental] - xen 4.19.0+14-g0918434e0f-1~exp1
        - xen 4.19.1-1
-       [bookworm] - xen <postponed> (Minor issue, fix along in next DSA)
        [bullseye] - xen <end-of-life> (EOLed in Bullseye)
        NOTE: https://xenbits.xen.org/xsa/advisory-458.html
 CVE-2024-31142 (Because of a logical error in XSA-407 (Branch Type Confusion), 
the mit ...)
        [experimental] - xen 4.19.0+14-g0918434e0f-1~exp1
        - xen 4.19.1-1
-       [bookworm] - xen <postponed> (Minor issue, fix along in next DSA)
        [bullseye] - xen <end-of-life> (EOLed in Bullseye)
        [buster] - xen <end-of-life> (DSA 4677-1)
        NOTE: https://xenbits.xen.org/xsa/advisory-455.html
@@ -82153,7 +82150,6 @@ CVE-2023-28746 (Information exposure through 
microarchitectural state after tran
        [bookworm] - linux 6.1.82-1
        [experimental] - xen 4.19.0+14-g0918434e0f-1~exp1
        - xen 4.19.1-1
-       [bookworm] - xen <postponed> (Minor issue, fix along in next DSA)
        [bullseye] - xen <end-of-life> (EOLed in Bullseye)
        [buster] - xen <end-of-life> (DSA 4677-1)
        NOTE: 
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00898.html
@@ -82165,7 +82161,6 @@ CVE-2024-2193 (A Speculative Race Condition (SRC) 
vulnerability that impacts mod
        - linux <unfixed>
        [experimental] - xen 4.19.0+14-g0918434e0f-1~exp1
        - xen 4.19.1-1
-       [bookworm] - xen <postponed> (Minor issue, fix along in next DSA)
        [bullseye] - xen <end-of-life> (EOLed in Bullseye)
        [buster] - xen <end-of-life> (DSA 4677-1)
        NOTE: https://www.openwall.com/lists/oss-security/2024/03/12/14
@@ -93744,13 +93739,11 @@ CVE-2020-36771 (CloudLinux CageFS 7.1.1-1 or below 
passes the authentication tok
 CVE-2023-46842 (Unlike 32-bit PV guests, HVM guests may switch freely between 
64-bit a ...)
        [experimental] - xen 4.19.0+14-g0918434e0f-1~exp1
        - xen 4.19.1-1
-       [bookworm] - xen <postponed> (Minor issue, fix along in next DSA)
        [bullseye] - xen <end-of-life> (EOLed in Bullseye)
        [buster] - xen <not-affected> (Vulnerable code not present)
        NOTE: https://xenbits.xen.org/xsa/advisory-454.html
 CVE-2023-46841 (Recent x86 CPUs offer functionality named Control-flow 
Enforcement Tec ...)
        - xen 4.17.3+36-g54dacb5c02-1
-       [bookworm] - xen <postponed> (Minor issue, fix along in next DSA)
        [bullseye] - xen <end-of-life> (EOLed in Bullseye)
        [buster] - xen <not-affected> (Vulnerable code not present)
        NOTE: https://xenbits.xen.org/xsa/advisory-451.html


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,6 @@
+[26 Dec 2024] DSA-5836-1 xen - security update
+       {CVE-2023-28746 CVE-2023-46841 CVE-2023-46842 CVE-2024-2193 
CVE-2024-2201 CVE-2024-31142 CVE-2024-31143 CVE-2024-31145 CVE-2024-31146 
CVE-2024-45817 CVE-2024-45818 CVE-2024-45819}
+       [bookworm] - xen 4.17.5+23-ga4e5191dc0-1
 [25 Dec 2024] DSA-5835-1 webkit2gtk - security update
        {CVE-2024-54479 CVE-2024-54502 CVE-2024-54505 CVE-2024-54508}
        [bookworm] - webkit2gtk 2.46.5-1~deb12u1


=====================================
data/dsa-needed.txt
=====================================
@@ -56,7 +56,5 @@ trafficserver
 --
 wordpress
 --
-xen (jmm)
---
 zabbix
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1e2bb804313e8d731d0d2855a4186d338a83b0c8

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1e2bb804313e8d731d0d2855a4186d338a83b0c8
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to