diff options
| author | Ben Hutchings <ben@decadent.org.uk> | 2019-08-19 12:59:40 +0100 |
|---|---|---|
| committer | Ben Hutchings <ben@decadent.org.uk> | 2019-08-19 12:59:40 +0100 |
| commit | c0ec86e76aff965bc968141f1f433f88a2c4af98 (patch) | |
| tree | 5eb0debfcc9062dc8ce92a9469b471cc344c4fcc /retired/CVE-2015-8553 | |
| parent | 1ad723f6597479af484c1ca867ccc3c04944a1dd (diff) | |
Retire inactive issues
Diffstat (limited to 'retired/CVE-2015-8553')
| -rw-r--r-- | retired/CVE-2015-8553 | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/retired/CVE-2015-8553 b/retired/CVE-2015-8553 new file mode 100644 index 00000000..8924ab19 --- /dev/null +++ b/retired/CVE-2015-8553 @@ -0,0 +1,29 @@ +Description: Incomplete fix for CVE-2015-2150 +References: + http://xenbits.xen.org/xsa/advisory-120.html + http://thread.gmane.org/gmane.comp.emulators.xen.devel/140440/focus=140441 + http://thread.gmane.org/gmane.linux.kernel/1924087/focus=1924088 +Notes: + bwh> Upstream fix is not clearly correct; see discussions in the references. + jmm> I've gotten in touch with the subsystems maintainers; the patch breaks + jmm> qemu (as used by xen). While this was fixed upstream in qemu, the patch + jmm> hasn't been merged yet since it would break with older versions of qemu + jmm> I'm trying to find out which version is fine, so maybe we can carry that + jmm> the xsa120-addendum.patch as a Debian-specific patch it's merged at some + jmm> point + carnil> qemu fix is in + carnil> https://git.qemu.org/?p=qemu.git;a=commitdiff;h=2e87512eccf3c5e40f3142ff5a763f4f850839f4 + carnil> which is at least in qemu v2.5.0-rc0 onwards. + bwh> The kernel fix will be applied to 4.9, so we will need to add a + bwh> Breaks against old qemu and revert the fix for the jessie backport. +Bugs: +upstream: released (5.1-rc1) [7681f31ec9cdacab4fd10570be924f2cef6669ba] +4.19-upstream-stable: released (4.19.48) [99dcf4a4dd2e102aa843ef2cf9ab65c89e9d56df] +4.9-upstream-stable: released (4.9.181) [19474aa3d81ad5ae8692f7a45ff8ea12fbfd7ede] +3.16-upstream-stable: ignored "breaks qemu versions likely to be used with this kernel version" +3.2-upstream-stable: ignored "EOL" +sid: released (4.19.37-1) [bugfix/all/xen-pciback-Don-t-disable-PCI_COMMAND-on-PCI-device-.patch] +4.19-buster-security: N/A "Fixed before branching point" +4.9-stretch-security: released (4.9.168-1+deb9u5) [bugfix/all/xen-pciback-don-t-disable-pci_command-on-pci-device-.patch] +3.16-jessie-security: ignored "breaks qemu as used in jessie" +3.2-wheezy-security: ignored "breaks qemu as used in jessie" |