[Secure-testing-commits] r29234 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Fri Oct 3 10:41:08 UTC 2014
Author: carnil
Date: 2014-10-03 10:41:08 +0000 (Fri, 03 Oct 2014)
New Revision: 29234
Modified:
data/CVE/list
Log:
Update entry for CVE-2014-3471/qemu
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-10-03 10:38:53 UTC (rev 29233)
+++ data/CVE/list 2014-10-03 10:41:08 UTC (rev 29234)
@@ -9006,11 +9006,12 @@
NOT-FOR-US: JBoss Enterprise Application Platform
CVE-2014-3471 [hw: pci: use after free triggered via guest]
RESERVED
- - qemu <unfixed>
+ - qemu 2.1+dfsg-1
[squeeze] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <removed>
[squeeze] - qemu-kvm <end-of-life>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2014-06/msg05283.html
+ NOTE: Upstream fix: http://git.qemu.org/?p=qemu.git;a=commit;h=554f802da3f8b09b16b9a84ad5847b2eb0e9ad2b (v2.1.0-rc0)
CVE-2014-3470 (The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL ...)
{DSA-2950-1 DLA-0003-1}
- openssl 1.0.1h-1 (bug #750665)
More information about the Secure-testing-commits
mailing list