thr3ads.net - Pkg xen devel - [Pkg-xen-devel] Bug#845670: xen: CVE-2016-9379 CVE-2016-9380: delimiter injection vulnerabilities in pygrub [Nov 2016]

If this information is useful, please help other people find it:
Share via:

Salvatore Bonaccorso

2016-Nov-25 18:55 UTC

[Pkg-xen-devel] Bug#845670: xen: CVE-2016-9379 CVE-2016-9380: delimiter injection vulnerabilities in pygrub

Source: xen
Version: 4.4.1-9
Severity: important
Tags: security upstream patch

Hi,

the following vulnerabilities were published for xen.

CVE-2016-9379[0]:
delimiter injection vulnerabilities in pygrub

CVE-2016-9380[1]:
delimiter injection vulnerabilities in pygrub

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-9379
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9379
[1] https://security-tracker.debian.org/tracker/CVE-2016-9380
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9380
[2] https://xenbits.xen.org/xsa/advisory-198.html

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Debian Bug Tracking System

2016-Nov-27 11:30 UTC

head link

[Pkg-xen-devel] Bug#845670: marked as done (xen: CVE-2016-9379 CVE-2016-9380: delimiter injection vulnerabilities in pygrub)

Your message dated Sun, 27 Nov 2016 12:28:04 +0100
with message-id <20161127112804.GA25203 at shell.thinkmo.de>
and subject line Re: [Pkg-xen-devel] Bug#845663: xen: CVE-2016-9386: x86 null
segments not always treated as unusable
has caused the Debian Bug report #845663,
regarding xen: CVE-2016-9379 CVE-2016-9380: delimiter injection vulnerabilities
in pygrub
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner at bugs.debian.org
immediately.)


-- 
845663: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845663
Debian Bug Tracking System
Contact owner at bugs.debian.org with problems
-------------- next part --------------
An embedded message was scrubbed...
From: Salvatore Bonaccorso <carnil at debian.org>
Subject: xen: CVE-2016-9379 CVE-2016-9380: delimiter injection vulnerabilities
in pygrub
Date: Fri, 25 Nov 2016 19:55:03 +0100
Size: 2423
URL:
<http://lists.alioth.debian.org/pipermail/pkg-xen-devel/attachments/20161127/43d7cbdc/attachment.mht>
-------------- next part --------------
An embedded message was scrubbed...
From: Bastian Blank <waldi at debian.org>
Subject: Re: [Pkg-xen-devel] Bug#845663: xen: CVE-2016-9386: x86 null segments
not always treated as unusable
Date: Sun, 27 Nov 2016 12:28:04 +0100
Size: 2232
URL:
<http://lists.alioth.debian.org/pipermail/pkg-xen-devel/attachments/20161127/43d7cbdc/attachment-0001.mht>

Debian Bug Tracking System

2016-Dec-14 21:06 UTC

head link

[Pkg-xen-devel] Bug#845670: marked as done (xen: CVE-2016-9379 CVE-2016-9380: delimiter injection vulnerabilities in pygrub)

Your message dated Wed, 14 Dec 2016 21:04:14 +0000
with message-id <E1cHGik-000F17-JG at fasolo.debian.org>
and subject line Bug#845670: fixed in xen 4.4.1-9+deb8u8
has caused the Debian Bug report #845670,
regarding xen: CVE-2016-9379 CVE-2016-9380: delimiter injection vulnerabilities
in pygrub
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner at bugs.debian.org
immediately.)


-- 
845670: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845670
Debian Bug Tracking System
Contact owner at bugs.debian.org with problems
-------------- next part --------------
An embedded message was scrubbed...
From: Salvatore Bonaccorso <carnil at debian.org>
Subject: xen: CVE-2016-9379 CVE-2016-9380: delimiter injection vulnerabilities
in pygrub
Date: Fri, 25 Nov 2016 19:55:03 +0100
Size: 2423
URL:
<http://lists.alioth.debian.org/pipermail/pkg-xen-devel/attachments/20161214/4fc34669/attachment-0002.mht>
-------------- next part --------------
An embedded message was scrubbed...
From: Salvatore Bonaccorso <carnil at debian.org>
Subject: Bug#845670: fixed in xen 4.4.1-9+deb8u8
Date: Wed, 14 Dec 2016 21:04:14 +0000
Size: 6695
URL:
<http://lists.alioth.debian.org/pipermail/pkg-xen-devel/attachments/20161214/4fc34669/attachment-0003.mht>

Pkg xen devel - Nov 2016 - Bug#845670: xen: CVE-2016-9379 CVE-2016-9380: delimiter injection vulnerabilities in pygrub

[Pkg-xen-devel] Bug#845670: xen: CVE-2016-9379 CVE-2016-9380: delimiter injection vulnerabilities in pygrub

[Pkg-xen-devel] Bug#845670: marked as done (xen: CVE-2016-9379 CVE-2016-9380: delimiter injection vulnerabilities in pygrub)

[Pkg-xen-devel] Bug#845670: marked as done (xen: CVE-2016-9379 CVE-2016-9380: delimiter injection vulnerabilities in pygrub)