[Secure-testing-commits] r26516 - data/CVE
Raphael Geissert
atomo64-guest at moszumanska.debian.org
Fri Apr 11 14:37:58 UTC 2014
Author: atomo64-guest
Date: 2014-04-11 14:37:58 +0000 (Fri, 11 Apr 2014)
New Revision: 26516
Modified:
data/CVE/list
Log:
adjust notes about vhost_net
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-04-11 14:21:16 UTC (rev 26515)
+++ data/CVE/list 2014-04-11 14:37:58 UTC (rev 26516)
@@ -7182,7 +7182,7 @@
- linux <unfixed>
- linux-2.6 <not-affected> (Vulnerable code not present)
NOTE: seems introduced in https://github.com/torvalds/linux/commit/8dd014adfea6f173c1ef6378f7e5e7924866c923
- NOTE: qemu is built with support for vhost_net but nothing seems to actually load it
+ NOTE: qemu is built with support for vhost_net, module loaded post-wheezy but root:root 0600
CVE-2014-0076 (The Montgomery ladder implementation in OpenSSL through 1.0.0l does ...)
- openssl 1.0.1g-1 (low; bug #742923)
[wheezy] - openssl <no-dsa> (Minor issue, local attack)
@@ -7276,7 +7276,7 @@
- linux-2.6 <not-affected> (Vulnerable code not present)
TODO: check
NOTE: introduced in https://github.com/torvalds/linux/commit/8dd014adfea6f173c1ef6378f7e5e7924866c923
- NOTE: qemu is built with support for vhost_net but nothing seems to actually load it
+ NOTE: qemu is built with support for vhost_net, module loaded post-wheezy but root:root 0600
CVE-2014-0054
RESERVED
{DSA-2890-1}
More information about the Secure-testing-commits
mailing list