[libvirt] [security-notice PATCH 0/9] various improvements to script for finding broken/fixed branches/tags

This series provides for much greater automation when publishing details of security flaws. It is now possible to just provide the broken and fixed commit hash on the master branch. All the tag info and details of branches are now filled in automatically. Daniel P. Berrangé (9): scripts: change data structures used to track branches & tags scripts: report vulnerable branches which don't have any tags too scripts: add ability to handle a fixed commit hash scripts: change to update notice files inplace scripts: allow for notices to have multiple commit hashes scripts: optimize tag to branch mapping scripts: add detection of cherry-picks in branches scripts: fuzzy matching on subject to identify unannotated cherry picks notices: re-generate all branch/tag info notices/2008/0001.xml | 6 - notices/2009/0001.xml | 2 + notices/2010/0001.xml | 3 - notices/2010/0002.xml | 3 - notices/2010/0004.xml | 2 +- notices/2011/0001.xml | 10 +- notices/2011/0002.xml | 4 + notices/2012/0001.xml | 14 +- notices/2012/0002.xml | 2 +- notices/2012/0003.xml | 4 + notices/2013/0001.xml | 8 + notices/2013/0002.xml | 8 + notices/2013/0003.xml | 21 ++ notices/2013/0005.xml | 2 +- notices/2013/0006.xml | 1 + notices/2013/0007.xml | 2 +- notices/2013/0010.xml | 16 +- notices/2013/0012.xml | 28 ++- notices/2013/0015.xml | 2 +- notices/2013/0016.xml | 22 ++- notices/2013/0018.xml | 102 +++++----- notices/2013/0020.xml | 68 ++++--- notices/2013/0021.xml | 2 +- notices/2014/0001.xml | 8 + notices/2014/0003.xml | 107 ++++++++-- notices/2014/0004.xml | 25 ++- notices/2014/0005.xml | 21 +- notices/2014/0006.xml | 22 ++- notices/2014/0007.xml | 18 +- notices/2014/0008.xml | 6 +- notices/2014/0009.xml | 5 +- notices/2014/0010.xml | 8 +- notices/2015/0001.xml | 10 +- notices/2015/0002.xml | 6 +- notices/2015/0003.xml | 14 +- notices/2015/0004.xml | 13 +- notices/2016/0001.xml | 4 +- notices/2016/0002.xml | 1 + notices/2017/0001.xml | 4 +- notices/2017/0002.xml | 6 +- notices/2018/0001.xml | 159 ++++++++++++++- notices/2018/0002.xml | 158 ++++++++++++++- notices/2018/0003.xml | 161 ++++++++++++++- notices/2018/0004.xml | 159 ++++++++++++++- notices/2018/0005.xml | 162 ++++++++++++++- notices/2019/0001.xml | 2 +- notices/2019/0002.xml | 2 +- scripts/report-vulnerable-tags.pl | 319 ++++++++++++++++++++++++++---- 48 files changed, 1507 insertions(+), 225 deletions(-) -- 2.21.0

We need to track more info against each branch, so use a more advanced data structure. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- scripts/report-vulnerable-tags.pl | 53 ++++++++++++++++++++++--------- 1 file changed, 38 insertions(+), 15 deletions(-) diff --git a/scripts/report-vulnerable-tags.pl b/scripts/report-vulnerable-tags.pl index 0b6ea6f..14d31c0 100644 --- a/scripts/report-vulnerable-tags.pl +++ b/scripts/report-vulnerable-tags.pl @@ -11,6 +11,15 @@ if (int(@ARGV) != 1) { my $changeset = shift @ARGV; +# branch name to hash with keys +# - brokenchanges -> list of commit ids +# - brokentags -> hash of tag names to '1' +my %branches; + +# tag name to '0' (fixed) or '1' (broken) +my %tags; + + sub get_tags { my @args = @_; @@ -53,17 +62,31 @@ sub get_branch { return @branches; } -my @branches; -my %tags; -my %branches; +sub add_branch { + my $name = shift @_; + + return if exists $branches{$name}; + + $branches{$name} = { + "brokenchanges" => [$changeset], + "brokentags" => {}, + }; +} + +sub add_broken_tag { + my $branch = shift @_; + my $tag = shift @_; + + $tags{$tag} = 1; + $branches{$branch}->{"brokentags"}->{$tag} = 1; +} + +add_branch("master"); -$branches{"master"} = []; # Most tags live on master so lets get them first for my $tag (get_tags("--contains", $changeset, "--merged", "master")) { - push @{$branches{"master"}}, $tag; - $tags{$tag} = 1; + add_broken_tag("master", $tag); } -push @branches, "master"; # Now we need slower work to find branches for # few remaining tags @@ -84,22 +107,22 @@ for my $tag (get_tags("--contains", $changeset)) { if (int(@tagbranches) > 1) { print "Tag $tag appears in multiple branches\n"; } + my $branch = $tagbranches[0]; - unless (exists($branches{$tagbranches[0]})) { - $branches{$tagbranches[0]} = []; - push @branches, $tagbranches[0]; - } - push @{$branches{$tagbranches[0]}}, $tag; + add_branch($branch); + add_broken_tag($branch, $tag); } -foreach my $branch (sort versioncmp @branches) { +foreach my $branch (sort versioncmp keys %branches) { print " <branch>\n"; print " <name>$branch</name>\n"; - foreach my $tag (sort versioncmp @{$branches{$branch}}) { + foreach my $tag (sort versioncmp keys %{$branches{$branch}->{"brokentags"}}) { print " <tag state=\"vulnerable\">$tag</tag>\n"; } - print " <change state=\"vulnerable\">$changeset</change>\n"; + foreach my $commit (@{$branches{$branch}->{"brokenchanges"}}) { + print " <change state=\"vulnerable\">$commit</change>\n"; + } if ($branch eq "master") { print " <change state=\"fixed\"></change>\n"; -- 2.21.0

On Mon, May 13, 2019 at 12:51:58PM +0100, Daniel P. Berrangé wrote:
We need to track more info against each branch, so use a more advanced data structure.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- scripts/report-vulnerable-tags.pl | 53 ++++++++++++++++++++++--------- 1 file changed, 38 insertions(+), 15 deletions(-)
diff --git a/scripts/report-vulnerable-tags.pl b/scripts/report-vulnerable-tags.pl index 0b6ea6f..14d31c0 100644 --- a/scripts/report-vulnerable-tags.pl +++ b/scripts/report-vulnerable-tags.pl
[...]
}
-foreach my $branch (sort versioncmp @branches) { +foreach my $branch (sort versioncmp keys %branches) { print " <branch>\n"; print " <name>$branch</name>\n"; - foreach my $tag (sort versioncmp @{$branches{$branch}}) { + foreach my $tag (sort versioncmp keys %{$branches{$branch}->{"brokentags"}}) { print " <tag state=\"vulnerable\">$tag</tag>\n"; } - print " <change state=\"vulnerable\">$changeset</change>\n"; + foreach my $commit (@{$branches{$branch}->{"brokenchanges"}}) { + print " <change state=\"vulnerable\">$commit</change>\n";
^ TAB
+ }
if ($branch eq "master") { print " <change state=\"fixed\"></change>\n";
Reviewed-by: Ján Tomko <jtomko@redhat.com> Jano

Currently we only report branches which have some tags on them which means we only pick up branches which have had stable releases. We must also report vulnerable status against other branches which exist but have not yet had releases. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- scripts/report-vulnerable-tags.pl | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/scripts/report-vulnerable-tags.pl b/scripts/report-vulnerable-tags.pl index 14d31c0..8a6c2e4 100644 --- a/scripts/report-vulnerable-tags.pl +++ b/scripts/report-vulnerable-tags.pl @@ -42,7 +42,7 @@ sub get_tags { return @tags; } -sub get_branch { +sub get_branches { my $tag = shift; my @branches; @@ -94,7 +94,7 @@ for my $tag (get_tags("--contains", $changeset)) { next if exists $tags{$tag}; - my @tagbranches = get_branch($tag); + my @tagbranches = get_branches($tag); if (int(@tagbranches) == 0) { if ($tag eq "v2.1.0") { @tagbranches = ("master") @@ -113,6 +113,9 @@ for my $tag (get_tags("--contains", $changeset)) { add_broken_tag($branch, $tag); } +for my $branch (get_branches($broken)) { + add_branch($branch); +} foreach my $branch (sort versioncmp keys %branches) { print " <branch>\n"; @@ -125,7 +128,7 @@ foreach my $branch (sort versioncmp keys %branches) { } if ($branch eq "master") { - print " <change state=\"fixed\"></change>\n"; + print " <change state=\"fixed\">$fixed</change>\n"; } print " </branch>\n"; } -- 2.21.0

On Mon, May 13, 2019 at 12:51:59PM +0100, Daniel P. Berrangé wrote:
Currently we only report branches which have some tags on them which means we only pick up branches which have had stable releases. We must also report vulnerable status against other branches which exist but have not yet had releases.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- scripts/report-vulnerable-tags.pl | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-)
Reviewed-by: Ján Tomko <jtomko@redhat.com> Jano

Currently when given a broken commit hash we assume everything newer than this is broken. If we are retroactively recording info on a flaw that is already fixed in git though, we might know a fixed commit hash. Use this info to know when to stop reporting broken tags and branches. Note this only works for branches containing the original primary fixed commit. This does not try to identify cherry-picks to branches. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- scripts/report-vulnerable-tags.pl | 74 +++++++++++++++++++++++++++---- 1 file changed, 66 insertions(+), 8 deletions(-) diff --git a/scripts/report-vulnerable-tags.pl b/scripts/report-vulnerable-tags.pl index 8a6c2e4..431a7bf 100644 --- a/scripts/report-vulnerable-tags.pl +++ b/scripts/report-vulnerable-tags.pl @@ -5,15 +5,18 @@ use warnings; use Sort::Versions; -if (int(@ARGV) != 1) { - die "syntax: $0 CHANGESET\n"; +if (int(@ARGV) != 1 && int(@ARGV) != 2) { + die "syntax: $0 BROKEN-CHANGESET [FIXED-CHANGESET]\n"; } -my $changeset = shift @ARGV; +my $broken = shift @ARGV; +my $fixed = shift @ARGV; # branch name to hash with keys # - brokenchanges -> list of commit ids # - brokentags -> hash of tag names to '1' +# - fixedchanges -> list of commit ids +# - fixedtags -> hash of tag names to '1' my %branches; # tag name to '0' (fixed) or '1' (broken) @@ -68,11 +71,22 @@ sub add_branch { return if exists $branches{$name}; $branches{$name} = { - "brokenchanges" => [$changeset], + "brokenchanges" => [$broken], "brokentags" => {}, + "fixedchanges" => [], + "fixedtags" => {}, }; } +sub delete_branch { + my $name = shift @_; + + if (int(keys %{$branches{$name}->{"brokentags"}})) { + print "Branch $name shouldn't have broken tags\n"; + } + delete $branches{$name}; +} + sub add_broken_tag { my $branch = shift @_; my $tag = shift @_; @@ -81,16 +95,51 @@ sub add_broken_tag { $branches{$branch}->{"brokentags"}->{$tag} = 1; } +sub add_fixed_tag { + my $branch = shift @_; + my $tag = shift @_; + + $tags{$tag} = 0; + $branches{$branch}->{"fixedtags"}->{$tag} = 1; +} + +sub add_fixed_commit { + my $branch = shift @_; + my $commit = shift @_; + + push @{$branches{$branch}->{"fixedchanges"}}, $commit; +} + add_branch("master"); +if (defined $fixed) { + # Mark any tags containing the fix as known so they + # get excluded when later finding vulnerable tags + for my $tag (get_tags("--contains", $fixed)) { + $tags{$tag} = 0; + } + + + # Record the first tag in master which has the fix, if any + my @fixedtags = sort versioncmp get_tags("--contains", $fixed, "--merged", "master"); + if (int(@fixedtags)) { + add_fixed_tag("master", $fixedtags[0]); + } + + add_fixed_commit("master", $fixed); +} + # Most tags live on master so lets get them first -for my $tag (get_tags("--contains", $changeset, "--merged", "master")) { +for my $tag (get_tags("--contains", $broken, "--merged", "master")) { + + next if exists $tags{$tag}; + add_broken_tag("master", $tag); } # Now we need slower work to find branches for # few remaining tags -for my $tag (get_tags("--contains", $changeset)) { +for my $tag (get_tags("--contains", $broken)) { next if exists $tags{$tag}; @@ -117,6 +166,12 @@ for my $branch (get_branches($broken)) { add_branch($branch); } +if (defined $fixed) { + for my $branch (get_branches($fixed)) { + delete_branch($branch); + } +} + foreach my $branch (sort versioncmp keys %branches) { print " <branch>\n"; print " <name>$branch</name>\n"; @@ -127,8 +182,11 @@ foreach my $branch (sort versioncmp keys %branches) { print " <change state=\"vulnerable\">$commit</change>\n"; } - if ($branch eq "master") { - print " <change state=\"fixed\">$fixed</change>\n"; + foreach my $tag (sort versioncmp keys %{$branches{$branch}->{"fixedtags"}}) { + print " <tag state=\"fixed\">$tag</tag>\n"; + } + foreach my $commit (@{$branches{$branch}->{"fixedchanges"}}) { + print " <change state=\"fixed\">$commit</change>\n"; } print " </branch>\n"; } -- 2.21.0

On Mon, May 13, 2019 at 12:52:00PM +0100, Daniel P. Berrangé wrote:
Currently when given a broken commit hash we assume everything newer than this is broken. If we are retroactively recording info on a flaw that is already fixed in git though, we might know a fixed commit hash. Use this info to know when to stop reporting broken tags and branches.
Note this only works for branches containing the original primary fixed commit. This does not try to identify cherry-picks to branches.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- scripts/report-vulnerable-tags.pl | 74 +++++++++++++++++++++++++++---- 1 file changed, 66 insertions(+), 8 deletions(-)
diff --git a/scripts/report-vulnerable-tags.pl b/scripts/report-vulnerable-tags.pl index 8a6c2e4..431a7bf 100644 --- a/scripts/report-vulnerable-tags.pl +++ b/scripts/report-vulnerable-tags.pl @@ -5,15 +5,18 @@ use warnings;
use Sort::Versions;
-if (int(@ARGV) != 1) { - die "syntax: $0 CHANGESET\n"; +if (int(@ARGV) != 1 && int(@ARGV) != 2) { + die "syntax: $0 BROKEN-CHANGESET [FIXED-CHANGESET]\n"; }
-my $changeset = shift @ARGV; +my $broken = shift @ARGV; +my $fixed = shift @ARGV;
# branch name to hash with keys # - brokenchanges -> list of commit ids # - brokentags -> hash of tag names to '1' +# - fixedchanges -> list of commit ids +# - fixedtags -> hash of tag names to '1' my %branches;
# tag name to '0' (fixed) or '1' (broken) @@ -68,11 +71,22 @@ sub add_branch { return if exists $branches{$name};
$branches{$name} = { - "brokenchanges" => [$changeset], + "brokenchanges" => [$broken], "brokentags" => {}, + "fixedchanges" => [], + "fixedtags" => {}, }; }
+sub delete_branch { + my $name = shift @_; + + if (int(keys %{$branches{$name}->{"brokentags"}})) { + print "Branch $name shouldn't have broken tags\n"; ^ TAB
+ } + delete $branches{$name}; +} + sub add_broken_tag { my $branch = shift @_; my $tag = shift @_; @@ -81,16 +95,51 @@ sub add_broken_tag { $branches{$branch}->{"brokentags"}->{$tag} = 1; }
+sub add_fixed_tag { + my $branch = shift @_; + my $tag = shift @_; + + $tags{$tag} = 0; + $branches{$branch}->{"fixedtags"}->{$tag} = 1; +} + +sub add_fixed_commit { + my $branch = shift @_; + my $commit = shift @_; + + push @{$branches{$branch}->{"fixedchanges"}}, $commit; +} + add_branch("master");
+if (defined $fixed) { + # Mark any tags containing the fix as known so they + # get excluded when later finding vulnerable tags + for my $tag (get_tags("--contains", $fixed)) { + $tags{$tag} = 0; ^ indentation
+ } + + + # Record the first tag in master which has the fix, if any + my @fixedtags = sort versioncmp get_tags("--contains", $fixed, "--merged", "master"); + if (int(@fixedtags)) { + add_fixed_tag("master", $fixedtags[0]); ^ TAB
+ } + + add_fixed_commit("master", $fixed); +} + # Most tags live on master so lets get them first -for my $tag (get_tags("--contains", $changeset, "--merged", "master")) { +for my $tag (get_tags("--contains", $broken, "--merged", "master")) { + + next if exists $tags{$tag}; + add_broken_tag("master", $tag); }
# Now we need slower work to find branches for # few remaining tags -for my $tag (get_tags("--contains", $changeset)) { +for my $tag (get_tags("--contains", $broken)) {
next if exists $tags{$tag};
@@ -117,6 +166,12 @@ for my $branch (get_branches($broken)) { add_branch($branch); }
+if (defined $fixed) { + for my $branch (get_branches($fixed)) { + delete_branch($branch); ^ TAB
+ } +} + foreach my $branch (sort versioncmp keys %branches) { print " <branch>\n"; print " <name>$branch</name>\n";
Reviewed-by: Ján Tomko <jtomko@redhat.com> Jano

Instead of printing out a snippet which then has to be cut and pasted into the notice file, directly read the template notice file and update it in place with new branch/tag info. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- scripts/report-vulnerable-tags.pl | 66 ++++++++++++++++++++++++------- 1 file changed, 52 insertions(+), 14 deletions(-) diff --git a/scripts/report-vulnerable-tags.pl b/scripts/report-vulnerable-tags.pl index 431a7bf..3a94721 100644 --- a/scripts/report-vulnerable-tags.pl +++ b/scripts/report-vulnerable-tags.pl @@ -5,12 +5,37 @@ use warnings; use Sort::Versions; -if (int(@ARGV) != 1 && int(@ARGV) != 2) { - die "syntax: $0 BROKEN-CHANGESET [FIXED-CHANGESET]\n"; +if (int(@ARGV) != 1) { + die "syntax: $0 NOTICE.XML\n"; } -my $broken = shift @ARGV; -my $fixed = shift @ARGV; +my $broken; +my $fixed; +my $notice = shift @ARGV; +my @notice; + +open NOTICE, $notice or die "cannot read $notice: $!"; +my $master; +my $discard; +for my $line (<NOTICE>) { + push @notice, $line unless $discard; + if ($line =~ m,<repository>,) { + $discard = 1; + } elsif ($line =~ m,<name>master</name>,) { + $master = 1; + } elsif ($line =~ m,</branch>,) { + $master = 0; + } elsif ($master) { + if ($line =~ m,<change state="(vulnerable|fixed)">([a-zA-Z0-9]+)</change>,) { + if ($1 eq "vulnerable") { + $broken = $2; + } else { + $fixed = $2; + } + } + } +} +close NOTICE; # branch name to hash with keys # - brokenchanges -> list of commit ids @@ -154,7 +179,7 @@ for my $tag (get_tags("--contains", $broken)) { } if (int(@tagbranches) > 1) { - print "Tag $tag appears in multiple branches\n"; + print "Tag $tag appears in multiple branches\n"; } my $branch = $tagbranches[0]; @@ -172,21 +197,34 @@ if (defined $fixed) { } } +open NOTICE, ">$notice.tmp" or die "cannot create $notice.tmp: $!"; +foreach my $line (@notice) { + print NOTICE $line; +} + foreach my $branch (sort versioncmp keys %branches) { - print " <branch>\n"; - print " <name>$branch</name>\n"; + print NOTICE " <branch>\n"; + print NOTICE " <name>$branch</name>\n"; + foreach my $tag (sort versioncmp keys %{$branches{$branch}->{"brokentags"}}) { - print " <tag state=\"vulnerable\">$tag</tag>\n"; + print NOTICE " <tag state=\"vulnerable\">$tag</tag>\n"; } - foreach my $commit (@{$branches{$branch}->{"brokenchanges"}}) { - print " <change state=\"vulnerable\">$commit</change>\n"; + foreach my $change (@{$branches{$branch}->{"brokenchanges"}}) { + print NOTICE " <change state=\"vulnerable\">$change</change>\n"; } foreach my $tag (sort versioncmp keys %{$branches{$branch}->{"fixedtags"}}) { - print " <tag state=\"fixed\">$tag</tag>\n"; + print NOTICE " <tag state=\"fixed\">$tag</tag>\n"; } - foreach my $commit (@{$branches{$branch}->{"fixedchanges"}}) { - print " <change state=\"fixed\">$commit</change>\n"; + foreach my $change (@{$branches{$branch}->{"fixedchanges"}}) { + print NOTICE " <change state=\"fixed\">$change</change>\n"; } - print " </branch>\n"; + print NOTICE " </branch>\n"; } + +print NOTICE " </product>\n"; +print NOTICE "\n"; +print NOTICE "</security-notice>\n"; +close NOTICE; + +rename "$notice.tmp", "$notice" or die "cannot replace $notice: $!"; -- 2.21.0

On Mon, May 13, 2019 at 12:52:01PM +0100, Daniel P. Berrangé wrote:
Instead of printing out a snippet which then has to be cut and pasted into the notice file, directly read the template notice file and update it in place with new branch/tag info.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- scripts/report-vulnerable-tags.pl | 66 ++++++++++++++++++++++++------- 1 file changed, 52 insertions(+), 14 deletions(-)
Lots of new TABs in this patch,
diff --git a/scripts/report-vulnerable-tags.pl b/scripts/report-vulnerable-tags.pl index 431a7bf..3a94721 100644 --- a/scripts/report-vulnerable-tags.pl +++ b/scripts/report-vulnerable-tags.pl @@ -5,12 +5,37 @@ use warnings;
use Sort::Versions;
-if (int(@ARGV) != 1 && int(@ARGV) != 2) { - die "syntax: $0 BROKEN-CHANGESET [FIXED-CHANGESET]\n"; +if (int(@ARGV) != 1) { + die "syntax: $0 NOTICE.XML\n"; }
-my $broken = shift @ARGV; -my $fixed = shift @ARGV; +my $broken; +my $fixed; +my $notice = shift @ARGV; +my @notice; + +open NOTICE, $notice or die "cannot read $notice: $!"; +my $master; +my $discard; +for my $line (<NOTICE>) { + push @notice, $line unless $discard; + if ($line =~ m,<repository>,) { + $discard = 1; + } elsif ($line =~ m,<name>master</name>,) { + $master = 1; + } elsif ($line =~ m,</branch>,) { + $master = 0; + } elsif ($master) { + if ($line =~ m,<change state="(vulnerable|fixed)">([a-zA-Z0-9]+)</change>,) { + if ($1 eq "vulnerable") { + $broken = $2; + } else { + $fixed = $2; + } + } + } +} +close NOTICE;
# branch name to hash with keys # - brokenchanges -> list of commit ids @@ -154,7 +179,7 @@ for my $tag (get_tags("--contains", $broken)) { }
if (int(@tagbranches) > 1) { - print "Tag $tag appears in multiple branches\n"; + print "Tag $tag appears in multiple branches\n";
Here the TAB is the only change.
} my $branch = $tagbranches[0];
Reviewed-by: Ján Tomko <jtomko@redhat.com> Jano

Sometimes a bug may be introduced across multiple commits, or fixed across multiple commits. We must thus honour the full list of commits. There might not even be a broken commit listed yet. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- scripts/report-vulnerable-tags.pl | 73 ++++++++++++++++++------------- 1 file changed, 43 insertions(+), 30 deletions(-) diff --git a/scripts/report-vulnerable-tags.pl b/scripts/report-vulnerable-tags.pl index 3a94721..59859b1 100644 --- a/scripts/report-vulnerable-tags.pl +++ b/scripts/report-vulnerable-tags.pl @@ -9,7 +9,9 @@ if (int(@ARGV) != 1) { die "syntax: $0 NOTICE.XML\n"; } +my @broken; my $broken; +my @fixed; my $fixed; my $notice = shift @ARGV; my @notice; @@ -28,15 +30,22 @@ for my $line (<NOTICE>) { } elsif ($master) { if ($line =~ m,<change state="(vulnerable|fixed)">([a-zA-Z0-9]+)</change>,) { if ($1 eq "vulnerable") { - $broken = $2; + push @broken, $2; } else { - $fixed = $2; + push @fixed, $2; } } } } close NOTICE; +if (int(@broken)) { + $broken = $broken[0]; +} +if (int(@fixed)) { + $fixed = $fixed[$#fixed]; +} + # branch name to hash with keys # - brokenchanges -> list of commit ids # - brokentags -> hash of tag names to '1' @@ -96,7 +105,7 @@ sub add_branch { return if exists $branches{$name}; $branches{$name} = { - "brokenchanges" => [$broken], + "brokenchanges" => [@broken], "brokentags" => {}, "fixedchanges" => [], "fixedtags" => {}, @@ -151,44 +160,48 @@ if (defined $fixed) { add_fixed_tag("master", $fixedtags[0]); } - add_fixed_commit("master", $fixed); + for my $commit (@fixed) { + add_fixed_commit("master", $commit); + } } -# Most tags live on master so lets get them first -for my $tag (get_tags("--contains", $broken, "--merged", "master")) { +if (defined $broken) { + # Most tags live on master so lets get them first + for my $tag (get_tags("--contains", $broken, "--merged", "master")) { - next if exists $tags{$tag}; + next if exists $tags{$tag}; - add_broken_tag("master", $tag); -} + add_broken_tag("master", $tag); + } + + # Now we need slower work to find branches for + # few remaining tags + for my $tag (get_tags("--contains", $broken)) { -# Now we need slower work to find branches for -# few remaining tags -for my $tag (get_tags("--contains", $broken)) { + next if exists $tags{$tag}; - next if exists $tags{$tag}; + my @tagbranches = get_branches($tag); + if (int(@tagbranches) == 0) { + if ($tag eq "v2.1.0") { + @tagbranches = ("master") + } else { + print "Tag $tag doesn't appear in any branch\n"; + next; + } + } - my @tagbranches = get_branches($tag); - if (int(@tagbranches) == 0) { - if ($tag eq "v2.1.0") { - @tagbranches = ("master") - } else { - print "Tag $tag doesn't appear in any branch\n"; - next; + if (int(@tagbranches) > 1) { + print "Tag $tag appears in multiple branches\n"; } - } + my $branch = $tagbranches[0]; - if (int(@tagbranches) > 1) { - print "Tag $tag appears in multiple branches\n"; + add_branch($branch); + add_broken_tag($branch, $tag); } - my $branch = $tagbranches[0]; - add_branch($branch); - add_broken_tag($branch, $tag); -} - -for my $branch (get_branches($broken)) { - add_branch($branch); + for my $branch (get_branches($broken)) { + add_branch($branch); + } } if (defined $fixed) { -- 2.21.0

On Mon, May 13, 2019 at 12:52:02PM +0100, Daniel P. Berrangé wrote:
Sometimes a bug may be introduced across multiple commits, or fixed across multiple commits. We must thus honour the full list of commits. There might not even be a broken commit listed yet.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- scripts/report-vulnerable-tags.pl | 73 ++++++++++++++++++------------- 1 file changed, 43 insertions(+), 30 deletions(-)
More TABs. Reviewed-by: Ján Tomko <jtomko@redhat.com> Jano

The tags have a well defined naming scheme, letting us identify the branch by simply stripping the last digit and appending '-maint'. This eliminates the need to run a query per branch. --- scripts/report-vulnerable-tags.pl | 31 ++++++++++++++----------------- 1 file changed, 14 insertions(+), 17 deletions(-) diff --git a/scripts/report-vulnerable-tags.pl b/scripts/report-vulnerable-tags.pl index 59859b1..43f344a 100644 --- a/scripts/report-vulnerable-tags.pl +++ b/scripts/report-vulnerable-tags.pl @@ -174,34 +174,31 @@ if (defined $broken) { add_broken_tag("master", $tag); } + for my $branch (get_branches($broken)) { + add_branch($branch); + } + # Now we need slower work to find branches for # few remaining tags for my $tag (get_tags("--contains", $broken)) { - next if exists $tags{$tag}; - my @tagbranches = get_branches($tag); - if (int(@tagbranches) == 0) { - if ($tag eq "v2.1.0") { - @tagbranches = ("master") - } else { - print "Tag $tag doesn't appear in any branch\n"; - next; - } + # Hack as tag was mistakenly not on master branch + if ($tag eq "v2.1.0") { + $branches{"master"}->{"brokentags"}->{$tag} = 1; + next; } - if (int(@tagbranches) > 1) { - print "Tag $tag appears in multiple branches\n"; + die "malformed tag $tag" unless $tag =~ /(v.*)\.(\d+)$/; + my $branch = "$1-maint"; + + if (!exists $branches{$branch}) { + print "Tag $tag mapped to branch $branch which doesn't exist\n"; + next; } - my $branch = $tagbranches[0]; - add_branch($branch); add_broken_tag($branch, $tag); } - - for my $branch (get_branches($broken)) { - add_branch($branch); - } } if (defined $fixed) { -- 2.21.0

On Mon, May 13, 2019 at 12:52:03PM +0100, Daniel P. Berrangé wrote:
The tags have a well defined naming scheme, letting us identify the branch by simply stripping the last digit and appending '-maint'. This eliminates the need to run a query per branch. --- scripts/report-vulnerable-tags.pl | 31 ++++++++++++++----------------- 1 file changed, 14 insertions(+), 17 deletions(-)
Reviewed-by: Ján Tomko <jtomko@redhat.com> Jano

Look at each fix on the branch to identify if it is a recorded cherry-pick from the fixes known for the master branch If all fixes from master are cherry-picked to the branch, then look at tags on the branch to identify if a bug fix release has been made containing all the fixes. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- scripts/report-vulnerable-tags.pl | 69 +++++++++++++++++++++++++++++++ 1 file changed, 69 insertions(+) diff --git a/scripts/report-vulnerable-tags.pl b/scripts/report-vulnerable-tags.pl index 43f344a..6a0f7dc 100644 --- a/scripts/report-vulnerable-tags.pl +++ b/scripts/report-vulnerable-tags.pl @@ -99,6 +99,28 @@ sub get_branches { return @branches; } +sub get_cherry_picks { + my $branch = shift @_; + my $tag = shift @_; + + open GIT, "-|", "git", "log", "$tag..origin/$branch" or + die "cannot query 'git log $tag..origin/$branch': $!\n"; + + my $commit; + my %cherrypicks; + while (<GIT>) { + chomp; + + if (/^commit ([a-zA-Z0-9]+)/) { + $commit = $1; + } elsif (/cherry picked from commit ([a-zA-Z0-9]+)/) { + $cherrypicks{$1} = $commit; + } + } + + return %cherrypicks; +} + sub add_branch { my $name = shift @_; @@ -177,7 +199,54 @@ if (defined $broken) { for my $branch (get_branches($broken)) { add_branch($branch); } +} + +if (defined $fixed) { + # Try to match up fixed commit with cherry-picks + for my $branch (sort versioncmp keys %branches) { + next if $branch eq "master"; + + my $basetag = $branch; + $basetag =~ s/-maint//; + my @bits = split /\./, $basetag; + + if (int(@bits) == 2) { + $basetag = $basetag . ".0"; + } + + my %cherrypicks = get_cherry_picks($branch, $basetag); + + my @missing; + for my $commit (@fixed) { + if (exists $cherrypicks{$commit}) { + my $cherry = $cherrypicks{$commit}; + add_fixed_commit($branch, $cherry); + } else { + push @missing, $commit; + } + } + + # If all fixes on master exist on branch, then + # identify any tags holding the last cherry-pick + # so the branch gets marked as non-vulnerable. + if (int(@missing) == 0) { + my $bfixed = $branches{$branch}->{fixedchanges}->[$#{$branches{$branch}->{fixedchanges}}]; + # Mark any tags containing the fix as known so they + # get excluded when later finding vulnerable tags + for my $tag (get_tags("--contains", $bfixed)) { + $tags{$tag} = 0; + } + + # Record the first tag in master which has the fix, if any + my @fixedtags = sort versioncmp get_tags("--contains", $bfixed, "--merged", $branch); + if (int(@fixedtags)) { + add_fixed_tag($branch, $fixedtags[0]); + } + } + } +} +if (defined $broken) { # Now we need slower work to find branches for # few remaining tags for my $tag (get_tags("--contains", $broken)) { -- 2.21.0

On Mon, May 13, 2019 at 12:52:04PM +0100, Daniel P. Berrangé wrote:
Look at each fix on the branch to identify if it is a recorded cherry-pick from the fixes known for the master branch
If all fixes from master are cherry-picked to the branch, then look at tags on the branch to identify if a bug fix release has been made containing all the fixes.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- scripts/report-vulnerable-tags.pl | 69 +++++++++++++++++++++++++++++++ 1 file changed, 69 insertions(+)
Reviewed-by: Ján Tomko <jtomko@redhat.com> Jano

Sometimes fixes are mistakenly cherry picked into branches without using the '-x' flag to record the cherry pick master commit. Add fuzzy matching based on subject line to attempt to identify these fixes on branches. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- scripts/report-vulnerable-tags.pl | 46 +++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) diff --git a/scripts/report-vulnerable-tags.pl b/scripts/report-vulnerable-tags.pl index 6a0f7dc..c37416d 100644 --- a/scripts/report-vulnerable-tags.pl +++ b/scripts/report-vulnerable-tags.pl @@ -121,6 +121,38 @@ sub get_cherry_picks { return %cherrypicks; } +sub get_fuzzy_picks { + my $branch = shift @_; + my $tag = shift @_; + + my %subjects; + + for my $commit (@fixed) { + open GIT, "-|", "git", "show", "--no-patch", "--format=%s", $commit + or die "cannot query 'git show --no-patch --format=%s $commit': $!"; + my $subject = <GIT>; + chomp $subject; + close GIT; + + $subjects{$subject} = $commit; + } + + open GIT, "-|", "git", "log", "--format=%H %s", "$tag..origin/$branch" or + die "cannot query 'git log --format='%h %s' $tag..origin/$branch': $!\n"; + + my $commit; + my %fuzzypicks; + while (<GIT>) { + if (/([a-zA-Z0-9]+)\s(.*)$/) { + if (exists $subjects{$2}) { + $fuzzypicks{$subjects{$2}} = $1; + } + } + } + + return %fuzzypicks; +} + sub add_branch { my $name = shift @_; @@ -226,6 +258,20 @@ if (defined $fixed) { } } + if (int(@missing)) { + my @unfixed = @missing; + my %fuzzypicks = get_fuzzy_picks($branch, $basetag); + @missing = (); + for my $commit (@unfixed) { + if (exists $fuzzypicks{$commit}) { + my $fuzzy = $fuzzypicks{$commit}; + add_fixed_commit($branch, $fuzzy); + } else { + push @missing, $commit; + } + } + } + # If all fixes on master exist on branch, then # identify any tags holding the last cherry-pick # so the branch gets marked as non-vulnerable. -- 2.21.0

On Mon, May 13, 2019 at 12:52:05PM +0100, Daniel P. Berrangé wrote:
Sometimes fixes are mistakenly cherry picked into branches without using the '-x' flag to record the cherry pick master commit. Add fuzzy matching based on subject line to attempt to identify these fixes on branches.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- scripts/report-vulnerable-tags.pl | 46 +++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+)
Reviewed-by: Ján Tomko <jtomko@redhat.com> Jano

Use the new script logic to regenerate all branch tag info for flaws A few manual edits are still needed, as the script still doesn't cope with two situations: - The vulnerable commit from master was backported to an older branch. We don't search older branches looking for cherry-picks yet - There are multiple vulnerable commits, and they were introduce across multiple releases. This means some older branches only contain a subset of the vulnerable commits. We don't check which vulnerable commits are applicable to branches, instead assuming all vulnerable commits arrived at the same time. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- notices/2008/0001.xml | 6 -- notices/2009/0001.xml | 2 + notices/2010/0001.xml | 3 - notices/2010/0002.xml | 3 - notices/2010/0004.xml | 2 +- notices/2011/0001.xml | 10 ++- notices/2011/0002.xml | 4 ++ notices/2012/0001.xml | 14 +++- notices/2012/0002.xml | 2 +- notices/2012/0003.xml | 4 ++ notices/2013/0001.xml | 8 +++ notices/2013/0002.xml | 8 +++ notices/2013/0003.xml | 21 ++++++ notices/2013/0005.xml | 2 +- notices/2013/0006.xml | 1 + notices/2013/0007.xml | 2 +- notices/2013/0010.xml | 16 ++++- notices/2013/0012.xml | 28 ++++++-- notices/2013/0015.xml | 2 +- notices/2013/0016.xml | 22 ++++-- notices/2013/0018.xml | 102 +++++++++++++------------- notices/2013/0020.xml | 68 +++++++++++------- notices/2013/0021.xml | 2 +- notices/2014/0001.xml | 8 +++ notices/2014/0003.xml | 107 +++++++++++++++++++++++----- notices/2014/0004.xml | 25 +++++-- notices/2014/0005.xml | 21 ++++-- notices/2014/0006.xml | 22 ++++-- notices/2014/0007.xml | 18 +++-- notices/2014/0008.xml | 6 +- notices/2014/0009.xml | 5 +- notices/2014/0010.xml | 8 ++- notices/2015/0001.xml | 10 +-- notices/2015/0002.xml | 6 +- notices/2015/0003.xml | 14 ++-- notices/2015/0004.xml | 13 ++-- notices/2016/0001.xml | 4 +- notices/2016/0002.xml | 1 + notices/2017/0001.xml | 4 +- notices/2017/0002.xml | 6 +- notices/2018/0001.xml | 159 ++++++++++++++++++++++++++++++++++++++++- notices/2018/0002.xml | 158 +++++++++++++++++++++++++++++++++++++++- notices/2018/0003.xml | 161 ++++++++++++++++++++++++++++++++++++++++- notices/2018/0004.xml | 159 ++++++++++++++++++++++++++++++++++++++++- notices/2018/0005.xml | 162 +++++++++++++++++++++++++++++++++++++++++- notices/2019/0001.xml | 2 +- notices/2019/0002.xml | 2 +- 47 files changed, 1224 insertions(+), 189 deletions(-) diff --git a/notices/2008/0001.xml b/notices/2008/0001.xml index 9877cd4..7d2bfcf 100644 --- a/notices/2008/0001.xml +++ b/notices/2008/0001.xml @@ -66,17 +66,11 @@ rule to prevent them access without first authenticating as root.]]> <tag state="vulnerable">v0.4.6</tag> <tag state="vulnerable">v0.5.0</tag> <tag state="vulnerable">v0.5.1</tag> - <!-- virDomainSetAutostart, virNetworkSetAutostart --> <change state="vulnerable">57a18198814f80b1397e1a14d33746034b9dbd5c</change> - <!-- virDomainMigrate --> <change state="vulnerable">81005437f4e860d6d65243473c593e4335193b13</change> - <!-- virStoragePoolSetAutostart --> <change state="vulnerable">cb228a0e24266f43dbab208bd38965e511f714ee</change> - <!-- virDomainBlockPeek --> <change state="vulnerable">8354895e681e8aee9bfa0290cb98123858165b91</change> - <!-- virDomainMemoryPeek --> <change state="vulnerable">6bcf25017bc66ef866768c7a827dfe03c96638f0</change> - <!-- virConnectFindStoragePoolSources --> <change state="vulnerable">39c9354c5ce87e1205f41af4737f970aa4f6e5dd</change> <tag state="fixed">v0.6.0</tag> <change state="fixed">53611889ff93c442028828c70472151a7cf1bf4d</change> diff --git a/notices/2009/0001.xml b/notices/2009/0001.xml index 85aefa1..73d6316 100644 --- a/notices/2009/0001.xml +++ b/notices/2009/0001.xml @@ -59,6 +59,8 @@ their privileges.]]> <tag state="vulnerable">v0.1.7</tag> <tag state="vulnerable">v0.1.8</tag> <tag state="vulnerable">v0.1.9</tag> + <tag state="vulnerable">v0.1.10</tag> + <tag state="vulnerable">v0.1.11</tag> <tag state="vulnerable">v0.2.0</tag> <tag state="vulnerable">v0.2.1</tag> <tag state="vulnerable">v0.2.2</tag> diff --git a/notices/2010/0001.xml b/notices/2010/0001.xml index e197557..874ed8a 100644 --- a/notices/2010/0001.xml +++ b/notices/2010/0001.xml @@ -57,11 +57,8 @@ expected to be a raw disks file and writing a qcow2 header into it.]]> <tag state="vulnerable">v0.8.0</tag> <tag state="vulnerable">v0.8.1</tag> <tag state="vulnerable">v0.8.2</tag> - <!-- SELinux driver --> <change state="vulnerable">fe627697a3830cd2db0efcc201d8caa9e171263d</change> - <!-- DAC driver --> <change state="vulnerable">15f5eaa09895d68b849a0b0ec458acdafe75d080</change> - <!-- CGroups driver --> <change state="vulnerable">117d04fb1d388df700cc37c4d2a68189fab280c0</change> <tag state="fixed">v0.8.3</tag> <change state="fixed">68719c4bddb85fbcc931a5b7d99ac7c8a0af09b0</change> diff --git a/notices/2010/0002.xml b/notices/2010/0002.xml index 97e7553..f8fb356 100644 --- a/notices/2010/0002.xml +++ b/notices/2010/0002.xml @@ -58,11 +58,8 @@ expected to be a raw backing file and writing a qcow2 header into it.]]> <tag state="vulnerable">v0.8.0</tag> <tag state="vulnerable">v0.8.1</tag> <tag state="vulnerable">v0.8.2</tag> - <!-- SELinux driver --> <change state="vulnerable">fe627697a3830cd2db0efcc201d8caa9e171263d</change> - <!-- DAC driver --> <change state="vulnerable">15f5eaa09895d68b849a0b0ec458acdafe75d080</change> - <!-- CGroups driver --> <change state="vulnerable">117d04fb1d388df700cc37c4d2a68189fab280c0</change> <tag state="fixed">v0.8.3</tag> <change state="fixed">68719c4bddb85fbcc931a5b7d99ac7c8a0af09b0</change> diff --git a/notices/2010/0004.xml b/notices/2010/0004.xml index 0403f50..080114d 100644 --- a/notices/2010/0004.xml +++ b/notices/2010/0004.xml @@ -86,7 +86,7 @@ network.]]> <tag state="vulnerable">v0.8.1</tag> <tag state="vulnerable">v0.8.2</tag> <change state="vulnerable">3ea88b568d7f5550ac399f310d2a4488bc31618d</change> - <tag state="vulnerable">v0.8.3</tag> + <tag state="fixed">v0.8.3</tag> <change state="fixed">c567853089a2764c964002dd752e09e318524a38</change> </branch> </product> diff --git a/notices/2011/0001.xml b/notices/2011/0001.xml index b132ae4..a24dd0f 100644 --- a/notices/2011/0001.xml +++ b/notices/2011/0001.xml @@ -76,16 +76,20 @@ rule to prevent them access without first authenticating as root.]]> <tag state="vulnerable">v0.8.4</tag> <tag state="vulnerable">v0.8.5</tag> <tag state="vulnerable">v0.8.6</tag> + <tag state="vulnerable">v0.8.7</tag> <tag state="vulnerable">v0.8.8</tag> - <!-- virNodeDeviceDettach, virNodeDeviceReAttach, virNodeDeviceReset --> <change state="vulnerable">737af2ea04aa1eb954635bd90d0dbcffdd7ff734</change> - <!-- virConnectDomainXMLToNative --> <change state="vulnerable">4d5383fd36c64a83520c9a6e09c946c4ba86cc29</change> - <!-- virDomainRevertToSnapshot, virDomainSnapshotDelete --> <change state="vulnerable">2f992d4be4c6157feec4f88ac586f2c50a8fd466</change> <tag state="fixed">v0.9.0</tag> <change state="fixed">71753cb7f7a16ff800381c0b5ee4e99eea92fed3</change> </branch> + <branch> + <name>v0.8.3-maint</name> + <change state="vulnerable">737af2ea04aa1eb954635bd90d0dbcffdd7ff734</change> + <change state="vulnerable">4d5383fd36c64a83520c9a6e09c946c4ba86cc29</change> + <change state="vulnerable">2f992d4be4c6157feec4f88ac586f2c50a8fd466</change> + </branch> </product> </security-notice> diff --git a/notices/2011/0002.xml b/notices/2011/0002.xml index f086a4d..92d5c8f 100644 --- a/notices/2011/0002.xml +++ b/notices/2011/0002.xml @@ -74,6 +74,10 @@ daemon itself may crash.]]> <tag state="fixed">v0.9.0</tag> <change state="fixed">f44bfb7fb978c9313ce050a1c4149bf04aa0a670</change> </branch> + <branch> + <name>v0.8.3-maint</name> + <change state="vulnerable">4a00119a0ac6828b0f54ed8ecc9f4c338e167d6b</change> + </branch> </product> </security-notice> diff --git a/notices/2012/0001.xml b/notices/2012/0001.xml index 2e246c8..ae9bf94 100644 --- a/notices/2012/0001.xml +++ b/notices/2012/0001.xml @@ -97,6 +97,10 @@ DNS ports on the virtualization host]]> <tag state="fixed">v1.0.1</tag> <change state="fixed">753ff83a50263d6975f88d6605d4b5ddfcc97560</change> </branch> + <branch> + <name>v0.8.3-maint</name> + <change state="vulnerable">038b434f144fa9d24c6e4e9988707ee114973a8a</change> + </branch> <branch> <name>v0.9.6-maint</name> <tag state="vulnerable">v0.9.6.1</tag> @@ -114,15 +118,15 @@ DNS ports on the virtualization host]]> <tag state="vulnerable">v0.9.11.5</tag> <tag state="vulnerable">v0.9.11.6</tag> <tag state="vulnerable">v0.9.11.7</tag> - <tag state="vulnerable">v0.9.11.8</tag> - <tag state="vulnerable">v0.9.11.9</tag> - <tag state="vulnerable">v0.9.11.10</tag> <change state="vulnerable">038b434f144fa9d24c6e4e9988707ee114973a8a</change> + <tag state="fixed">v0.9.11.8</tag> + <change state="fixed">2abde0ac0740e57c47ed684ce0d56195b977bdb3</change> </branch> <branch> <name>v0.9.12-maint</name> <tag state="vulnerable">v0.9.12.1</tag> <tag state="vulnerable">v0.9.12.2</tag> + <tag state="vulnerable">v0.9.12.3</tag> <change state="vulnerable">038b434f144fa9d24c6e4e9988707ee114973a8a</change> </branch> <branch> @@ -132,6 +136,10 @@ DNS ports on the virtualization host]]> <tag state="fixed">v0.10.2.2</tag> <change state="fixed">3fbab08a52fd8cabbf5639c6badd34ceff3e53fe</change> </branch> + <branch> + <name>v1.0.0-maint</name> + <change state="vulnerable">038b434f144fa9d24c6e4e9988707ee114973a8a</change> + </branch> </product> </security-notice> diff --git a/notices/2012/0002.xml b/notices/2012/0002.xml index 6f86c38..73e384f 100644 --- a/notices/2012/0002.xml +++ b/notices/2012/0002.xml @@ -66,7 +66,7 @@ non-allocated memory.]]> <change state="vulnerable">40624d32fb54920e4aa434fbb2b8999d17e02931</change> <tag state="fixed">v0.9.11.5</tag> <change state="fixed">45d6729f98e9842b139b809078d43f1f7a8c779b</change> - </branch> + </branch> <branch> <name>v0.9.12-maint</name> <change state="vulnerable">40624d32fb54920e4aa434fbb2b8999d17e02931</change> diff --git a/notices/2012/0003.xml b/notices/2012/0003.xml index 08eff49..9c5d527 100644 --- a/notices/2012/0003.xml +++ b/notices/2012/0003.xml @@ -81,6 +81,10 @@ malicious user from connecting to libvirtd.]]> <tag state="fixed">v0.10.2</tag> <change state="fixed">b7ff9e696063189a715802d081d55a398663c15a</change> </branch> + <branch> + <name>v0.8.3-maint</name> + <change state="vulnerable">a147ef38374f17c3d02b7db8e857ca33c5c346f9</change> + </branch> <branch> <name>v0.9.6-maint</name> <tag state="vulnerable">v0.9.6.1</tag> diff --git a/notices/2013/0001.xml b/notices/2013/0001.xml index cd63df3..97d8949 100644 --- a/notices/2013/0001.xml +++ b/notices/2013/0001.xml @@ -89,6 +89,14 @@ to crash]]> <tag state="fixed">v0.10.2.3</tag> <change state="fixed">f104a2a6b36aa6f4842c0a64354055657c0df8e2</change> </branch> + <branch> + <name>v1.0.0-maint</name> + <change state="vulnerable">b2c62316477989f8d728af49bdac8248ab5f5463</change> + </branch> + <branch> + <name>v1.0.1-maint</name> + <change state="vulnerable">b2c62316477989f8d728af49bdac8248ab5f5463</change> + </branch> </product> </security-notice> diff --git a/notices/2013/0002.xml b/notices/2013/0002.xml index 42928cc..6959501 100644 --- a/notices/2013/0002.xml +++ b/notices/2013/0002.xml @@ -65,6 +65,14 @@ service]]> <tag state="fixed">v0.10.2.5</tag> <change state="fixed">0f2eda0da9efd25b280c23a5a0d0fdf46f0c3c67</change> </branch> + <branch> + <name>v1.0.0-maint</name> + <change state="vulnerable">a8bac1c0f3b9ff8dd3982a7086d45466055ea0d1</change> + </branch> + <branch> + <name>v1.0.1-maint</name> + <change state="vulnerable">a8bac1c0f3b9ff8dd3982a7086d45466055ea0d1</change> + </branch> <branch> <name>v1.0.2-maint</name> <change state="vulnerable">a8bac1c0f3b9ff8dd3982a7086d45466055ea0d1</change> diff --git a/notices/2013/0003.xml b/notices/2013/0003.xml index adf67c7..509f0ec 100644 --- a/notices/2013/0003.xml +++ b/notices/2013/0003.xml @@ -68,6 +68,26 @@ interfaces.]]> <tag state="vulnerable">v0.10.2.8</tag> <change state="vulnerable">a3cf061c824aac0c4cb06ac91ac0bff612bf0e86</change> </branch> + <branch> + <name>v1.0.0-maint</name> + <change state="vulnerable">a3cf061c824aac0c4cb06ac91ac0bff612bf0e86</change> + </branch> + <branch> + <name>v1.0.1-maint</name> + <change state="vulnerable">a3cf061c824aac0c4cb06ac91ac0bff612bf0e86</change> + </branch> + <branch> + <name>v1.0.2-maint</name> + <change state="vulnerable">a3cf061c824aac0c4cb06ac91ac0bff612bf0e86</change> + </branch> + <branch> + <name>v1.0.3-maint</name> + <change state="vulnerable">a3cf061c824aac0c4cb06ac91ac0bff612bf0e86</change> + </branch> + <branch> + <name>v1.0.4-maint</name> + <change state="vulnerable">a3cf061c824aac0c4cb06ac91ac0bff612bf0e86</change> + </branch> <branch> <name>v1.0.5-maint</name> <tag state="vulnerable">v1.0.5.1</tag> @@ -78,6 +98,7 @@ interfaces.]]> <tag state="vulnerable">v1.0.5.6</tag> <tag state="vulnerable">v1.0.5.7</tag> <tag state="vulnerable">v1.0.5.8</tag> + <tag state="vulnerable">v1.0.5.9</tag> <change state="vulnerable">a3cf061c824aac0c4cb06ac91ac0bff612bf0e86</change> </branch> <branch> diff --git a/notices/2013/0005.xml b/notices/2013/0005.xml index e658f53..6609e8b 100644 --- a/notices/2013/0005.xml +++ b/notices/2013/0005.xml @@ -45,7 +45,7 @@ crash the libvirtd daemon resulting in a denial of service.]]> <name>master</name> <tag state="vulnerable">v1.1.0</tag> <change state="vulnerable">3099c063e348fdc79a900f88bcfc5389dada7786</change> - <tag state="vulnerable">v1.1.1</tag> + <tag state="fixed">v1.1.1</tag> <change state="fixed">dfc692350a04a70b4ca65667c30869b3bfdaf034</change> </branch> <branch> diff --git a/notices/2013/0006.xml b/notices/2013/0006.xml index 8121947..abd4d5e 100644 --- a/notices/2013/0006.xml +++ b/notices/2013/0006.xml @@ -48,6 +48,7 @@ or deny the permission bits in the access control policy.]]> <name>master</name> <tag state="vulnerable">v1.1.0</tag> <change state="vulnerable">d47eff88fe50e43a36671f6d8d0eeda52835d5e0</change> + <tag state="fixed">v1.1.1</tag> <change state="fixed">96518d4316b711c72205117f8d5c967d5127bbb6</change> </branch> <branch> diff --git a/notices/2013/0007.xml b/notices/2013/0007.xml index be8f45a..55ba600 100644 --- a/notices/2013/0007.xml +++ b/notices/2013/0007.xml @@ -45,11 +45,11 @@ list of inactive domains on a Xen host]]> <name>master</name> <tag state="vulnerable">v1.1.1</tag> <change state="vulnerable">632180d14f4a4934436ee4c9ebd8f6b8feed671f</change> + <tag state="fixed">v1.1.2</tag> <change state="fixed">0e671a1646df543eab683b38f6644f70d12fbee1</change> </branch> <branch> <name>v1.1.1-maint</name> - <tag state="vulnerable"></tag> <change state="vulnerable">632180d14f4a4934436ee4c9ebd8f6b8feed671f</change> <change state="fixed">673ff0d7ea937b104c67161843949e83b8080c3b</change> </branch> diff --git a/notices/2013/0010.xml b/notices/2013/0010.xml index f745cd5..27515b0 100644 --- a/notices/2013/0010.xml +++ b/notices/2013/0010.xml @@ -102,8 +102,9 @@ access control framework.]]> </branch> <branch> <name>v0.9.12-maint</name> + <tag state="vulnerable">v0.9.12.1</tag> <change state="vulnerable">158ba8730e44b7dd07a21ab90499996c5dec080a</change> - <tag state="fixed">v0.9.12.1</tag> + <tag state="fixed">v0.9.12.2</tag> <change state="fixed">2f34eae93a09ac94297eaa91ad8f4b037b2c9e27</change> </branch> <branch> @@ -119,6 +120,14 @@ access control framework.]]> <tag state="fixed">v0.10.2.8</tag> <change state="fixed">455de1215cc921efcd2b210f129f55c27445d623</change> </branch> + <branch> + <name>v1.0.0-maint</name> + <change state="vulnerable">158ba8730e44b7dd07a21ab90499996c5dec080a</change> + </branch> + <branch> + <name>v1.0.1-maint</name> + <change state="vulnerable">158ba8730e44b7dd07a21ab90499996c5dec080a</change> + </branch> <branch> <name>v1.0.2-maint</name> <change state="vulnerable">158ba8730e44b7dd07a21ab90499996c5dec080a</change> @@ -160,6 +169,11 @@ access control framework.]]> <change state="vulnerable">158ba8730e44b7dd07a21ab90499996c5dec080a</change> <change state="fixed">f229972fd92374eed356c3ede74b886ebe77734e</change> </branch> + <branch> + <name>v1.1.2-maint</name> + <change state="vulnerable">158ba8730e44b7dd07a21ab90499996c5dec080a</change> + <change state="fixed">10d159fee27d007de42890626340c581cd12d788</change> + </branch> </product> </security-notice> diff --git a/notices/2013/0012.xml b/notices/2013/0012.xml index cb0acce..1560fb6 100644 --- a/notices/2013/0012.xml +++ b/notices/2013/0012.xml @@ -51,7 +51,6 @@ server and use of the polkit access control driver.]]> <repository>libvirt.git</repository> <branch> <name>master</name> - <tag state="vulnerable">v0.7.0</tag> <tag state="vulnerable">v0.7.1</tag> <tag state="vulnerable">v0.7.2</tag> <tag state="vulnerable">v0.7.3</tag> @@ -98,6 +97,11 @@ server and use of the polkit access control driver.]]> <change state="vulnerable">8e06c8b3da889899072d4ff051f3325fc4e4f58d</change> <tag state="fixed">v1.1.3</tag> <change state="fixed">922b7fda77b094dbf022d625238262ea05335666</change> + <change state="fixed">e4697b92abaad16e8e6b41a1e55be9b084d48d5a</change> + </branch> + <branch> + <name>v0.8.3-maint</name> + <change state="vulnerable">8e06c8b3da889899072d4ff051f3325fc4e4f58d</change> </branch> <branch> <name>v0.9.6-maint</name> @@ -123,8 +127,10 @@ server and use of the polkit access control driver.]]> </branch> <branch> <name>v0.9.12-maint</name> + <tag state="vulnerable">v0.9.12.1</tag> + <tag state="vulnerable">v0.9.12.2</tag> + <tag state="vulnerable">v0.9.12.3</tag> <change state="vulnerable">8e06c8b3da889899072d4ff051f3325fc4e4f58d</change> - <tag state="fixed">v0.9.12.1</tag> <change state="fixed">078627104d338b8de18156a7162d9b19378c5e88</change> </branch> <branch> @@ -136,10 +142,18 @@ server and use of the polkit access control driver.]]> <tag state="vulnerable">v0.10.2.5</tag> <tag state="vulnerable">v0.10.2.6</tag> <tag state="vulnerable">v0.10.2.7</tag> + <tag state="vulnerable">v0.10.2.8</tag> <change state="vulnerable">8e06c8b3da889899072d4ff051f3325fc4e4f58d</change> - <tag state="fixed">v0.10.2.8</tag> <change state="fixed">77d448e15d73773d5ffe00b62dbdbc0380c4faae</change> </branch> + <branch> + <name>v1.0.0-maint</name> + <change state="vulnerable">8e06c8b3da889899072d4ff051f3325fc4e4f58d</change> + </branch> + <branch> + <name>v1.0.1-maint</name> + <change state="vulnerable">8e06c8b3da889899072d4ff051f3325fc4e4f58d</change> + </branch> <branch> <name>v1.0.2-maint</name> <change state="vulnerable">8e06c8b3da889899072d4ff051f3325fc4e4f58d</change> @@ -162,8 +176,11 @@ server and use of the polkit access control driver.]]> <tag state="vulnerable">v1.0.5.3</tag> <tag state="vulnerable">v1.0.5.4</tag> <tag state="vulnerable">v1.0.5.5</tag> + <tag state="vulnerable">v1.0.5.6</tag> + <tag state="vulnerable">v1.0.5.7</tag> + <tag state="vulnerable">v1.0.5.8</tag> + <tag state="vulnerable">v1.0.5.9</tag> <change state="vulnerable">8e06c8b3da889899072d4ff051f3325fc4e4f58d</change> - <tag state="fixed">v1.0.5.6</tag> <change state="fixed">85ca41529db49a5e0ff633eaa891136218c03645</change> </branch> <branch> @@ -174,16 +191,19 @@ server and use of the polkit access control driver.]]> <branch> <name>v1.1.0-maint</name> <change state="vulnerable">8e06c8b3da889899072d4ff051f3325fc4e4f58d</change> + <change state="fixed">d014e3eb084a0b3388bd351b9ce2d90e54234b4e</change> <change state="fixed">15033105c262ce115a05c8cba4951752b556fbe8</change> </branch> <branch> <name>v1.1.1-maint</name> <change state="vulnerable">8e06c8b3da889899072d4ff051f3325fc4e4f58d</change> + <change state="fixed">003b655e009597c514082ec832e96bfd78fdbece</change> <change state="fixed">7659e912c5e6d152210e7084d57770ea10335a3a</change> </branch> <branch> <name>v1.1.2-maint</name> <change state="vulnerable">8e06c8b3da889899072d4ff051f3325fc4e4f58d</change> + <change state="fixed">8616dc8b4f3bf0537cb316eb1465d213012d131f</change> <change state="fixed">2a32bbbfb118d68071bb0a107b20a5ffdfdc6808</change> </branch> </product> diff --git a/notices/2013/0015.xml b/notices/2013/0015.xml index fb97f80..ca363e6 100644 --- a/notices/2013/0015.xml +++ b/notices/2013/0015.xml @@ -49,7 +49,7 @@ could cause the libvirtd daemon to execute arbitrary binaries as root]]> <tag state="vulnerable">v1.1.2</tag> <tag state="vulnerable">v1.1.3</tag> <change state="vulnerable">e341435e5090677c67a0d3d4ca0393102054841f</change> - <tag state="fixed">1.1.4</tag> + <tag state="fixed">v1.1.4</tag> <change state="fixed">57687fd6bf7f6e1b3662c52f3f26c06ab19dc96c</change> </branch> <branch> diff --git a/notices/2013/0016.xml b/notices/2013/0016.xml index d4dc4f3..75ca0ac 100644 --- a/notices/2013/0016.xml +++ b/notices/2013/0016.xml @@ -68,12 +68,27 @@ daemon]]> <tag state="vulnerable">v0.10.2.6</tag> <tag state="vulnerable">v0.10.2.7</tag> <change state="vulnerable">0fc89098a68f0f6962de8be4fc03ddd960ffbf08</change> - <change state="fixed">v0.10.2.8</change> + <tag state="fixed">v0.10.2.8</tag> <change state="fixed">ecad40d8b84864bee4495d1447902a6206a39a4d</change> </branch> + <branch> + <name>v1.0.0-maint</name> + <change state="vulnerable">0fc89098a68f0f6962de8be4fc03ddd960ffbf08</change> + </branch> + <branch> + <name>v1.0.1-maint</name> + <change state="vulnerable">0fc89098a68f0f6962de8be4fc03ddd960ffbf08</change> + </branch> + <branch> + <name>v1.0.2-maint</name> + <change state="vulnerable">0fc89098a68f0f6962de8be4fc03ddd960ffbf08</change> + </branch> + <branch> + <name>v1.0.3-maint</name> + <change state="vulnerable">0fc89098a68f0f6962de8be4fc03ddd960ffbf08</change> + </branch> <branch> <name>v1.0.4-maint</name> - <tag state="vulnerable"></tag> <change state="vulnerable">0fc89098a68f0f6962de8be4fc03ddd960ffbf08</change> <change state="fixed">b68a721d45085115d9d1ffd5329aff1fdaf1845a</change> </branch> @@ -90,19 +105,16 @@ daemon]]> </branch> <branch> <name>v1.0.6-maint</name> - <tag state="vulnerable"></tag> <change state="vulnerable">0fc89098a68f0f6962de8be4fc03ddd960ffbf08</change> <change state="fixed">c56f17e5435858f30471eb3da3a19a3ccd9d5a3b</change> </branch> <branch> <name>v1.1.0-maint</name> - <tag state="vulnerable"></tag> <change state="vulnerable">0fc89098a68f0f6962de8be4fc03ddd960ffbf08</change> <change state="fixed">7d7e29bb939e3caabe8ddfef42bb44c0011436f3</change> </branch> <branch> <name>v1.1.1-maint</name> - <tag state="vulnerable"></tag> <change state="vulnerable">0fc89098a68f0f6962de8be4fc03ddd960ffbf08</change> <change state="fixed">02340c7f67c381395aeede4586bd3b1ff3f5d291</change> </branch> diff --git a/notices/2013/0018.xml b/notices/2013/0018.xml index 01f6163..1beed4d 100644 --- a/notices/2013/0018.xml +++ b/notices/2013/0018.xml @@ -73,7 +73,7 @@ unless the guest OS is trusted.]]> <tag state="vulnerable">v1.0.4</tag> <tag state="vulnerable">v1.0.5</tag> <tag state="vulnerable">v1.0.6</tag> - <tag state="vulnerable">v1.0.0</tag> + <tag state="vulnerable">v1.1.0</tag> <tag state="vulnerable">v1.1.1</tag> <tag state="vulnerable">v1.1.2</tag> <tag state="vulnerable">v1.1.3</tag> @@ -85,9 +85,7 @@ unless the guest OS is trusted.]]> <change state="vulnerable">ed77abc58bc5a6837a5021f26e1a335dbfb477bf</change> <change state="vulnerable">a5efb3190913b6903775ca3756f79443d4ea8a5b</change> <change state="vulnerable">4ad6a013304f6fe29b0866742c902054bfbcf23f</change> - <!-- <tag state="fixed">v1.2.2</tag> - --> <change state="fixed">aebbcdd33c8c18891f0bdbbf8924599a28152c9c</change> <change state="fixed">4dd3a7d5bc44980135a1b11810ba9aeab42a4a59</change> <change state="fixed">7fba01c15c1f886b4235825692b4c13e88dd9f7b</change> @@ -95,6 +93,14 @@ unless the guest OS is trusted.]]> <change state="fixed">1cadeafcaa422844a27ef622e2a7041d0235bcb3</change> <change state="fixed">5fc590ad9f4071350a8df4d567ba88baacc8334d</change> </branch> + <branch> + <name>v1.0.1-maint</name> + <change state="vulnerable">cbb106f807b32f1f6af22d1e92fe0ff9ba6d73b3</change> + <change state="vulnerable">de858e3fa7ffcab5f80d07f8a74d94cbaf8716b9</change> + <change state="vulnerable">ed77abc58bc5a6837a5021f26e1a335dbfb477bf</change> + <change state="vulnerable">a5efb3190913b6903775ca3756f79443d4ea8a5b</change> + <change state="vulnerable">4ad6a013304f6fe29b0866742c902054bfbcf23f</change> + </branch> <branch> <name>v1.0.2-maint</name> <change state="vulnerable">cbb106f807b32f1f6af22d1e92fe0ff9ba6d73b3</change> @@ -135,12 +141,12 @@ unless the guest OS is trusted.]]> <change state="vulnerable">ed77abc58bc5a6837a5021f26e1a335dbfb477bf</change> <change state="vulnerable">a5efb3190913b6903775ca3756f79443d4ea8a5b</change> <change state="vulnerable">4ad6a013304f6fe29b0866742c902054bfbcf23f</change> - <change state="fixed">f84056cf6166332b1f15f3e6584a88f5d42273fe</change> - <change state="fixed">0e9fee68b3bff24e4d3ab48de8129946202f3bc0</change> - <change state="fixed">9849cf6d89e5665667a0df449ddc3fd5582da242</change> - <change state="fixed">21821ed4d1faf5bf563a26e8ac7cd2eb0450d322</change> - <change state="fixed">e57058cfe827b1971ca0dee224ff273c9cad7756</change> <change state="fixed">e1e7e05376faf1ed471cb5c1d1e0415458f2af7d</change> + <change state="fixed">e57058cfe827b1971ca0dee224ff273c9cad7756</change> + <change state="fixed">21821ed4d1faf5bf563a26e8ac7cd2eb0450d322</change> + <change state="fixed">9849cf6d89e5665667a0df449ddc3fd5582da242</change> + <change state="fixed">0e9fee68b3bff24e4d3ab48de8129946202f3bc0</change> + <change state="fixed">f84056cf6166332b1f15f3e6584a88f5d42273fe</change> </branch> <branch> <name>v1.0.6-maint</name> @@ -149,12 +155,12 @@ unless the guest OS is trusted.]]> <change state="vulnerable">ed77abc58bc5a6837a5021f26e1a335dbfb477bf</change> <change state="vulnerable">a5efb3190913b6903775ca3756f79443d4ea8a5b</change> <change state="vulnerable">4ad6a013304f6fe29b0866742c902054bfbcf23f</change> - <change state="fixed">e9941eee1a3c1cb0af7bc39076eb0e8c2c4eb603</change> - <change state="fixed">84cf9af8d9a803f2e12df0b8b0c2bd2de544cf93</change> - <change state="fixed">f8706947b86e6de2961aacddb5eb2345d9c033b4</change> - <change state="fixed">081e0fabfd8c0f5c3f2c869ddcf11710c445a962</change> - <change state="fixed">b2a853e1f6aea9683a30eafd2b069b8be0fcf898</change> <change state="fixed">bd9ec4506e29a9ce682961eee99d0326ed64145d</change> + <change state="fixed">b2a853e1f6aea9683a30eafd2b069b8be0fcf898</change> + <change state="fixed">081e0fabfd8c0f5c3f2c869ddcf11710c445a962</change> + <change state="fixed">f8706947b86e6de2961aacddb5eb2345d9c033b4</change> + <change state="fixed">84cf9af8d9a803f2e12df0b8b0c2bd2de544cf93</change> + <change state="fixed">e9941eee1a3c1cb0af7bc39076eb0e8c2c4eb603</change> </branch> <branch> <name>v1.1.0-maint</name> @@ -163,12 +169,12 @@ unless the guest OS is trusted.]]> <change state="vulnerable">ed77abc58bc5a6837a5021f26e1a335dbfb477bf</change> <change state="vulnerable">a5efb3190913b6903775ca3756f79443d4ea8a5b</change> <change state="vulnerable">4ad6a013304f6fe29b0866742c902054bfbcf23f</change> - <change state="fixed">61c7e0b66e8b37d4ea64024c100d2ed467d5cb47</change> - <change state="fixed">43720035b7f4c175ef2594296d874bc1910840b3</change> - <change state="fixed">212414281f0001da78f2312d7f52dcf124317fc9</change> - <change state="fixed">c17dd7ede2affd147ffdc5e8daef85939bda0dd0</change> - <change state="fixed">ed46a680a02cf96b229a89f74ddbab69522c9ef5</change> <change state="fixed">807db4a30ee903f973d496b3293d9e6aaa511174</change> + <change state="fixed">ed46a680a02cf96b229a89f74ddbab69522c9ef5</change> + <change state="fixed">c17dd7ede2affd147ffdc5e8daef85939bda0dd0</change> + <change state="fixed">212414281f0001da78f2312d7f52dcf124317fc9</change> + <change state="fixed">43720035b7f4c175ef2594296d874bc1910840b3</change> + <change state="fixed">61c7e0b66e8b37d4ea64024c100d2ed467d5cb47</change> </branch> <branch> <name>v1.1.1-maint</name> @@ -177,12 +183,12 @@ unless the guest OS is trusted.]]> <change state="vulnerable">ed77abc58bc5a6837a5021f26e1a335dbfb477bf</change> <change state="vulnerable">a5efb3190913b6903775ca3756f79443d4ea8a5b</change> <change state="vulnerable">4ad6a013304f6fe29b0866742c902054bfbcf23f</change> - <change state="fixed">6ecb7bc3aed7f60edad5289c9b0cfcf99eee6611</change> - <change state="fixed">72a4c29ca72789b13de1ed9cb96df9fb2b0fdde4</change> - <change state="fixed">83f83508e128275bd1b74988162dc6b9f86e00ee</change> - <change state="fixed">398c88edfaef50b9b59eb2d9a61b07c9c940a661</change> - <change state="fixed">dd055960df60c536957664f0ae3c591feecf7b09</change> <change state="fixed">14d69bd00e4455a1d174d14c5af73975cf9e904a</change> + <change state="fixed">dd055960df60c536957664f0ae3c591feecf7b09</change> + <change state="fixed">398c88edfaef50b9b59eb2d9a61b07c9c940a661</change> + <change state="fixed">83f83508e128275bd1b74988162dc6b9f86e00ee</change> + <change state="fixed">72a4c29ca72789b13de1ed9cb96df9fb2b0fdde4</change> + <change state="fixed">6ecb7bc3aed7f60edad5289c9b0cfcf99eee6611</change> </branch> <branch> <name>v1.1.2-maint</name> @@ -191,12 +197,12 @@ unless the guest OS is trusted.]]> <change state="vulnerable">ed77abc58bc5a6837a5021f26e1a335dbfb477bf</change> <change state="vulnerable">a5efb3190913b6903775ca3756f79443d4ea8a5b</change> <change state="vulnerable">4ad6a013304f6fe29b0866742c902054bfbcf23f</change> - <change state="fixed">f639b2d17ce935b650bb2aca7bdd8d727cab8b02</change> - <change state="fixed">a06bdfcb446f182e490f70422a8431c3bcb2c801</change> - <change state="fixed">77ddbad2a9272239a09673c5d6993793308514e9</change> - <change state="fixed">a6e9270ec79924fabd5a872984bb5d38eaf3df8a</change> - <change state="fixed">eae2a2ada81c5828991bb1b9438f7556a7e51ce8</change> <change state="fixed">21368274a9aa91e8a5f0addb3a6bba8dad91e334</change> + <change state="fixed">eae2a2ada81c5828991bb1b9438f7556a7e51ce8</change> + <change state="fixed">a6e9270ec79924fabd5a872984bb5d38eaf3df8a</change> + <change state="fixed">77ddbad2a9272239a09673c5d6993793308514e9</change> + <change state="fixed">a06bdfcb446f182e490f70422a8431c3bcb2c801</change> + <change state="fixed">f639b2d17ce935b650bb2aca7bdd8d727cab8b02</change> </branch> <branch> <name>v1.1.3-maint</name> @@ -209,12 +215,12 @@ unless the guest OS is trusted.]]> <change state="vulnerable">a5efb3190913b6903775ca3756f79443d4ea8a5b</change> <change state="vulnerable">4ad6a013304f6fe29b0866742c902054bfbcf23f</change> <tag state="fixed">v1.1.3.4</tag> - <change state="fixed">a3a3cfcb7c400bcde198b5b929ff2d4f889dee78</change> - <change state="fixed">cb016b9ef1a6d786657a98546db8412f86510367</change> - <change state="fixed">72e379ed93b4707e26bbc5e3457a85833f50eb1a</change> - <change state="fixed">fcf05c194cb1cca6b5c703073b97ed1408a2c546</change> - <change state="fixed">d5c0b57fffbe651c425b4de6c11712030cce7e7e</change> <change state="fixed">fef343339127b989746214b86901553da6d17863</change> + <change state="fixed">d5c0b57fffbe651c425b4de6c11712030cce7e7e</change> + <change state="fixed">fcf05c194cb1cca6b5c703073b97ed1408a2c546</change> + <change state="fixed">72e379ed93b4707e26bbc5e3457a85833f50eb1a</change> + <change state="fixed">cb016b9ef1a6d786657a98546db8412f86510367</change> + <change state="fixed">a3a3cfcb7c400bcde198b5b929ff2d4f889dee78</change> </branch> <branch> <name>v1.1.4-maint</name> @@ -223,12 +229,12 @@ unless the guest OS is trusted.]]> <change state="vulnerable">ed77abc58bc5a6837a5021f26e1a335dbfb477bf</change> <change state="vulnerable">a5efb3190913b6903775ca3756f79443d4ea8a5b</change> <change state="vulnerable">4ad6a013304f6fe29b0866742c902054bfbcf23f</change> - <change state="fixed">28681077373f1fa567b7f56117a22047f90925fe</change> - <change state="fixed">0e931dfcda308fbb84eef42bc92e257e39af083d</change> - <change state="fixed">3101022b4d4fee46916b87b1c21a3956a91d94b2</change> - <change state="fixed">1d1daaf58677cfa843b6891a98dc6cdb42116434</change> - <change state="fixed">80f57ec4224af65392db09fb8f47be7434e2fc86</change> <change state="fixed">ba4065b6f64fca7706070b8458fdf0bc06115b9b</change> + <change state="fixed">80f57ec4224af65392db09fb8f47be7434e2fc86</change> + <change state="fixed">1d1daaf58677cfa843b6891a98dc6cdb42116434</change> + <change state="fixed">3101022b4d4fee46916b87b1c21a3956a91d94b2</change> + <change state="fixed">0e931dfcda308fbb84eef42bc92e257e39af083d</change> + <change state="fixed">28681077373f1fa567b7f56117a22047f90925fe</change> </branch> <branch> <name>v1.2.0-maint</name> @@ -237,12 +243,12 @@ unless the guest OS is trusted.]]> <change state="vulnerable">ed77abc58bc5a6837a5021f26e1a335dbfb477bf</change> <change state="vulnerable">a5efb3190913b6903775ca3756f79443d4ea8a5b</change> <change state="vulnerable">4ad6a013304f6fe29b0866742c902054bfbcf23f</change> - <change state="fixed">3e97a53caa9adddd47da1c22dbed81ef2e02f735</change> - <change state="fixed">17188260657e095f5d210bc73ba1661875a8f885</change> - <change state="fixed">70665ec5f2cd910666bc703727dc6d7c15efe7bf</change> - <change state="fixed">3f43a7727ac068de8aac6b9c030b38fb3cb1426d</change> - <change state="fixed">cd48d62aca488a116b47073be2607653a1d3305e</change> <change state="fixed">8fca7a4fa6b40d21723008d2092536349f20517d</change> + <change state="fixed">cd48d62aca488a116b47073be2607653a1d3305e</change> + <change state="fixed">3f43a7727ac068de8aac6b9c030b38fb3cb1426d</change> + <change state="fixed">70665ec5f2cd910666bc703727dc6d7c15efe7bf</change> + <change state="fixed">17188260657e095f5d210bc73ba1661875a8f885</change> + <change state="fixed">3e97a53caa9adddd47da1c22dbed81ef2e02f735</change> </branch> <branch> <name>v1.2.1-maint</name> @@ -251,12 +257,12 @@ unless the guest OS is trusted.]]> <change state="vulnerable">ed77abc58bc5a6837a5021f26e1a335dbfb477bf</change> <change state="vulnerable">a5efb3190913b6903775ca3756f79443d4ea8a5b</change> <change state="vulnerable">4ad6a013304f6fe29b0866742c902054bfbcf23f</change> - <change state="fixed">8b546028f901dc414463678574ceabbacc37c4cb</change> - <change state="fixed">b0ed2d94ace3c57198ce7b4793f906abf5397e36</change> - <change state="fixed">ee1269eecd3566729f3909db624f7ebd7bf1b84a</change> - <change state="fixed">b9997828231b3492252cb6d9a0ad4f3dc522791e</change> - <change state="fixed">51a897a22e1c031edd46fd077487a2f8e649cb9f</change> <change state="fixed">ad52184399aa414fa3d7e2756e4ea6a45ec0d3a3</change> + <change state="fixed">51a897a22e1c031edd46fd077487a2f8e649cb9f</change> + <change state="fixed">b9997828231b3492252cb6d9a0ad4f3dc522791e</change> + <change state="fixed">ee1269eecd3566729f3909db624f7ebd7bf1b84a</change> + <change state="fixed">b0ed2d94ace3c57198ce7b4793f906abf5397e36</change> + <change state="fixed">8b546028f901dc414463678574ceabbacc37c4cb</change> </branch> </product> diff --git a/notices/2013/0020.xml b/notices/2013/0020.xml index 1e0bf93..cff2f52 100644 --- a/notices/2013/0020.xml +++ b/notices/2013/0020.xml @@ -60,7 +60,6 @@ actions is sufficient to avoid the problem.]]> <repository>libvirt.git</repository> <branch> <name>master</name> - <change state="vulnerable">ebb0c19c48690f0598de954f8e0e9d4d29d48b85</change> <tag state="vulnerable">v0.8.2</tag> <tag state="vulnerable">v0.8.3</tag> <tag state="vulnerable">v0.8.4</tag> @@ -70,15 +69,12 @@ actions is sufficient to avoid the problem.]]> <tag state="vulnerable">v0.8.8</tag> <tag state="vulnerable">v0.9.0</tag> <tag state="vulnerable">v0.9.1</tag> - <change state="vulnerable">18c2a592064d69499f70428e498f4a3cb5161cda</change> <tag state="vulnerable">v0.9.2</tag> <tag state="vulnerable">v0.9.3</tag> - <change state="vulnerable">b976165ca4d82788be77d14843a4d079139539ba</change> <tag state="vulnerable">v0.9.4</tag> <tag state="vulnerable">v0.9.5</tag> <tag state="vulnerable">v0.9.6</tag> <tag state="vulnerable">v0.9.7</tag> - <change state="vulnerable">eca96694a7f992be633d48d5ca03cedc9bbc3c9a</change> <tag state="vulnerable">v0.9.8</tag> <tag state="vulnerable">v0.9.9</tag> <tag state="vulnerable">v0.9.10</tag> @@ -101,6 +97,10 @@ actions is sufficient to avoid the problem.]]> <tag state="vulnerable">v1.1.3</tag> <tag state="vulnerable">v1.1.4</tag> <tag state="vulnerable">v1.2.0</tag> + <change state="vulnerable">ebb0c19c48690f0598de954f8e0e9d4d29d48b85</change> + <change state="vulnerable">18c2a592064d69499f70428e498f4a3cb5161cda</change> + <change state="vulnerable">b976165ca4d82788be77d14843a4d079139539ba</change> + <change state="vulnerable">eca96694a7f992be633d48d5ca03cedc9bbc3c9a</change> <tag state="fixed">v1.2.1</tag> <change state="fixed">db86da5ca2109e4006c286a09b6c75bfe10676ad</change> <change state="fixed">b799259583bd65c0b2f5042e6c3ff19637ade881</change> @@ -110,23 +110,23 @@ actions is sufficient to avoid the problem.]]> <branch> <name>v0.8.3-maint</name> <change state="vulnerable">ebb0c19c48690f0598de954f8e0e9d4d29d48b85</change> + <change state="vulnerable">18c2a592064d69499f70428e498f4a3cb5161cda</change> + <change state="vulnerable">b976165ca4d82788be77d14843a4d079139539ba</change> + <change state="vulnerable">eca96694a7f992be633d48d5ca03cedc9bbc3c9a</change> </branch> <branch> <name>v0.9.6-maint</name> - <change state="vulnerable">ebb0c19c48690f0598de954f8e0e9d4d29d48b85</change> - <change state="vulnerable">18c2a592064d69499f70428e498f4a3cb5161cda</change> - <change state="vulnerable">b976165ca4d82788be77d14843a4d079139539ba</change> <tag state="vulnerable">v0.9.6.1</tag> <tag state="vulnerable">v0.9.6.2</tag> <tag state="vulnerable">v0.9.6.3</tag> <tag state="vulnerable">v0.9.6.4</tag> - </branch> - <branch> - <name>v0.9.11-maint</name> <change state="vulnerable">ebb0c19c48690f0598de954f8e0e9d4d29d48b85</change> <change state="vulnerable">18c2a592064d69499f70428e498f4a3cb5161cda</change> <change state="vulnerable">b976165ca4d82788be77d14843a4d079139539ba</change> <change state="vulnerable">eca96694a7f992be633d48d5ca03cedc9bbc3c9a</change> + </branch> + <branch> + <name>v0.9.11-maint</name> <tag state="vulnerable">v0.9.11.1</tag> <tag state="vulnerable">v0.9.11.2</tag> <tag state="vulnerable">v0.9.11.3</tag> @@ -137,27 +137,27 @@ actions is sufficient to avoid the problem.]]> <tag state="vulnerable">v0.9.11.8</tag> <tag state="vulnerable">v0.9.11.9</tag> <tag state="vulnerable">v0.9.11.10</tag> + <change state="vulnerable">ebb0c19c48690f0598de954f8e0e9d4d29d48b85</change> + <change state="vulnerable">18c2a592064d69499f70428e498f4a3cb5161cda</change> + <change state="vulnerable">b976165ca4d82788be77d14843a4d079139539ba</change> + <change state="vulnerable">eca96694a7f992be633d48d5ca03cedc9bbc3c9a</change> </branch> <branch> <name>v0.9.12-maint</name> + <tag state="vulnerable">v0.9.12.1</tag> + <tag state="vulnerable">v0.9.12.2</tag> <change state="vulnerable">ebb0c19c48690f0598de954f8e0e9d4d29d48b85</change> <change state="vulnerable">18c2a592064d69499f70428e498f4a3cb5161cda</change> <change state="vulnerable">b976165ca4d82788be77d14843a4d079139539ba</change> <change state="vulnerable">eca96694a7f992be633d48d5ca03cedc9bbc3c9a</change> - <tag state="vulnerable">v0.9.12.1</tag> - <tag state="vulnerable">v0.9.12.2</tag> + <tag state="fixed">v0.9.12.3</tag> <change state="fixed">c430c002dd8287c5d7b834993ddfbd61435248c4</change> <change state="fixed">4dd29d3bdf4bf3a4c4b1077ddf4355bcf548ca2f</change> <change state="fixed">3e7d9e54e9ce286fe1bee5d32089cd58d63e5cee</change> <change state="fixed">2786686eb5855e0046817d47055cd784881ca8cb</change> - <tag state="fixed">v0.9.12.3</tag> </branch> <branch> <name>v0.10.2-maint</name> - <change state="vulnerable">ebb0c19c48690f0598de954f8e0e9d4d29d48b85</change> - <change state="vulnerable">18c2a592064d69499f70428e498f4a3cb5161cda</change> - <change state="vulnerable">b976165ca4d82788be77d14843a4d079139539ba</change> - <change state="vulnerable">eca96694a7f992be633d48d5ca03cedc9bbc3c9a</change> <tag state="vulnerable">v0.10.2.1</tag> <tag state="vulnerable">v0.10.2.2</tag> <tag state="vulnerable">v0.10.2.3</tag> @@ -166,11 +166,29 @@ actions is sufficient to avoid the problem.]]> <tag state="vulnerable">v0.10.2.6</tag> <tag state="vulnerable">v0.10.2.7</tag> <tag state="vulnerable">v0.10.2.8</tag> + <change state="vulnerable">ebb0c19c48690f0598de954f8e0e9d4d29d48b85</change> + <change state="vulnerable">18c2a592064d69499f70428e498f4a3cb5161cda</change> + <change state="vulnerable">b976165ca4d82788be77d14843a4d079139539ba</change> + <change state="vulnerable">eca96694a7f992be633d48d5ca03cedc9bbc3c9a</change> <change state="fixed">5f5e9eb23dead857b1858da8b97a6cb0442fabed</change> <change state="fixed">7a9bcfa1ccc190e33e6fa931df8143cc9623cf24</change> <change state="fixed">95836cb26b1d91b8e9eba0c4764bc24cccc78684</change> <change state="fixed">f59d02c487659e9d9f8e152673a0fe4d612172b2</change> </branch> + <branch> + <name>v1.0.0-maint</name> + <change state="vulnerable">ebb0c19c48690f0598de954f8e0e9d4d29d48b85</change> + <change state="vulnerable">18c2a592064d69499f70428e498f4a3cb5161cda</change> + <change state="vulnerable">b976165ca4d82788be77d14843a4d079139539ba</change> + <change state="vulnerable">eca96694a7f992be633d48d5ca03cedc9bbc3c9a</change> + </branch> + <branch> + <name>v1.0.1-maint</name> + <change state="vulnerable">ebb0c19c48690f0598de954f8e0e9d4d29d48b85</change> + <change state="vulnerable">18c2a592064d69499f70428e498f4a3cb5161cda</change> + <change state="vulnerable">b976165ca4d82788be77d14843a4d079139539ba</change> + <change state="vulnerable">eca96694a7f992be633d48d5ca03cedc9bbc3c9a</change> + </branch> <branch> <name>v1.0.2-maint</name> <change state="vulnerable">ebb0c19c48690f0598de954f8e0e9d4d29d48b85</change> @@ -206,10 +224,6 @@ actions is sufficient to avoid the problem.]]> </branch> <branch> <name>v1.0.5-maint</name> - <change state="vulnerable">ebb0c19c48690f0598de954f8e0e9d4d29d48b85</change> - <change state="vulnerable">18c2a592064d69499f70428e498f4a3cb5161cda</change> - <change state="vulnerable">b976165ca4d82788be77d14843a4d079139539ba</change> - <change state="vulnerable">eca96694a7f992be633d48d5ca03cedc9bbc3c9a</change> <tag state="vulnerable">v1.0.5.1</tag> <tag state="vulnerable">v1.0.5.2</tag> <tag state="vulnerable">v1.0.5.3</tag> @@ -218,11 +232,15 @@ actions is sufficient to avoid the problem.]]> <tag state="vulnerable">v1.0.5.6</tag> <tag state="vulnerable">v1.0.5.7</tag> <tag state="vulnerable">v1.0.5.8</tag> + <change state="vulnerable">ebb0c19c48690f0598de954f8e0e9d4d29d48b85</change> + <change state="vulnerable">18c2a592064d69499f70428e498f4a3cb5161cda</change> + <change state="vulnerable">b976165ca4d82788be77d14843a4d079139539ba</change> + <change state="vulnerable">eca96694a7f992be633d48d5ca03cedc9bbc3c9a</change> + <tag state="fixed">v1.0.5.9</tag> <change state="fixed">c67b0de046b16dca352537e8f39ff935a5fded76</change> <change state="fixed">923319189022c5806da01b963dddd8dff0d6c747</change> <change state="fixed">6cd879829aaf02f56182feb16b4284d5b3fdcfd7</change> <change state="fixed">dee5fc756648e62062da3366583fc343413e1ba7</change> - <tag state="fixed">v1.0.5.9</tag> </branch> <branch> <name>v1.0.6-maint</name> @@ -270,17 +288,17 @@ actions is sufficient to avoid the problem.]]> </branch> <branch> <name>v1.1.3-maint</name> + <tag state="vulnerable">v1.1.3.1</tag> + <tag state="vulnerable">v1.1.3.2</tag> <change state="vulnerable">ebb0c19c48690f0598de954f8e0e9d4d29d48b85</change> <change state="vulnerable">18c2a592064d69499f70428e498f4a3cb5161cda</change> <change state="vulnerable">b976165ca4d82788be77d14843a4d079139539ba</change> <change state="vulnerable">eca96694a7f992be633d48d5ca03cedc9bbc3c9a</change> - <tag state="vulnerable">v1.1.3.1</tag> - <tag state="vulnerable">v1.1.3.2</tag> + <tag state="fixed">v1.1.3.3</tag> <change state="fixed">1bfc35e3f837ab7b399fe664281b7db06db96a05</change> <change state="fixed">0e98442e3bcbf832f49a6d36f94558bb026e3f3a</change> <change state="fixed">7354aaf4607beaa9f4a6d68e3b26a28c97494e58</change> <change state="fixed">a7844b9ec2718dad9f5e5316cc0673e95098d812</change> - <tag state="fixed">v1.1.3.3</tag> </branch> <branch> <name>v1.1.4-maint</name> diff --git a/notices/2013/0021.xml b/notices/2013/0021.xml index c961fd8..bc2762d 100644 --- a/notices/2013/0021.xml +++ b/notices/2013/0021.xml @@ -54,10 +54,10 @@ migration is sufficient to avoid the problem.]]> <repository>libvirt.git</repository> <branch> <name>master</name> - <change state="vulnerable">9da7b11bcd3e9732dd881a9e6158a0c98bafd9fe</change> <tag state="vulnerable">v1.1.0</tag> <tag state="vulnerable">v1.1.1</tag> <tag state="vulnerable">v1.1.2</tag> + <change state="vulnerable">9da7b11bcd3e9732dd881a9e6158a0c98bafd9fe</change> <tag state="fixed">v1.1.3</tag> <change state="fixed">484cc3217b73b865f00bf42a9c12187b37200699</change> </branch> diff --git a/notices/2014/0001.xml b/notices/2014/0001.xml index dc93468..537d9f4 100644 --- a/notices/2014/0001.xml +++ b/notices/2014/0001.xml @@ -108,6 +108,14 @@ file]]> <change state="vulnerable">f4324e32927580e3620f0de3a0ec80334936e263</change> <change state="fixed">35ed9796981cf7b939f28b60ca828824a0488a3a</change> </branch> + <branch> + <name>v1.0.0-maint</name> + <change state="vulnerable">f4324e32927580e3620f0de3a0ec80334936e263</change> + </branch> + <branch> + <name>v1.0.1-maint</name> + <change state="vulnerable">f4324e32927580e3620f0de3a0ec80334936e263</change> + </branch> <branch> <name>v1.0.2-maint</name> <change state="vulnerable">f4324e32927580e3620f0de3a0ec80334936e263</change> diff --git a/notices/2014/0003.xml b/notices/2014/0003.xml index 69e60c9..d99a612 100644 --- a/notices/2014/0003.xml +++ b/notices/2014/0003.xml @@ -82,6 +82,42 @@ be revoked]]> <repository>libvirt.git</repository> <branch> <name>master</name> + <tag state="vulnerable">v0.0.5</tag> + <tag state="vulnerable">v0.1.0</tag> + <tag state="vulnerable">v0.1.1</tag> + <tag state="vulnerable">v0.1.3</tag> + <tag state="vulnerable">v0.1.4</tag> + <tag state="vulnerable">v0.1.6</tag> + <tag state="vulnerable">v0.1.7</tag> + <tag state="vulnerable">v0.1.8</tag> + <tag state="vulnerable">v0.1.9</tag> + <tag state="vulnerable">v0.1.10</tag> + <tag state="vulnerable">v0.1.11</tag> + <tag state="vulnerable">v0.2.0</tag> + <tag state="vulnerable">v0.2.1</tag> + <tag state="vulnerable">v0.2.2</tag> + <tag state="vulnerable">v0.2.3</tag> + <tag state="vulnerable">v0.3.0</tag> + <tag state="vulnerable">v0.3.1</tag> + <tag state="vulnerable">v0.3.2</tag> + <tag state="vulnerable">v0.3.3</tag> + <tag state="vulnerable">v0.4.1</tag> + <tag state="vulnerable">v0.4.2</tag> + <tag state="vulnerable">v0.4.4</tag> + <tag state="vulnerable">v0.4.6</tag> + <tag state="vulnerable">v0.5.0</tag> + <tag state="vulnerable">v0.5.1</tag> + <tag state="vulnerable">v0.6.0</tag> + <tag state="vulnerable">v0.6.1</tag> + <tag state="vulnerable">v0.6.2</tag> + <tag state="vulnerable">v0.6.3</tag> + <tag state="vulnerable">v0.6.4</tag> + <tag state="vulnerable">v0.6.5</tag> + <tag state="vulnerable">v0.7.0</tag> + <tag state="vulnerable">v0.7.1</tag> + <tag state="vulnerable">v0.7.2</tag> + <tag state="vulnerable">v0.7.3</tag> + <tag state="vulnerable">v0.7.4</tag> <tag state="vulnerable">v0.7.5</tag> <tag state="vulnerable">v0.7.6</tag> <tag state="vulnerable">v0.7.7</tag> @@ -108,6 +144,9 @@ be revoked]]> <tag state="vulnerable">v0.9.11</tag> <tag state="vulnerable">v0.9.12</tag> <tag state="vulnerable">v0.9.13</tag> + <tag state="vulnerable">v0.10.0</tag> + <tag state="vulnerable">v0.10.1</tag> + <tag state="vulnerable">v0.10.2</tag> <tag state="vulnerable">v1.0.0</tag> <tag state="vulnerable">v1.0.1</tag> <tag state="vulnerable">v1.0.2</tag> @@ -129,25 +168,30 @@ be revoked]]> <change state="vulnerable">387941fb626d9362835aa216b4a871e18268f649</change> <change state="vulnerable">0b7d2ae653f583825f6d83bfb0744673648a9833</change> <change state="vulnerable">ed3bac713c3cfc055ef551cbfe92a061084382c3</change> - <change state="fixed">d6b27d3e4c40946efa79e91d134616b41b1666c4</change> <tag state="fixed">v1.2.5</tag> + <change state="fixed">d6b27d3e4c40946efa79e91d134616b41b1666c4</change> </branch> <branch> - <name>v0.9.6-maint</name> + <name>v0.8.3-maint</name> <change state="vulnerable">77e8b6c62c48b6346bbdb2df3e0d925852c6bf3e</change> <change state="vulnerable">387941fb626d9362835aa216b4a871e18268f649</change> <change state="vulnerable">0b7d2ae653f583825f6d83bfb0744673648a9833</change> + <change state="vulnerable">ed3bac713c3cfc055ef551cbfe92a061084382c3</change> + </branch> + <branch> + <name>v0.9.6-maint</name> <tag state="vulnerable">v0.9.6.1</tag> <tag state="vulnerable">v0.9.6.2</tag> <tag state="vulnerable">v0.9.6.3</tag> <tag state="vulnerable">v0.9.6.4</tag> + <change state="vulnerable">77e8b6c62c48b6346bbdb2df3e0d925852c6bf3e</change> + <change state="vulnerable">387941fb626d9362835aa216b4a871e18268f649</change> + <change state="vulnerable">0b7d2ae653f583825f6d83bfb0744673648a9833</change> + <change state="vulnerable">ed3bac713c3cfc055ef551cbfe92a061084382c3</change> <change state="fixed">be7a5de9d0c406f36efae3230e1743c613ad6945</change> </branch> <branch> <name>v0.9.11-maint</name> - <change state="vulnerable">77e8b6c62c48b6346bbdb2df3e0d925852c6bf3e</change> - <change state="vulnerable">387941fb626d9362835aa216b4a871e18268f649</change> - <change state="vulnerable">0b7d2ae653f583825f6d83bfb0744673648a9833</change> <tag state="vulnerable">v0.9.11.1</tag> <tag state="vulnerable">v0.9.11.2</tag> <tag state="vulnerable">v0.9.11.3</tag> @@ -158,22 +202,24 @@ be revoked]]> <tag state="vulnerable">v0.9.11.8</tag> <tag state="vulnerable">v0.9.11.9</tag> <tag state="vulnerable">v0.9.11.10</tag> - </branch> - <branch> - <name>v0.9.12-maint</name> <change state="vulnerable">77e8b6c62c48b6346bbdb2df3e0d925852c6bf3e</change> <change state="vulnerable">387941fb626d9362835aa216b4a871e18268f649</change> <change state="vulnerable">0b7d2ae653f583825f6d83bfb0744673648a9833</change> + <change state="vulnerable">ed3bac713c3cfc055ef551cbfe92a061084382c3</change> + </branch> + <branch> + <name>v0.9.12-maint</name> <tag state="vulnerable">v0.9.12.1</tag> <tag state="vulnerable">v0.9.12.2</tag> <tag state="vulnerable">v0.9.12.3</tag> + <change state="vulnerable">77e8b6c62c48b6346bbdb2df3e0d925852c6bf3e</change> + <change state="vulnerable">387941fb626d9362835aa216b4a871e18268f649</change> + <change state="vulnerable">0b7d2ae653f583825f6d83bfb0744673648a9833</change> + <change state="vulnerable">ed3bac713c3cfc055ef551cbfe92a061084382c3</change> <change state="fixed">022b34cee73f86b01724b5279cf626df9cca245f</change> </branch> <branch> <name>v0.10.2-maint</name> - <change state="vulnerable">77e8b6c62c48b6346bbdb2df3e0d925852c6bf3e</change> - <change state="vulnerable">387941fb626d9362835aa216b4a871e18268f649</change> - <change state="vulnerable">0b7d2ae653f583825f6d83bfb0744673648a9833</change> <tag state="vulnerable">v0.10.2.1</tag> <tag state="vulnerable">v0.10.2.2</tag> <tag state="vulnerable">v0.10.2.3</tag> @@ -182,13 +228,32 @@ be revoked]]> <tag state="vulnerable">v0.10.2.6</tag> <tag state="vulnerable">v0.10.2.7</tag> <tag state="vulnerable">v0.10.2.8</tag> + <change state="vulnerable">77e8b6c62c48b6346bbdb2df3e0d925852c6bf3e</change> + <change state="vulnerable">387941fb626d9362835aa216b4a871e18268f649</change> + <change state="vulnerable">0b7d2ae653f583825f6d83bfb0744673648a9833</change> + <change state="vulnerable">ed3bac713c3cfc055ef551cbfe92a061084382c3</change> <change state="fixed">16d55b311ad5c3c2e61494b848b1c6ee36897476</change> </branch> + <branch> + <name>v1.0.0-maint</name> + <change state="vulnerable">77e8b6c62c48b6346bbdb2df3e0d925852c6bf3e</change> + <change state="vulnerable">387941fb626d9362835aa216b4a871e18268f649</change> + <change state="vulnerable">0b7d2ae653f583825f6d83bfb0744673648a9833</change> + <change state="vulnerable">ed3bac713c3cfc055ef551cbfe92a061084382c3</change> + </branch> + <branch> + <name>v1.0.1-maint</name> + <change state="vulnerable">77e8b6c62c48b6346bbdb2df3e0d925852c6bf3e</change> + <change state="vulnerable">387941fb626d9362835aa216b4a871e18268f649</change> + <change state="vulnerable">0b7d2ae653f583825f6d83bfb0744673648a9833</change> + <change state="vulnerable">ed3bac713c3cfc055ef551cbfe92a061084382c3</change> + </branch> <branch> <name>v1.0.2-maint</name> <change state="vulnerable">77e8b6c62c48b6346bbdb2df3e0d925852c6bf3e</change> <change state="vulnerable">387941fb626d9362835aa216b4a871e18268f649</change> <change state="vulnerable">0b7d2ae653f583825f6d83bfb0744673648a9833</change> + <change state="vulnerable">ed3bac713c3cfc055ef551cbfe92a061084382c3</change> <change state="fixed">66de726e2175333bc9e0153f9ffc5f2025b199de</change> </branch> <branch> @@ -196,6 +261,7 @@ be revoked]]> <change state="vulnerable">77e8b6c62c48b6346bbdb2df3e0d925852c6bf3e</change> <change state="vulnerable">387941fb626d9362835aa216b4a871e18268f649</change> <change state="vulnerable">0b7d2ae653f583825f6d83bfb0744673648a9833</change> + <change state="vulnerable">ed3bac713c3cfc055ef551cbfe92a061084382c3</change> <change state="fixed">16fc426a27d88bbdc96c307c7ef0cce25e8ae717</change> </branch> <branch> @@ -203,13 +269,11 @@ be revoked]]> <change state="vulnerable">77e8b6c62c48b6346bbdb2df3e0d925852c6bf3e</change> <change state="vulnerable">387941fb626d9362835aa216b4a871e18268f649</change> <change state="vulnerable">0b7d2ae653f583825f6d83bfb0744673648a9833</change> + <change state="vulnerable">ed3bac713c3cfc055ef551cbfe92a061084382c3</change> <change state="fixed">040df62ae7fcbbead96c2f2191651daf35686986</change> </branch> <branch> <name>v1.0.5-maint</name> - <change state="vulnerable">77e8b6c62c48b6346bbdb2df3e0d925852c6bf3e</change> - <change state="vulnerable">387941fb626d9362835aa216b4a871e18268f649</change> - <change state="vulnerable">0b7d2ae653f583825f6d83bfb0744673648a9833</change> <tag state="vulnerable">v1.0.5.1</tag> <tag state="vulnerable">v1.0.5.2</tag> <tag state="vulnerable">v1.0.5.3</tag> @@ -219,6 +283,10 @@ be revoked]]> <tag state="vulnerable">v1.0.5.7</tag> <tag state="vulnerable">v1.0.5.8</tag> <tag state="vulnerable">v1.0.5.9</tag> + <change state="vulnerable">77e8b6c62c48b6346bbdb2df3e0d925852c6bf3e</change> + <change state="vulnerable">387941fb626d9362835aa216b4a871e18268f649</change> + <change state="vulnerable">0b7d2ae653f583825f6d83bfb0744673648a9833</change> + <change state="vulnerable">ed3bac713c3cfc055ef551cbfe92a061084382c3</change> <change state="fixed">4410a83e18c1b41f1f5d3f10a0b648fc9304bc35</change> </branch> <branch> @@ -226,6 +294,7 @@ be revoked]]> <change state="vulnerable">77e8b6c62c48b6346bbdb2df3e0d925852c6bf3e</change> <change state="vulnerable">387941fb626d9362835aa216b4a871e18268f649</change> <change state="vulnerable">0b7d2ae653f583825f6d83bfb0744673648a9833</change> + <change state="vulnerable">ed3bac713c3cfc055ef551cbfe92a061084382c3</change> <change state="fixed">89538f57f4c2401d7c555299f15de17c539981c2</change> </branch> <branch> @@ -254,17 +323,17 @@ be revoked]]> </branch> <branch> <name>v1.1.3-maint</name> - <change state="vulnerable">77e8b6c62c48b6346bbdb2df3e0d925852c6bf3e</change> - <change state="vulnerable">387941fb626d9362835aa216b4a871e18268f649</change> - <change state="vulnerable">0b7d2ae653f583825f6d83bfb0744673648a9833</change> - <change state="vulnerable">ed3bac713c3cfc055ef551cbfe92a061084382c3</change> <tag state="vulnerable">v1.1.3.1</tag> <tag state="vulnerable">v1.1.3.2</tag> <tag state="vulnerable">v1.1.3.3</tag> <tag state="vulnerable">v1.1.3.4</tag> <tag state="vulnerable">v1.1.3.5</tag> - <change state="fixed">46de45d079ae2622660fe147cf237ee617cc461c</change> + <change state="vulnerable">77e8b6c62c48b6346bbdb2df3e0d925852c6bf3e</change> + <change state="vulnerable">387941fb626d9362835aa216b4a871e18268f649</change> + <change state="vulnerable">0b7d2ae653f583825f6d83bfb0744673648a9833</change> + <change state="vulnerable">ed3bac713c3cfc055ef551cbfe92a061084382c3</change> <tag state="fixed">v1.1.3.6</tag> + <change state="fixed">46de45d079ae2622660fe147cf237ee617cc461c</change> </branch> <branch> <name>v1.1.4-maint</name> diff --git a/notices/2014/0004.xml b/notices/2014/0004.xml index b98173b..0268495 100644 --- a/notices/2014/0004.xml +++ b/notices/2014/0004.xml @@ -61,6 +61,9 @@ although such a crash is no longer a security problem.]]> <tag state="vulnerable">v0.9.11</tag> <tag state="vulnerable">v0.9.12</tag> <tag state="vulnerable">v0.9.13</tag> + <tag state="vulnerable">v0.10.0</tag> + <tag state="vulnerable">v0.10.1</tag> + <tag state="vulnerable">v0.10.2</tag> <tag state="vulnerable">v1.0.0</tag> <tag state="vulnerable">v1.0.1</tag> <tag state="vulnerable">v1.0.2</tag> @@ -83,12 +86,11 @@ although such a crash is no longer a security problem.]]> <tag state="vulnerable">v1.2.7</tag> <tag state="vulnerable">v1.2.8</tag> <change state="vulnerable">eca96694a7f992be633d48d5ca03cedc9bbc3c9a</change> - <change state="fixed">3e745e8f775dfe6f64f18b5c2fe4791b35d3546b</change> <tag state="fixed">v1.2.9</tag> + <change state="fixed">3e745e8f775dfe6f64f18b5c2fe4791b35d3546b</change> </branch> <branch> <name>v0.9.11-maint</name> - <change state="vulnerable">eca96694a7f992be633d48d5ca03cedc9bbc3c9a</change> <tag state="vulnerable">v0.9.11.1</tag> <tag state="vulnerable">v0.9.11.2</tag> <tag state="vulnerable">v0.9.11.3</tag> @@ -99,18 +101,18 @@ although such a crash is no longer a security problem.]]> <tag state="vulnerable">v0.9.11.8</tag> <tag state="vulnerable">v0.9.11.9</tag> <tag state="vulnerable">v0.9.11.10</tag> + <change state="vulnerable">eca96694a7f992be633d48d5ca03cedc9bbc3c9a</change> </branch> <branch> <name>v0.9.12-maint</name> - <change state="vulnerable">eca96694a7f992be633d48d5ca03cedc9bbc3c9a</change> <tag state="vulnerable">v0.9.12.1</tag> <tag state="vulnerable">v0.9.12.2</tag> <tag state="vulnerable">v0.9.12.3</tag> + <change state="vulnerable">eca96694a7f992be633d48d5ca03cedc9bbc3c9a</change> <change state="fixed">750280023cc0896b05f86e292857ceef5eee3a72</change> </branch> <branch> <name>v0.10.2-maint</name> - <change state="vulnerable">eca96694a7f992be633d48d5ca03cedc9bbc3c9a</change> <tag state="vulnerable">v0.10.2.1</tag> <tag state="vulnerable">v0.10.2.2</tag> <tag state="vulnerable">v0.10.2.3</tag> @@ -119,8 +121,17 @@ although such a crash is no longer a security problem.]]> <tag state="vulnerable">v0.10.2.6</tag> <tag state="vulnerable">v0.10.2.7</tag> <tag state="vulnerable">v0.10.2.8</tag> + <change state="vulnerable">eca96694a7f992be633d48d5ca03cedc9bbc3c9a</change> <change state="fixed">0fa54204f264e3d39387f5762f810d31cce770b2</change> </branch> + <branch> + <name>v1.0.0-maint</name> + <change state="vulnerable">eca96694a7f992be633d48d5ca03cedc9bbc3c9a</change> + </branch> + <branch> + <name>v1.0.1-maint</name> + <change state="vulnerable">eca96694a7f992be633d48d5ca03cedc9bbc3c9a</change> + </branch> <branch> <name>v1.0.2-maint</name> <change state="vulnerable">eca96694a7f992be633d48d5ca03cedc9bbc3c9a</change> @@ -138,7 +149,6 @@ although such a crash is no longer a security problem.]]> </branch> <branch> <name>v1.0.5-maint</name> - <change state="vulnerable">eca96694a7f992be633d48d5ca03cedc9bbc3c9a</change> <tag state="vulnerable">v1.0.5.1</tag> <tag state="vulnerable">v1.0.5.2</tag> <tag state="vulnerable">v1.0.5.3</tag> @@ -148,6 +158,7 @@ although such a crash is no longer a security problem.]]> <tag state="vulnerable">v1.0.5.7</tag> <tag state="vulnerable">v1.0.5.8</tag> <tag state="vulnerable">v1.0.5.9</tag> + <change state="vulnerable">eca96694a7f992be633d48d5ca03cedc9bbc3c9a</change> <change state="fixed">cc05c6d5d2f7a577a1a365fbc5451fb6b5f57445</change> </branch> <branch> @@ -172,15 +183,15 @@ although such a crash is no longer a security problem.]]> </branch> <branch> <name>v1.1.3-maint</name> - <change state="vulnerable">eca96694a7f992be633d48d5ca03cedc9bbc3c9a</change> <tag state="vulnerable">v1.1.3.1</tag> <tag state="vulnerable">v1.1.3.2</tag> <tag state="vulnerable">v1.1.3.3</tag> <tag state="vulnerable">v1.1.3.4</tag> <tag state="vulnerable">v1.1.3.5</tag> <tag state="vulnerable">v1.1.3.6</tag> - <change state="fixed">eefe2e013820a76dfe5132431db72aade911eeab</change> + <change state="vulnerable">eca96694a7f992be633d48d5ca03cedc9bbc3c9a</change> <tag state="fixed">v1.1.3.7</tag> + <change state="fixed">eefe2e013820a76dfe5132431db72aade911eeab</change> </branch> <branch> <name>v1.1.4-maint</name> diff --git a/notices/2014/0005.xml b/notices/2014/0005.xml index 59d7d85..5f56c53 100644 --- a/notices/2014/0005.xml +++ b/notices/2014/0005.xml @@ -56,6 +56,9 @@ problem.]]> <branch> <name>master</name> <tag state="vulnerable">v0.9.13</tag> + <tag state="vulnerable">v0.10.0</tag> + <tag state="vulnerable">v0.10.1</tag> + <tag state="vulnerable">v0.10.2</tag> <tag state="vulnerable">v1.0.0</tag> <tag state="vulnerable">v1.0.1</tag> <tag state="vulnerable">v1.0.2</tag> @@ -78,12 +81,11 @@ problem.]]> <tag state="vulnerable">v1.2.7</tag> <tag state="vulnerable">v1.2.8</tag> <change state="vulnerable">2c6808044408fba9ff9547ad88bb8a0f44ee21a0</change> - <change state="fixed">fc22b2e74890873848b43fffae43025d22053669</change> <tag state="fixed">v1.2.9</tag> + <change state="fixed">fc22b2e74890873848b43fffae43025d22053669</change> </branch> <branch> <name>v0.10.2-maint</name> - <change state="vulnerable">2c6808044408fba9ff9547ad88bb8a0f44ee21a0</change> <tag state="vulnerable">v0.10.2.1</tag> <tag state="vulnerable">v0.10.2.2</tag> <tag state="vulnerable">v0.10.2.3</tag> @@ -92,8 +94,17 @@ problem.]]> <tag state="vulnerable">v0.10.2.6</tag> <tag state="vulnerable">v0.10.2.7</tag> <tag state="vulnerable">v0.10.2.8</tag> + <change state="vulnerable">2c6808044408fba9ff9547ad88bb8a0f44ee21a0</change> <change state="fixed">a397e887ed40898cc177e118dffdea8e1f4c6184</change> </branch> + <branch> + <name>v1.0.0-maint</name> + <change state="vulnerable">2c6808044408fba9ff9547ad88bb8a0f44ee21a0</change> + </branch> + <branch> + <name>v1.0.1-maint</name> + <change state="vulnerable">2c6808044408fba9ff9547ad88bb8a0f44ee21a0</change> + </branch> <branch> <name>v1.0.2-maint</name> <change state="vulnerable">2c6808044408fba9ff9547ad88bb8a0f44ee21a0</change> @@ -111,7 +122,6 @@ problem.]]> </branch> <branch> <name>v1.0.5-maint</name> - <change state="vulnerable">2c6808044408fba9ff9547ad88bb8a0f44ee21a0</change> <tag state="vulnerable">v1.0.5.1</tag> <tag state="vulnerable">v1.0.5.2</tag> <tag state="vulnerable">v1.0.5.3</tag> @@ -121,6 +131,7 @@ problem.]]> <tag state="vulnerable">v1.0.5.7</tag> <tag state="vulnerable">v1.0.5.8</tag> <tag state="vulnerable">v1.0.5.9</tag> + <change state="vulnerable">2c6808044408fba9ff9547ad88bb8a0f44ee21a0</change> <change state="fixed">f18b86e35f25eacbe1c68cd32caea0310e9d220c</change> </branch> <branch> @@ -145,15 +156,15 @@ problem.]]> </branch> <branch> <name>v1.1.3-maint</name> - <change state="vulnerable">2c6808044408fba9ff9547ad88bb8a0f44ee21a0</change> <tag state="vulnerable">v1.1.3.1</tag> <tag state="vulnerable">v1.1.3.2</tag> <tag state="vulnerable">v1.1.3.3</tag> <tag state="vulnerable">v1.1.3.4</tag> <tag state="vulnerable">v1.1.3.5</tag> <tag state="vulnerable">v1.1.3.6</tag> - <change state="fixed">0b13d34e89405b6017a935d3c19d6a80ce7f3c6b</change> + <change state="vulnerable">2c6808044408fba9ff9547ad88bb8a0f44ee21a0</change> <tag state="fixed">v1.1.3.7</tag> + <change state="fixed">0b13d34e89405b6017a935d3c19d6a80ce7f3c6b</change> </branch> <branch> <name>v1.1.4-maint</name> diff --git a/notices/2014/0006.xml b/notices/2014/0006.xml index 5390fa6..78a1438 100644 --- a/notices/2014/0006.xml +++ b/notices/2014/0006.xml @@ -115,9 +115,19 @@ virDomainBlockCopy API is immune to the problem.]]> <tag state="vulnerable">v1.2.5</tag> <change state="vulnerable">35c7701c64508f975dfeb8379c56b4b6d0d9b71c</change> <change state="vulnerable">ff5f30b6bfa317f2a4c33f69289baf4e887eb048</change> + <tag state="fixed">v1.2.6</tag> <change state="fixed">02b364e186d487f54ed410c01af042f23e812d42</change> <change state="fixed">42619ed05d7924978f3e6e2399522fc6f30607de</change> - <tag state="fixed">v1.2.6</tag> + </branch> + <branch> + <name>v1.0.0-maint</name> + <change state="vulnerable">35c7701c64508f975dfeb8379c56b4b6d0d9b71c</change> + <change state="vulnerable">ff5f30b6bfa317f2a4c33f69289baf4e887eb048</change> + </branch> + <branch> + <name>v1.0.1-maint</name> + <change state="vulnerable">35c7701c64508f975dfeb8379c56b4b6d0d9b71c</change> + <change state="vulnerable">ff5f30b6bfa317f2a4c33f69289baf4e887eb048</change> </branch> <branch> <name>v1.0.2-maint</name> @@ -142,8 +152,6 @@ virDomainBlockCopy API is immune to the problem.]]> </branch> <branch> <name>v1.0.5-maint</name> - <change state="vulnerable">35c7701c64508f975dfeb8379c56b4b6d0d9b71c</change> - <change state="vulnerable">0135324b9fc0f4b803fcd1464c83ce458ca1b1e0</change> <tag state="vulnerable">v1.0.5.1</tag> <tag state="vulnerable">v1.0.5.2</tag> <tag state="vulnerable">v1.0.5.3</tag> @@ -153,6 +161,8 @@ virDomainBlockCopy API is immune to the problem.]]> <tag state="vulnerable">v1.0.5.7</tag> <tag state="vulnerable">v1.0.5.8</tag> <tag state="vulnerable">v1.0.5.9</tag> + <change state="vulnerable">35c7701c64508f975dfeb8379c56b4b6d0d9b71c</change> + <change state="vulnerable">0135324b9fc0f4b803fcd1464c83ce458ca1b1e0</change> <change state="fixed">39b5123dc0f08955b68d91a14bdc577ffd1a9558</change> <change state="fixed">17df6a9b3997117b43f6caa56b43c54d1841d93c</change> </branch> @@ -186,16 +196,16 @@ virDomainBlockCopy API is immune to the problem.]]> </branch> <branch> <name>v1.1.3-maint</name> - <change state="vulnerable">35c7701c64508f975dfeb8379c56b4b6d0d9b71c</change> - <change state="vulnerable">0c4822c17b6cdcce812fb9201f19d30232b3812d</change> <tag state="vulnerable">v1.1.3.1</tag> <tag state="vulnerable">v1.1.3.2</tag> <tag state="vulnerable">v1.1.3.3</tag> <tag state="vulnerable">v1.1.3.4</tag> <tag state="vulnerable">v1.1.3.5</tag> + <change state="vulnerable">35c7701c64508f975dfeb8379c56b4b6d0d9b71c</change> + <change state="vulnerable">0c4822c17b6cdcce812fb9201f19d30232b3812d</change> + <tag state="fixed">v1.1.3.6</tag> <change state="fixed">ea1d4666d885ec68480f22a65d1a275a293484cd</change> <change state="fixed">e7ee7542bb9d66539a0ec8d4a1e72efdfb8ccebe</change> - <tag state="fixed">v1.1.3.6</tag> </branch> <branch> <name>v1.1.4-maint</name> diff --git a/notices/2014/0007.xml b/notices/2014/0007.xml index 4621913..8e7c75c 100644 --- a/notices/2014/0007.xml +++ b/notices/2014/0007.xml @@ -84,8 +84,16 @@ ACL privilege without also having the 'read_secure' privilege.]]> <tag state="vulnerable">v1.2.9</tag> <tag state="vulnerable">v1.2.10</tag> <change state="vulnerable">28f8dfdcccd4c0f69063ef741545b37d8a7f7935</change> - <change state="fixed">b1674ad5a97441b7e1bd5f5ebaff498ef2fbb11b</change> <tag state="fixed">v1.2.11</tag> + <change state="fixed">b1674ad5a97441b7e1bd5f5ebaff498ef2fbb11b</change> + </branch> + <branch> + <name>v1.0.0-maint</name> + <change state="vulnerable">28f8dfdcccd4c0f69063ef741545b37d8a7f7935</change> + </branch> + <branch> + <name>v1.0.1-maint</name> + <change state="vulnerable">28f8dfdcccd4c0f69063ef741545b37d8a7f7935</change> </branch> <branch> <name>v1.0.2-maint</name> @@ -104,7 +112,6 @@ ACL privilege without also having the 'read_secure' privilege.]]> </branch> <branch> <name>v1.0.5-maint</name> - <change state="vulnerable">28f8dfdcccd4c0f69063ef741545b37d8a7f7935</change> <tag state="vulnerable">v1.0.5.1</tag> <tag state="vulnerable">v1.0.5.2</tag> <tag state="vulnerable">v1.0.5.3</tag> @@ -114,6 +121,7 @@ ACL privilege without also having the 'read_secure' privilege.]]> <tag state="vulnerable">v1.0.5.7</tag> <tag state="vulnerable">v1.0.5.8</tag> <tag state="vulnerable">v1.0.5.9</tag> + <change state="vulnerable">28f8dfdcccd4c0f69063ef741545b37d8a7f7935</change> <change state="fixed">107f1ff20edc805433cade910a00328158b1c231</change> </branch> <branch> @@ -138,15 +146,15 @@ ACL privilege without also having the 'read_secure' privilege.]]> </branch> <branch> <name>v1.1.3-maint</name> - <change state="vulnerable">28f8dfdcccd4c0f69063ef741545b37d8a7f7935</change> <tag state="vulnerable">v1.1.3.1</tag> <tag state="vulnerable">v1.1.3.2</tag> <tag state="vulnerable">v1.1.3.3</tag> <tag state="vulnerable">v1.1.3.4</tag> <tag state="vulnerable">v1.1.3.5</tag> <tag state="vulnerable">v1.1.3.6</tag> - <change state="fixed">bdbcf66ae72f82d45faa889a1208444f83f5756b</change> + <change state="vulnerable">28f8dfdcccd4c0f69063ef741545b37d8a7f7935</change> <tag state="fixed">v1.1.3.7</tag> + <change state="fixed">bdbcf66ae72f82d45faa889a1208444f83f5756b</change> </branch> <branch> <name>v1.1.4-maint</name> @@ -201,8 +209,8 @@ ACL privilege without also having the 'read_secure' privilege.]]> <branch> <name>v1.2.9-maint</name> <change state="vulnerable">28f8dfdcccd4c0f69063ef741545b37d8a7f7935</change> - <change state="fixed">744ddb15e0feaf2d6603a88dc8ffc3a7eb0a452d</change> <tag state="fixed">v1.2.9.1</tag> + <change state="fixed">744ddb15e0feaf2d6603a88dc8ffc3a7eb0a452d</change> </branch> <branch> <name>v1.2.10-maint</name> diff --git a/notices/2014/0008.xml b/notices/2014/0008.xml index 8ec3c3d..8fd0d9e 100644 --- a/notices/2014/0008.xml +++ b/notices/2014/0008.xml @@ -58,20 +58,22 @@ an authorized client can see.]]> <tag state="vulnerable">v1.2.10</tag> <change state="vulnerable">d1bde8eda3b4027b38c7c1d5942a6388b0458803</change> <change state="vulnerable">1f4831ee6ecc17d0f2008d7db15bfd9bc3b1d685</change> + <tag state="fixed">v1.2.11</tag> <change state="fixed">57023c0a3af4af1c547189c1f6712ed5edeb0c0b</change> <change state="fixed">cb104ef734dfea12cb8826dba7e2c98912c4b7e1</change> - <tag state="fixed">v1.2.11</tag> </branch> <branch> <name>v1.2.8-maint</name> <change state="vulnerable">d1bde8eda3b4027b38c7c1d5942a6388b0458803</change> + <change state="vulnerable">1f4831ee6ecc17d0f2008d7db15bfd9bc3b1d685</change> <change state="fixed">27431ec96e617f186bd3f5900aeb7d622770533a</change> </branch> <branch> <name>v1.2.9-maint</name> + <tag state="vulnerable">v1.2.9.1</tag> <change state="vulnerable">d1bde8eda3b4027b38c7c1d5942a6388b0458803</change> <change state="vulnerable">1f4831ee6ecc17d0f2008d7db15bfd9bc3b1d685</change> - <tag state="vulnerable">v1.2.9.1</tag> + <tag state="fixed">v1.2.9.2</tag> <change state="fixed">5d8bee6d57cddf462912ad2fc544c8a57b1c2841</change> <change state="fixed">dfbdea7ea8fa36d9f27942c5b2882acfd86a3c3b</change> </branch> diff --git a/notices/2014/0009.xml b/notices/2014/0009.xml index 6a9be93..e9c9c66 100644 --- a/notices/2014/0009.xml +++ b/notices/2014/0009.xml @@ -54,8 +54,8 @@ crash is no longer a security attack.]]> <tag state="vulnerable">v1.2.9</tag> <tag state="vulnerable">v1.2.10</tag> <change state="vulnerable">4a85bf3e2fa703fdc14e8c49d5017ef04832a1d7</change> - <change state="fixed">87b9437f8951f9d24f9a85c6bbfff0e54df8c984</change> <tag state="fixed">v1.2.11</tag> + <change state="fixed">87b9437f8951f9d24f9a85c6bbfff0e54df8c984</change> </branch> <branch> <name>v1.2.8-maint</name> @@ -64,8 +64,9 @@ crash is no longer a security attack.]]> </branch> <branch> <name>v1.2.9-maint</name> - <change state="vulnerable">4a85bf3e2fa703fdc14e8c49d5017ef04832a1d7</change> <tag state="vulnerable">v1.2.9.1</tag> + <change state="vulnerable">4a85bf3e2fa703fdc14e8c49d5017ef04832a1d7</change> + <tag state="fixed">v1.2.9.2</tag> <change state="fixed">584e876ba2057b472074dbf177d2397392d70363</change> </branch> <branch> diff --git a/notices/2014/0010.xml b/notices/2014/0010.xml index f22a0a0..653c61c 100644 --- a/notices/2014/0010.xml +++ b/notices/2014/0010.xml @@ -77,8 +77,8 @@ fine-grained access control mechanism.]]> <tag state="vulnerable">v1.2.9</tag> <tag state="vulnerable">v1.2.10</tag> <change state="vulnerable">abf75aea247ef6e432e5a51bcdb21972e50a4cd1</change> - <change state="fixed">2bdcd29c713dfedd813c89f56ae98f6f3898313d</change> <tag state="fixed">v1.2.11</tag> + <change state="fixed">2bdcd29c713dfedd813c89f56ae98f6f3898313d</change> </branch> <branch> <name>v1.1.0-maint</name> @@ -97,7 +97,6 @@ fine-grained access control mechanism.]]> </branch> <branch> <name>v1.1.3-maint</name> - <change state="vulnerable">abf75aea247ef6e432e5a51bcdb21972e50a4cd1</change> <tag state="vulnerable">v1.1.3.1</tag> <tag state="vulnerable">v1.1.3.2</tag> <tag state="vulnerable">v1.1.3.3</tag> @@ -106,6 +105,8 @@ fine-grained access control mechanism.]]> <tag state="vulnerable">v1.1.3.6</tag> <tag state="vulnerable">v1.1.3.7</tag> <tag state="vulnerable">v1.1.3.8</tag> + <change state="vulnerable">abf75aea247ef6e432e5a51bcdb21972e50a4cd1</change> + <tag state="fixed">v1.1.3.9</tag> <change state="fixed">63934cae465f757c774db1fa4e86d3c8bda4591b</change> </branch> <branch> @@ -160,8 +161,9 @@ fine-grained access control mechanism.]]> </branch> <branch> <name>v1.2.9-maint</name> - <change state="vulnerable">abf75aea247ef6e432e5a51bcdb21972e50a4cd1</change> <tag state="vulnerable">v1.2.9.1</tag> + <change state="vulnerable">abf75aea247ef6e432e5a51bcdb21972e50a4cd1</change> + <tag state="fixed">v1.2.9.2</tag> <change state="fixed">12496319a24dd923c5f321c84112fd0e73979413</change> </branch> <branch> diff --git a/notices/2015/0001.xml b/notices/2015/0001.xml index 1d0fc84..beff54f 100644 --- a/notices/2015/0001.xml +++ b/notices/2015/0001.xml @@ -82,9 +82,9 @@ privileged user making use of that feature.]]> <tag state="vulnerable">v1.2.10</tag> <tag state="vulnerable">v1.2.11</tag> <change state="vulnerable">e341435e5090677c67a0d3d4ca0393102054841f</change> - <change state="fixed">03c3c0c874c84dfa51ef17556062b095c6e1c0a3</change> - <change state="fixed">b1674ad5a97441b7e1bd5f5ebaff498ef2fbb11b</change> <tag state="fixed">v1.2.12</tag> + <change state="fixed">03c3c0c874c84dfa51ef17556062b095c6e1c0a3</change> + <change state="fixed">b347c0c2a321ec5c20aae214927949832a288c5a</change> </branch> <branch> <name>v1.1.0-maint</name> @@ -106,7 +106,6 @@ privileged user making use of that feature.]]> </branch> <branch> <name>v1.1.3-maint</name> - <change state="vulnerable">e341435e5090677c67a0d3d4ca0393102054841f</change> <tag state="vulnerable">v1.1.3.1</tag> <tag state="vulnerable">v1.1.3.2</tag> <tag state="vulnerable">v1.1.3.3</tag> @@ -115,6 +114,8 @@ privileged user making use of that feature.]]> <tag state="vulnerable">v1.1.3.6</tag> <tag state="vulnerable">v1.1.3.7</tag> <tag state="vulnerable">v1.1.3.8</tag> + <change state="vulnerable">e341435e5090677c67a0d3d4ca0393102054841f</change> + <tag state="fixed">v1.1.3.9</tag> <change state="fixed">ca840e9c827fefadae2e00875b4a552b990b959f</change> <change state="fixed">76d6cc3f24ab545694e77e2eafa981d861b965a4</change> </branch> @@ -180,8 +181,9 @@ privileged user making use of that feature.]]> </branch> <branch> <name>v1.2.9-maint</name> - <change state="vulnerable">e341435e5090677c67a0d3d4ca0393102054841f</change> <tag state="vulnerable">v1.2.9.1</tag> + <change state="vulnerable">e341435e5090677c67a0d3d4ca0393102054841f</change> + <tag state="fixed">v1.2.9.2</tag> <change state="fixed">19f8fec02d9b0a8de877d872c5b59597bd878a8d</change> <change state="fixed">295f3c88ce71b8e83a489cb0d48431e124c12081</change> </branch> diff --git a/notices/2015/0002.xml b/notices/2015/0002.xml index 19e72c8..aba493c 100644 --- a/notices/2015/0002.xml +++ b/notices/2015/0002.xml @@ -74,8 +74,8 @@ out-of-memory condition would cause adverse behavior.]]> <tag state="vulnerable">v1.2.12</tag> <tag state="vulnerable">v1.2.13</tag> <change state="vulnerable">4f25146bf4335cb2b1b31c07dab39e26458bdf61</change> - <change state="fixed">3c2ff5029b83c9b33be0f1607a3c61f4f5850612</change> <tag state="fixed">v1.2.14</tag> + <change state="fixed">3c2ff5029b83c9b33be0f1607a3c61f4f5850612</change> </branch> <branch> <name>v1.2.8-maint</name> @@ -84,9 +84,10 @@ out-of-memory condition would cause adverse behavior.]]> </branch> <branch> <name>v1.2.9-maint</name> - <change state="vulnerable">4f25146bf4335cb2b1b31c07dab39e26458bdf61</change> <tag state="vulnerable">v1.2.9.1</tag> <tag state="vulnerable">v1.2.9.2</tag> + <change state="vulnerable">4f25146bf4335cb2b1b31c07dab39e26458bdf61</change> + <tag state="fixed">v1.2.9.3</tag> <change state="fixed">b9dacdd4d992ba1e5aab2e0189cf64b36a1a7e13</change> </branch> <branch> @@ -107,6 +108,7 @@ out-of-memory condition would cause adverse behavior.]]> <branch> <name>v1.2.13-maint</name> <change state="vulnerable">4f25146bf4335cb2b1b31c07dab39e26458bdf61</change> + <tag state="fixed">v1.2.13.1</tag> <change state="fixed">117f60ca53eb36aa7751573ac274850bd96a4799</change> </branch> </product> diff --git a/notices/2015/0003.xml b/notices/2015/0003.xml index d8aa3e1..e0a6e4d 100644 --- a/notices/2015/0003.xml +++ b/notices/2015/0003.xml @@ -76,6 +76,7 @@ user creating a volume and a user with full system access).]]> <tag state="vulnerable">v1.2.19</tag> <change state="vulnerable">155ca616eb231181f6978efc9e3a1eb0eb60af8a</change> <change state="vulnerable">7c2d65dde2595c07d56aad1e043f7b1836592d89</change> + <tag state="fixed">v1.2.20</tag> <change state="fixed">db9277a39bc364806e8d3e08a08fc128d59b7094</change> <change state="fixed">691dd388aee99f8b06177540303b690586d5f5b3</change> <change state="fixed">35847860f65f92e444db9730e00cdaef45198e0c</change> @@ -83,12 +84,16 @@ user creating a volume and a user with full system access).]]> <branch> <name>v1.2.14-maint</name> <change state="vulnerable">155ca616eb231181f6978efc9e3a1eb0eb60af8a</change> + <change state="vulnerable">7c2d65dde2595c07d56aad1e043f7b1836592d89</change> <change state="fixed">605b12068392d29beb44a8ab7d6ec176d6b05237</change> <change state="fixed">454cb7c40dbcff84192094963d71369ac7d94546</change> </branch> <branch> <name>v1.2.15-maint</name> <change state="vulnerable">155ca616eb231181f6978efc9e3a1eb0eb60af8a</change> + <change state="vulnerable">7c2d65dde2595c07d56aad1e043f7b1836592d89</change> + <change state="fixed">3c41b3ea5e68f391b8ff901082608bda5f7f3fbc</change> + <change state="fixed">fe2cf73800e3be87d1d4d811facb3f2be48126e5</change> <change state="fixed">3c41b3ea5e68f391b8ff901082608bda5f7f3fbc</change> <change state="fixed">fe2cf73800e3be87d1d4d811facb3f2be48126e5</change> </branch> @@ -96,32 +101,33 @@ user creating a volume and a user with full system access).]]> <name>v1.2.16-maint</name> <change state="vulnerable">155ca616eb231181f6978efc9e3a1eb0eb60af8a</change> <change state="vulnerable">7c2d65dde2595c07d56aad1e043f7b1836592d89</change> - <change state="fixed">9e48400f4606bac16b7e4db195f610928c3d5a04</change> <change state="fixed">2f4b41861c1729ff4b754986782d7428ccdca455</change> + <change state="fixed">9e48400f4606bac16b7e4db195f610928c3d5a04</change> <change state="fixed">7f0505705c70f7eb1e435a2e7732d1a74abfadfd</change> </branch> <branch> <name>v1.2.17-maint</name> <change state="vulnerable">155ca616eb231181f6978efc9e3a1eb0eb60af8a</change> <change state="vulnerable">7c2d65dde2595c07d56aad1e043f7b1836592d89</change> - <change state="fixed">d055989083df4bf68eb1388d327ebffb3501bb83</change> <change state="fixed">98242f94cd181f0257535479369054f07f951b21</change> + <change state="fixed">d055989083df4bf68eb1388d327ebffb3501bb83</change> <change state="fixed">a3ee6885d95a2ce6fb7e58bb0737cfb1612e0fb7</change> </branch> <branch> <name>v1.2.18-maint</name> <change state="vulnerable">155ca616eb231181f6978efc9e3a1eb0eb60af8a</change> <change state="vulnerable">7c2d65dde2595c07d56aad1e043f7b1836592d89</change> - <change state="fixed">e63b32e22dafd99547f82f5383fdbf58b5f651a1</change> + <tag state="fixed">v1.2.18.1</tag> <change state="fixed">075eb526c9817d9d8e3a759e3fbe180d8d326dcf</change> + <change state="fixed">e63b32e22dafd99547f82f5383fdbf58b5f651a1</change> <change state="fixed">966cc922221be2b8cc6a9842ed0dc4cf1568a7b3</change> </branch> <branch> <name>v1.2.19-maint</name> <change state="vulnerable">155ca616eb231181f6978efc9e3a1eb0eb60af8a</change> <change state="vulnerable">7c2d65dde2595c07d56aad1e043f7b1836592d89</change> - <change state="fixed">e0025d2967bbe3f283937216c9e2c12b6e9d1010</change> <change state="fixed">8b1d84e640f1a6e6ebb47caf23a664e2f651b32d</change> + <change state="fixed">e0025d2967bbe3f283937216c9e2c12b6e9d1010</change> <change state="fixed">3468542f06f6f5dc94defa1603c6a6adea3e2da8</change> </branch> </product> diff --git a/notices/2015/0004.xml b/notices/2015/0004.xml index 4838f39..8d65e67 100644 --- a/notices/2015/0004.xml +++ b/notices/2015/0004.xml @@ -97,9 +97,10 @@ access to libvirtd.]]> <tag state="vulnerable">v1.2.18</tag> <tag state="vulnerable">v1.2.19</tag> <tag state="vulnerable">v1.2.20</tag> - <tag state="vulnerable">v1.2.20</tag> + <tag state="vulnerable">v1.2.21</tag> <tag state="vulnerable">v1.3.0</tag> <change state="vulnerable">c930410bebae0a45889b992a7932c663b06cbbcd</change> + <tag state="fixed">v1.3.1</tag> <change state="fixed">034e47c338b13a95cf02106a3af912c1c5f818d7</change> </branch> <branch> @@ -119,7 +120,6 @@ access to libvirtd.]]> </branch> <branch> <name>v1.1.3-maint</name> - <change state="vulnerable">c930410bebae0a45889b992a7932c663b06cbbcd</change> <tag state="vulnerable">v1.1.3.1</tag> <tag state="vulnerable">v1.1.3.2</tag> <tag state="vulnerable">v1.1.3.3</tag> @@ -129,6 +129,7 @@ access to libvirtd.]]> <tag state="vulnerable">v1.1.3.7</tag> <tag state="vulnerable">v1.1.3.8</tag> <tag state="vulnerable">v1.1.3.9</tag> + <change state="vulnerable">c930410bebae0a45889b992a7932c663b06cbbcd</change> <change state="fixed">dcce665904b8ebc9ac3e5109db179a567b33e1a2</change> </branch> <branch> @@ -183,10 +184,10 @@ access to libvirtd.]]> </branch> <branch> <name>v1.2.9-maint</name> - <change state="vulnerable">c930410bebae0a45889b992a7932c663b06cbbcd</change> <tag state="vulnerable">v1.2.9.1</tag> <tag state="vulnerable">v1.2.9.2</tag> <tag state="vulnerable">v1.2.9.3</tag> + <change state="vulnerable">c930410bebae0a45889b992a7932c663b06cbbcd</change> <change state="fixed">b0f88836e5eb5b7156bda99c005cf4aa0456ed0d</change> </branch> <branch> @@ -206,8 +207,9 @@ access to libvirtd.]]> </branch> <branch> <name>v1.2.13-maint</name> - <change state="vulnerable">c930410bebae0a45889b992a7932c663b06cbbcd</change> <tag state="vulnerable">v1.2.13.1</tag> + <change state="vulnerable">c930410bebae0a45889b992a7932c663b06cbbcd</change> + <tag state="fixed">v1.2.13.2</tag> <change state="fixed">b553ec764f7ecdf8962efbf849a0e8524bae610c</change> </branch> <branch> @@ -232,8 +234,9 @@ access to libvirtd.]]> </branch> <branch> <name>v1.2.18-maint</name> - <change state="vulnerable">c930410bebae0a45889b992a7932c663b06cbbcd</change> <tag state="vulnerable">v1.2.18.1</tag> + <change state="vulnerable">c930410bebae0a45889b992a7932c663b06cbbcd</change> + <tag state="fixed">v1.2.18.2</tag> <change state="fixed">d035796675ca42795953828d11f902f691fa6b29</change> </branch> <branch> diff --git a/notices/2016/0001.xml b/notices/2016/0001.xml index ba28f18..e61eff9 100644 --- a/notices/2016/0001.xml +++ b/notices/2016/0001.xml @@ -119,8 +119,8 @@ <tag state="vulnerable">v1.3.4</tag> <tag state="vulnerable">v1.3.5</tag> <change state="vulnerable">9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f</change> - <change state="fixed">bb848feec0f3f10e92dd8e5231ae7aa89b5598f3</change> <tag state="fixed">v2.0.0</tag> + <change state="fixed">bb848feec0f3f10e92dd8e5231ae7aa89b5598f3</change> </branch> <branch> <name>v0.9.6-maint</name> @@ -363,13 +363,11 @@ </branch> <branch> <name>v1.3.0-maint</name> - <tag state="vulnerable">v1.3.3.1</tag> <change state="vulnerable">9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f</change> <change state="fixed">d49b1dfcb59af791f78cd699134cfe80bd6f13ab</change> </branch> <branch> <name>v1.3.1-maint</name> - <tag state="vulnerable">v1.3.3.1</tag> <change state="vulnerable">9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f</change> <change state="fixed">2d5370eba6b52f44cf832eba28f162c55331a47c</change> </branch> diff --git a/notices/2016/0002.xml b/notices/2016/0002.xml index 2c73324..c201fc3 100644 --- a/notices/2016/0002.xml +++ b/notices/2016/0002.xml @@ -65,6 +65,7 @@ libvirtd socket]]> <tag state="vulnerable">v1.2.21</tag> <tag state="vulnerable">v1.3.0</tag> <change state="vulnerable">0abb36938027f3991f3ce5151b31cca9737a1287</change> + <tag state="fixed">v1.3.1</tag> <change state="fixed">506e9d6c2d4baaf580d489fff0690c0ff2ff588f</change> </branch> <branch> diff --git a/notices/2017/0001.xml b/notices/2017/0001.xml index f3bda3f..0c74ca0 100644 --- a/notices/2017/0001.xml +++ b/notices/2017/0001.xml @@ -44,10 +44,10 @@ <repository>libvirt.git</repository> <branch> <name>master</name> - <change state="vulnerable">c5f6151390ff0a8e65014172bb8c0a8d312c3353</change> - <change state="fixed">c3de387380f6057ee0e46cd9f2f0a092e8070875</change> <tag state="vulnerable">v3.0.0</tag> + <change state="vulnerable">c5f6151390ff0a8e65014172bb8c0a8d312c3353</change> <tag state="fixed">v3.1.0</tag> + <change state="fixed">c3de387380f6057ee0e46cd9f2f0a092e8070875</change> </branch> <branch> <name>v3.0-maint</name> diff --git a/notices/2017/0002.xml b/notices/2017/0002.xml index 0672344..54832e8 100644 --- a/notices/2017/0002.xml +++ b/notices/2017/0002.xml @@ -57,8 +57,6 @@ certificates in QEMU servers. ]]> <repository>libvirt.git</repository> <branch> <name>master</name> - <change state="vulnerable">ce61c16450d4992612d1fc6f39a39e79bfccead5</change> - <change state="fixed">441d3eb6d1be940a67ce45a286602a967601b157</change> <tag state="vulnerable">v2.3.0</tag> <tag state="vulnerable">v2.4.0</tag> <tag state="vulnerable">v2.5.0</tag> @@ -71,7 +69,9 @@ certificates in QEMU servers. ]]> <tag state="vulnerable">v3.6.0</tag> <tag state="vulnerable">v3.7.0</tag> <tag state="vulnerable">v3.8.0</tag> + <change state="vulnerable">ce61c16450d4992612d1fc6f39a39e79bfccead5</change> <tag state="fixed">v3.9.0</tag> + <change state="fixed">441d3eb6d1be940a67ce45a286602a967601b157</change> </branch> <branch> <name>v3.0-maint</name> @@ -80,8 +80,8 @@ certificates in QEMU servers. ]]> </branch> <branch> <name>v3.2-maint</name> - <change state="vulnerable">ce61c16450d4992612d1fc6f39a39e79bfccead5</change> <tag state="vulnerable">v3.2.1</tag> + <change state="vulnerable">ce61c16450d4992612d1fc6f39a39e79bfccead5</change> <change state="fixed">9e6bc47bb541d8eea10cdd5704ea7f5e699bf0ba</change> </branch> <branch> diff --git a/notices/2018/0001.xml b/notices/2018/0001.xml index a72a1c0..807d1a7 100644 --- a/notices/2018/0001.xml +++ b/notices/2018/0001.xml @@ -151,9 +151,8 @@ <tag state="vulnerable">v3.8.0</tag> <tag state="vulnerable">v3.9.0</tag> <tag state="vulnerable">v3.10.0</tag> - <tag state="vulnerable">v4.0.0</tag> - <tag state="fixed">v4.1.0</tag> <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + <tag state="fixed">v4.0.0</tag> <change state="fixed">24d504396c3c05eff87d29173a224e2faaeb2637</change> <change state="fixed">b2042020c32b74069fa5365b5e966537aaba8cf6</change> <change state="fixed">7bb4ce9761dfbd1620ddffb26fbd6f0ff1fedf3f</change> @@ -166,6 +165,10 @@ <change state="fixed">6b7e7d1cc24a28a9f5ece8626f807189647d14b4</change> <change state="fixed">6d4a3cd42781babed7d29b061e220ebff24dd43e</change> </branch> + <branch> + <name>v0.8.3-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> <branch> <name>v0.9.6-maint</name> <tag state="vulnerable">v0.9.6.1</tag> @@ -207,6 +210,26 @@ <tag state="vulnerable">v0.10.2.8</tag> <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> </branch> + <branch> + <name>v1.0.0-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.0.1-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.0.2-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.0.3-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.0.4-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> <branch> <name>v1.0.5-maint</name> <tag state="vulnerable">v1.0.5.1</tag> @@ -220,6 +243,22 @@ <tag state="vulnerable">v1.0.5.9</tag> <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> </branch> + <branch> + <name>v1.0.6-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.1.0-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.1.1-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.1.2-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> <branch> <name>v1.1.3-maint</name> <tag state="vulnerable">v1.1.3.1</tag> @@ -233,6 +272,46 @@ <tag state="vulnerable">v1.1.3.9</tag> <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> </branch> + <branch> + <name>v1.1.4-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.2.0-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.2.1-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.2.2-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.2.3-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.2.4-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.2.5-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.2.6-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.2.7-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.2.8-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> <branch> <name>v1.2.9-maint</name> <tag state="vulnerable">v1.2.9.1</tag> @@ -240,12 +319,40 @@ <tag state="vulnerable">v1.2.9.3</tag> <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> </branch> + <branch> + <name>v1.2.10-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.2.11-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.2.12-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> <branch> <name>v1.2.13-maint</name> <tag state="vulnerable">v1.2.13.1</tag> <tag state="vulnerable">v1.2.13.2</tag> <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> </branch> + <branch> + <name>v1.2.14-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.2.15-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.2.16-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.2.17-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> <branch> <name>v1.2.18-maint</name> <tag state="vulnerable">v1.2.18.1</tag> @@ -254,6 +361,30 @@ <tag state="vulnerable">v1.2.18.4</tag> <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> </branch> + <branch> + <name>v1.2.19-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.2.20-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.2.21-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.3.0-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.3.1-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.3.2-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> <branch> <name>v1.3.3-maint</name> <tag state="vulnerable">v1.3.3.1</tag> @@ -261,16 +392,40 @@ <tag state="vulnerable">v1.3.3.3</tag> <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> </branch> + <branch> + <name>v1.3.4-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.3.5-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v2.0-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v2.1-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> <branch> <name>v2.2-maint</name> <tag state="vulnerable">v2.2.1</tag> <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> </branch> + <branch> + <name>v3.0-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> <branch> <name>v3.2-maint</name> <tag state="vulnerable">v3.2.1</tag> <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> </branch> + <branch> + <name>v3.7-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> </product> </security-notice> diff --git a/notices/2018/0002.xml b/notices/2018/0002.xml index 8b8e069..2187633 100644 --- a/notices/2018/0002.xml +++ b/notices/2018/0002.xml @@ -160,10 +160,14 @@ <tag state="vulnerable">v3.8.0</tag> <tag state="vulnerable">v3.9.0</tag> <tag state="vulnerable">v3.10.0</tag> - <tag state="fixed">v4.0.0</tag> <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + <tag state="fixed">v4.0.0</tag> <change state="fixed">bc251ea91bcfddd2622fce6bce701a438b2e7276</change> </branch> + <branch> + <name>v0.8.3-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> <branch> <name>v0.9.6-maint</name> <tag state="vulnerable">v0.9.6.1</tag> @@ -205,6 +209,26 @@ <tag state="vulnerable">v0.10.2.8</tag> <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> </branch> + <branch> + <name>v1.0.0-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.0.1-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.0.2-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.0.3-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.0.4-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> <branch> <name>v1.0.5-maint</name> <tag state="vulnerable">v1.0.5.1</tag> @@ -218,6 +242,22 @@ <tag state="vulnerable">v1.0.5.9</tag> <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> </branch> + <branch> + <name>v1.0.6-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.1.0-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.1.1-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.1.2-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> <branch> <name>v1.1.3-maint</name> <tag state="vulnerable">v1.1.3.1</tag> @@ -231,6 +271,46 @@ <tag state="vulnerable">v1.1.3.9</tag> <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> </branch> + <branch> + <name>v1.1.4-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.2.0-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.2.1-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.2.2-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.2.3-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.2.4-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.2.5-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.2.6-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.2.7-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.2.8-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> <branch> <name>v1.2.9-maint</name> <tag state="vulnerable">v1.2.9.1</tag> @@ -238,12 +318,40 @@ <tag state="vulnerable">v1.2.9.3</tag> <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> </branch> + <branch> + <name>v1.2.10-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.2.11-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.2.12-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> <branch> <name>v1.2.13-maint</name> <tag state="vulnerable">v1.2.13.1</tag> <tag state="vulnerable">v1.2.13.2</tag> <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> </branch> + <branch> + <name>v1.2.14-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.2.15-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.2.16-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.2.17-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> <branch> <name>v1.2.18-maint</name> <tag state="vulnerable">v1.2.18.1</tag> @@ -252,6 +360,30 @@ <tag state="vulnerable">v1.2.18.4</tag> <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> </branch> + <branch> + <name>v1.2.19-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.2.20-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.2.21-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.3.0-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.3.1-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.3.2-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> <branch> <name>v1.3.3-maint</name> <tag state="vulnerable">v1.3.3.1</tag> @@ -259,16 +391,40 @@ <tag state="vulnerable">v1.3.3.3</tag> <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> </branch> + <branch> + <name>v1.3.4-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.3.5-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v2.0-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v2.1-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> <branch> <name>v2.2-maint</name> <tag state="vulnerable">v2.2.1</tag> <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> </branch> + <branch> + <name>v3.0-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> <branch> <name>v3.2-maint</name> <tag state="vulnerable">v3.2.1</tag> <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> </branch> + <branch> + <name>v3.7-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> </product> </security-notice> diff --git a/notices/2018/0003.xml b/notices/2018/0003.xml index 2c53626..4e64064 100644 --- a/notices/2018/0003.xml +++ b/notices/2018/0003.xml @@ -49,7 +49,6 @@ <product name="libvirt"> <repository>libvirt.git</repository> - <branch> <name>master</name> <tag state="vulnerable">v0.4.4</tag> @@ -154,11 +153,15 @@ <tag state="vulnerable">v3.9.0</tag> <tag state="vulnerable">v3.10.0</tag> <tag state="vulnerable">v4.0.0</tag> - <tag state="fixed">v4.1.0</tag> <change state="vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac101</change> + <tag state="fixed">v4.1.0</tag> <change state="fixed">759b4d1b0fe5f4d84d98b99153dfa7ac289dd167</change> <change state="fixed">c2dc6698c88fb591639e542c8ecb0076c54f3dfb</change> </branch> + <branch> + <name>v0.8.3-maint</name> + <change state="vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac101</change> + </branch> <branch> <name>v0.9.6-maint</name> <tag state="vulnerable">v0.9.6.1</tag> @@ -200,6 +203,26 @@ <tag state="vulnerable">v0.10.2.8</tag> <change state="vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac101</change> </branch> + <branch> + <name>v1.0.0-maint</name> + <change state="vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac101</change> + </branch> + <branch> + <name>v1.0.1-maint</name> + <change state="vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac101</change> + </branch> + <branch> + <name>v1.0.2-maint</name> + <change state="vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac101</change> + </branch> + <branch> + <name>v1.0.3-maint</name> + <change state="vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac101</change> + </branch> + <branch> + <name>v1.0.4-maint</name> + <change state="vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac101</change> + </branch> <branch> <name>v1.0.5-maint</name> <tag state="vulnerable">v1.0.5.1</tag> @@ -213,6 +236,22 @@ <tag state="vulnerable">v1.0.5.9</tag> <change state="vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac101</change> </branch> + <branch> + <name>v1.0.6-maint</name> + <change state="vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac101</change> + </branch> + <branch> + <name>v1.1.0-maint</name> + <change state="vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac101</change> + </branch> + <branch> + <name>v1.1.1-maint</name> + <change state="vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac101</change> + </branch> + <branch> + <name>v1.1.2-maint</name> + <change state="vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac101</change> + </branch> <branch> <name>v1.1.3-maint</name> <tag state="vulnerable">v1.1.3.1</tag> @@ -226,6 +265,46 @@ <tag state="vulnerable">v1.1.3.9</tag> <change state="vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac101</change> </branch> + <branch> + <name>v1.1.4-maint</name> + <change state="vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac101</change> + </branch> + <branch> + <name>v1.2.0-maint</name> + <change state="vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac101</change> + </branch> + <branch> + <name>v1.2.1-maint</name> + <change state="vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac101</change> + </branch> + <branch> + <name>v1.2.2-maint</name> + <change state="vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac101</change> + </branch> + <branch> + <name>v1.2.3-maint</name> + <change state="vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac101</change> + </branch> + <branch> + <name>v1.2.4-maint</name> + <change state="vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac101</change> + </branch> + <branch> + <name>v1.2.5-maint</name> + <change state="vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac101</change> + </branch> + <branch> + <name>v1.2.6-maint</name> + <change state="vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac101</change> + </branch> + <branch> + <name>v1.2.7-maint</name> + <change state="vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac101</change> + </branch> + <branch> + <name>v1.2.8-maint</name> + <change state="vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac101</change> + </branch> <branch> <name>v1.2.9-maint</name> <tag state="vulnerable">v1.2.9.1</tag> @@ -233,12 +312,40 @@ <tag state="vulnerable">v1.2.9.3</tag> <change state="vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac101</change> </branch> + <branch> + <name>v1.2.10-maint</name> + <change state="vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac101</change> + </branch> + <branch> + <name>v1.2.11-maint</name> + <change state="vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac101</change> + </branch> + <branch> + <name>v1.2.12-maint</name> + <change state="vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac101</change> + </branch> <branch> <name>v1.2.13-maint</name> <tag state="vulnerable">v1.2.13.1</tag> <tag state="vulnerable">v1.2.13.2</tag> <change state="vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac101</change> </branch> + <branch> + <name>v1.2.14-maint</name> + <change state="vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac101</change> + </branch> + <branch> + <name>v1.2.15-maint</name> + <change state="vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac101</change> + </branch> + <branch> + <name>v1.2.16-maint</name> + <change state="vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac101</change> + </branch> + <branch> + <name>v1.2.17-maint</name> + <change state="vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac101</change> + </branch> <branch> <name>v1.2.18-maint</name> <tag state="vulnerable">v1.2.18.1</tag> @@ -247,6 +354,30 @@ <tag state="vulnerable">v1.2.18.4</tag> <change state="vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac101</change> </branch> + <branch> + <name>v1.2.19-maint</name> + <change state="vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac101</change> + </branch> + <branch> + <name>v1.2.20-maint</name> + <change state="vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac101</change> + </branch> + <branch> + <name>v1.2.21-maint</name> + <change state="vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac101</change> + </branch> + <branch> + <name>v1.3.0-maint</name> + <change state="vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac101</change> + </branch> + <branch> + <name>v1.3.1-maint</name> + <change state="vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac101</change> + </branch> + <branch> + <name>v1.3.2-maint</name> + <change state="vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac101</change> + </branch> <branch> <name>v1.3.3-maint</name> <tag state="vulnerable">v1.3.3.1</tag> @@ -254,16 +385,42 @@ <tag state="vulnerable">v1.3.3.3</tag> <change state="vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac101</change> </branch> + <branch> + <name>v1.3.4-maint</name> + <change state="vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac101</change> + </branch> + <branch> + <name>v1.3.5-maint</name> + <change state="vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac101</change> + </branch> + <branch> + <name>v2.0-maint</name> + <change state="vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac101</change> + </branch> + <branch> + <name>v2.1-maint</name> + <change state="vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac101</change> + </branch> <branch> <name>v2.2-maint</name> <tag state="vulnerable">v2.2.1</tag> <change state="vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac101</change> </branch> + <branch> + <name>v3.0-maint</name> + <change state="vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac101</change> + </branch> <branch> <name>v3.2-maint</name> <tag state="vulnerable">v3.2.1</tag> <change state="vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac101</change> </branch> + <branch> + <name>v3.7-maint</name> + <change state="vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac101</change> + <change state="fixed">3aadeae9709dae6593b5b26e8953b459c6764a6d</change> + <change state="fixed">ee54b0bd7faa3e211346b367f64e502af6442e07</change> + </branch> </product> </security-notice> diff --git a/notices/2018/0004.xml b/notices/2018/0004.xml index 06d7fd0..2a4f264 100644 --- a/notices/2018/0004.xml +++ b/notices/2018/0004.xml @@ -43,7 +43,6 @@ <product name="libvirt"> <repository>libvirt.git</repository> - <branch> <name>master</name> <tag state="vulnerable">v0.9.10</tag> @@ -113,6 +112,7 @@ <tag state="vulnerable">v4.0.0</tag> <tag state="vulnerable">v4.1.0</tag> <change state="vulnerable">c160ce3316852a797d7b06b4ee101233866e69a9</change> + <tag state="fixed">v4.2.0</tag> <change state="fixed">fbf31e1a4cd19d6f6e33e0937a009775cd7d9513</change> </branch> <branch> @@ -148,6 +148,26 @@ <tag state="vulnerable">v0.10.2.8</tag> <change state="vulnerable">c160ce3316852a797d7b06b4ee101233866e69a9</change> </branch> + <branch> + <name>v1.0.0-maint</name> + <change state="vulnerable">c160ce3316852a797d7b06b4ee101233866e69a9</change> + </branch> + <branch> + <name>v1.0.1-maint</name> + <change state="vulnerable">c160ce3316852a797d7b06b4ee101233866e69a9</change> + </branch> + <branch> + <name>v1.0.2-maint</name> + <change state="vulnerable">c160ce3316852a797d7b06b4ee101233866e69a9</change> + </branch> + <branch> + <name>v1.0.3-maint</name> + <change state="vulnerable">c160ce3316852a797d7b06b4ee101233866e69a9</change> + </branch> + <branch> + <name>v1.0.4-maint</name> + <change state="vulnerable">c160ce3316852a797d7b06b4ee101233866e69a9</change> + </branch> <branch> <name>v1.0.5-maint</name> <tag state="vulnerable">v1.0.5.1</tag> @@ -161,6 +181,22 @@ <tag state="vulnerable">v1.0.5.9</tag> <change state="vulnerable">c160ce3316852a797d7b06b4ee101233866e69a9</change> </branch> + <branch> + <name>v1.0.6-maint</name> + <change state="vulnerable">c160ce3316852a797d7b06b4ee101233866e69a9</change> + </branch> + <branch> + <name>v1.1.0-maint</name> + <change state="vulnerable">c160ce3316852a797d7b06b4ee101233866e69a9</change> + </branch> + <branch> + <name>v1.1.1-maint</name> + <change state="vulnerable">c160ce3316852a797d7b06b4ee101233866e69a9</change> + </branch> + <branch> + <name>v1.1.2-maint</name> + <change state="vulnerable">c160ce3316852a797d7b06b4ee101233866e69a9</change> + </branch> <branch> <name>v1.1.3-maint</name> <tag state="vulnerable">v1.1.3.1</tag> @@ -174,6 +210,46 @@ <tag state="vulnerable">v1.1.3.9</tag> <change state="vulnerable">c160ce3316852a797d7b06b4ee101233866e69a9</change> </branch> + <branch> + <name>v1.1.4-maint</name> + <change state="vulnerable">c160ce3316852a797d7b06b4ee101233866e69a9</change> + </branch> + <branch> + <name>v1.2.0-maint</name> + <change state="vulnerable">c160ce3316852a797d7b06b4ee101233866e69a9</change> + </branch> + <branch> + <name>v1.2.1-maint</name> + <change state="vulnerable">c160ce3316852a797d7b06b4ee101233866e69a9</change> + </branch> + <branch> + <name>v1.2.2-maint</name> + <change state="vulnerable">c160ce3316852a797d7b06b4ee101233866e69a9</change> + </branch> + <branch> + <name>v1.2.3-maint</name> + <change state="vulnerable">c160ce3316852a797d7b06b4ee101233866e69a9</change> + </branch> + <branch> + <name>v1.2.4-maint</name> + <change state="vulnerable">c160ce3316852a797d7b06b4ee101233866e69a9</change> + </branch> + <branch> + <name>v1.2.5-maint</name> + <change state="vulnerable">c160ce3316852a797d7b06b4ee101233866e69a9</change> + </branch> + <branch> + <name>v1.2.6-maint</name> + <change state="vulnerable">c160ce3316852a797d7b06b4ee101233866e69a9</change> + </branch> + <branch> + <name>v1.2.7-maint</name> + <change state="vulnerable">c160ce3316852a797d7b06b4ee101233866e69a9</change> + </branch> + <branch> + <name>v1.2.8-maint</name> + <change state="vulnerable">c160ce3316852a797d7b06b4ee101233866e69a9</change> + </branch> <branch> <name>v1.2.9-maint</name> <tag state="vulnerable">v1.2.9.1</tag> @@ -181,12 +257,40 @@ <tag state="vulnerable">v1.2.9.3</tag> <change state="vulnerable">c160ce3316852a797d7b06b4ee101233866e69a9</change> </branch> + <branch> + <name>v1.2.10-maint</name> + <change state="vulnerable">c160ce3316852a797d7b06b4ee101233866e69a9</change> + </branch> + <branch> + <name>v1.2.11-maint</name> + <change state="vulnerable">c160ce3316852a797d7b06b4ee101233866e69a9</change> + </branch> + <branch> + <name>v1.2.12-maint</name> + <change state="vulnerable">c160ce3316852a797d7b06b4ee101233866e69a9</change> + </branch> <branch> <name>v1.2.13-maint</name> <tag state="vulnerable">v1.2.13.1</tag> <tag state="vulnerable">v1.2.13.2</tag> <change state="vulnerable">c160ce3316852a797d7b06b4ee101233866e69a9</change> </branch> + <branch> + <name>v1.2.14-maint</name> + <change state="vulnerable">c160ce3316852a797d7b06b4ee101233866e69a9</change> + </branch> + <branch> + <name>v1.2.15-maint</name> + <change state="vulnerable">c160ce3316852a797d7b06b4ee101233866e69a9</change> + </branch> + <branch> + <name>v1.2.16-maint</name> + <change state="vulnerable">c160ce3316852a797d7b06b4ee101233866e69a9</change> + </branch> + <branch> + <name>v1.2.17-maint</name> + <change state="vulnerable">c160ce3316852a797d7b06b4ee101233866e69a9</change> + </branch> <branch> <name>v1.2.18-maint</name> <tag state="vulnerable">v1.2.18.1</tag> @@ -195,6 +299,30 @@ <tag state="vulnerable">v1.2.18.4</tag> <change state="vulnerable">c160ce3316852a797d7b06b4ee101233866e69a9</change> </branch> + <branch> + <name>v1.2.19-maint</name> + <change state="vulnerable">c160ce3316852a797d7b06b4ee101233866e69a9</change> + </branch> + <branch> + <name>v1.2.20-maint</name> + <change state="vulnerable">c160ce3316852a797d7b06b4ee101233866e69a9</change> + </branch> + <branch> + <name>v1.2.21-maint</name> + <change state="vulnerable">c160ce3316852a797d7b06b4ee101233866e69a9</change> + </branch> + <branch> + <name>v1.3.0-maint</name> + <change state="vulnerable">c160ce3316852a797d7b06b4ee101233866e69a9</change> + </branch> + <branch> + <name>v1.3.1-maint</name> + <change state="vulnerable">c160ce3316852a797d7b06b4ee101233866e69a9</change> + </branch> + <branch> + <name>v1.3.2-maint</name> + <change state="vulnerable">c160ce3316852a797d7b06b4ee101233866e69a9</change> + </branch> <branch> <name>v1.3.3-maint</name> <tag state="vulnerable">v1.3.3.1</tag> @@ -202,17 +330,44 @@ <tag state="vulnerable">v1.3.3.3</tag> <change state="vulnerable">c160ce3316852a797d7b06b4ee101233866e69a9</change> </branch> + <branch> + <name>v1.3.4-maint</name> + <change state="vulnerable">c160ce3316852a797d7b06b4ee101233866e69a9</change> + </branch> + <branch> + <name>v1.3.5-maint</name> + <change state="vulnerable">c160ce3316852a797d7b06b4ee101233866e69a9</change> + </branch> + <branch> + <name>v2.0-maint</name> + <change state="vulnerable">c160ce3316852a797d7b06b4ee101233866e69a9</change> + </branch> + <branch> + <name>v2.1-maint</name> + <change state="vulnerable">c160ce3316852a797d7b06b4ee101233866e69a9</change> + </branch> <branch> <name>v2.2-maint</name> <tag state="vulnerable">v2.2.1</tag> <change state="vulnerable">c160ce3316852a797d7b06b4ee101233866e69a9</change> </branch> + <branch> + <name>v3.0-maint</name> + <change state="vulnerable">c160ce3316852a797d7b06b4ee101233866e69a9</change> + </branch> <branch> <name>v3.2-maint</name> <tag state="vulnerable">v3.2.1</tag> <change state="vulnerable">c160ce3316852a797d7b06b4ee101233866e69a9</change> </branch> - + <branch> + <name>v3.7-maint</name> + <change state="vulnerable">c160ce3316852a797d7b06b4ee101233866e69a9</change> + </branch> + <branch> + <name>v4.1-maint</name> + <change state="vulnerable">c160ce3316852a797d7b06b4ee101233866e69a9</change> + </branch> </product> </security-notice> diff --git a/notices/2018/0005.xml b/notices/2018/0005.xml index 043ecf9..7f1550e 100644 --- a/notices/2018/0005.xml +++ b/notices/2018/0005.xml @@ -155,9 +155,13 @@ <tag state="vulnerable">v4.2.0</tag> <tag state="vulnerable">v4.3.0</tag> <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + <tag state="fixed">v4.4.0</tag> <change state="fixed">1dbca2eccad58d91a5fd33962854f1a653638182</change> <change state="fixed">9267342206ce17f6933d57a3128cdc504d5945c9</change> - <tag state="fixed">v4.4.0</tag> + </branch> + <branch> + <name>v0.8.3-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> </branch> <branch> <name>v0.9.6-maint</name> @@ -200,6 +204,26 @@ <tag state="vulnerable">v0.10.2.8</tag> <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> </branch> + <branch> + <name>v1.0.0-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.0.1-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.0.2-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.0.3-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.0.4-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> <branch> <name>v1.0.5-maint</name> <tag state="vulnerable">v1.0.5.1</tag> @@ -213,6 +237,22 @@ <tag state="vulnerable">v1.0.5.9</tag> <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> </branch> + <branch> + <name>v1.0.6-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.1.0-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.1.1-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.1.2-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> <branch> <name>v1.1.3-maint</name> <tag state="vulnerable">v1.1.3.1</tag> @@ -226,6 +266,46 @@ <tag state="vulnerable">v1.1.3.9</tag> <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> </branch> + <branch> + <name>v1.1.4-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.2.0-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.2.1-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.2.2-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.2.3-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.2.4-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.2.5-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.2.6-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.2.7-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.2.8-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> <branch> <name>v1.2.9-maint</name> <tag state="vulnerable">v1.2.9.1</tag> @@ -233,12 +313,40 @@ <tag state="vulnerable">v1.2.9.3</tag> <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> </branch> + <branch> + <name>v1.2.10-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.2.11-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.2.12-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> <branch> <name>v1.2.13-maint</name> <tag state="vulnerable">v1.2.13.1</tag> <tag state="vulnerable">v1.2.13.2</tag> <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> </branch> + <branch> + <name>v1.2.14-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.2.15-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.2.16-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.2.17-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> <branch> <name>v1.2.18-maint</name> <tag state="vulnerable">v1.2.18.1</tag> @@ -247,6 +355,30 @@ <tag state="vulnerable">v1.2.18.4</tag> <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> </branch> + <branch> + <name>v1.2.19-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.2.20-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.2.21-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.3.0-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.3.1-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.3.2-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> <branch> <name>v1.3.3-maint</name> <tag state="vulnerable">v1.3.3.1</tag> @@ -254,16 +386,44 @@ <tag state="vulnerable">v1.3.3.3</tag> <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> </branch> + <branch> + <name>v1.3.4-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v1.3.5-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v2.0-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v2.1-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> <branch> <name>v2.2-maint</name> <tag state="vulnerable">v2.2.1</tag> <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> </branch> + <branch> + <name>v3.0-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> <branch> <name>v3.2-maint</name> <tag state="vulnerable">v3.2.1</tag> <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> </branch> + <branch> + <name>v3.7-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> + <branch> + <name>v4.1-maint</name> + <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change> + </branch> </product> </security-notice> diff --git a/notices/2019/0001.xml b/notices/2019/0001.xml index 4d51b2b..9c58c0d 100644 --- a/notices/2019/0001.xml +++ b/notices/2019/0001.xml @@ -101,8 +101,8 @@ libvirtd socket]]> <tag state="vulnerable">v5.0.0</tag> <tag state="vulnerable">v5.1.0</tag> <tag state="vulnerable">v5.2.0</tag> - <tag state="fixed">v5.3.0</tag> <change state="vulnerable">0abb36938027f3991f3ce5151b31cca9737a1287</change> + <tag state="fixed">v5.3.0</tag> <change state="fixed">ae076bb40e0e150aef41361b64001138d04d6c60</change> <change state="fixed">2a07c990bd9143d7a0fe8d1b6b7c763c52185240</change> </branch> diff --git a/notices/2019/0002.xml b/notices/2019/0002.xml index 4d8faf9..4867091 100644 --- a/notices/2019/0002.xml +++ b/notices/2019/0002.xml @@ -86,8 +86,8 @@ the QEMU guest agent in trusted guests]]> <tag state="vulnerable">v4.8.0</tag> <tag state="vulnerable">v4.9.0</tag> <tag state="vulnerable">v4.10.0</tag> - <tag state="fixed">v5.0.0</tag> <change state="vulnerable">0977b8aa071de550e1a013d35e2c72615e65d520</change> + <tag state="fixed">v5.0.0</tag> <change state="fixed">7cfd1fbb1332ae5df678b9f41a62156cb2e88c73</change> </branch> <branch> -- 2.21.0

On Mon, May 13, 2019 at 12:52:06PM +0100, Daniel P. Berrangé wrote:
Use the new script logic to regenerate all branch tag info for flaws
A few manual edits are still needed, as the script still doesn't cope with two situations:
- The vulnerable commit from master was backported to an older branch. We don't search older branches looking for cherry-picks yet - There are multiple vulnerable commits, and they were introduce across multiple releases. This means some older branches only contain a subset of the vulnerable commits. We don't check which vulnerable commits are applicable to branches, instead assuming all vulnerable commits arrived at the same time.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- notices/2008/0001.xml | 6 --
[...]
notices/2019/0002.xml | 2 +- 47 files changed, 1224 insertions(+), 189 deletions(-)
Reviewed-by: Ján Tomko <jtomko@redhat.com> Jano

On Fri, Jun 14, 2019 at 01:09:44PM +0200, Ján Tomko wrote:
On Mon, May 13, 2019 at 12:52:06PM +0100, Daniel P. Berrangé wrote:
Use the new script logic to regenerate all branch tag info for flaws
A few manual edits are still needed, as the script still doesn't cope with two situations:
- The vulnerable commit from master was backported to an older branch. We don't search older branches looking for cherry-picks yet - There are multiple vulnerable commits, and they were introduce across multiple releases. This means some older branches only contain a subset of the vulnerable commits. We don't check which vulnerable commits are applicable to branches, instead assuming all vulnerable commits arrived at the same time.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- notices/2008/0001.xml | 6 --
[...]
notices/2019/0002.xml | 2 +- 47 files changed, 1224 insertions(+), 189 deletions(-)
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Thanks for reviews, I'll push all this with tabs removed. There was also pre-existing code using tabs that I'll fix. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
participants (2)
-
Daniel P. Berrangé
-
Ján Tomko