Track fixed version for CVE-2021-28703/xen

Fixed by code cleanup in Xen 4.14, and backported to security-supported
Xen branches as a prerequisite of the fix for XSA-378. 4.14.0-1~exp1 was
the first version in Debian including the fix.

Link: https://xenbits.xen.org/xsa/advisory-387.html

1 files changed, 5 insertions, 1 deletions

diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index facd9f09c4..f4338ae243 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -37121,10 +37121,14 @@ CVE-2021-28704 (PoD operations on misaligned GFNs T[his CNA information record r
 	NOTE: https://xenbits.xen.org/xsa/advisory-388.html
 CVE-2021-28703
 	RESERVED
-	- xen <unfixed>
+	- xen 4.14.0+80-gd101b417b7-1
 	[buster] - xen <end-of-life> (DSA 4677-1)
 	[stretch] - xen <end-of-life> (DSA 4602-1)
 	NOTE: https://xenbits.xen.org/xsa/advisory-387.html
+	NOTE: Fixed by code cleanup in Xen 4.14, and backported to security-supported Xen branches
+	NOTE: as a prerequisite of the fix for XSA-378. 4.14.0-1~exp1 was the first version in
+	NOTE: Debian including the fix.
+	NOTE: https://xenbits.xen.org/gitweb/?p=xen.git;a=commit;h=c65ea16dbcafbe4fe21693b18f8c2a3c5d14600e (4.14.0-rc1)
 CVE-2021-28702 (PCI devices with RMRRs not deassigned correctly Certain PCI devices in ...)
 	- xen <unfixed>
 	[bullseye] - xen <postponed> (Minor issue, fix along with next DSA)