[Secure-testing-commits] r29248 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Fri Oct 3 22:04:18 UTC 2014
Author: jmm
Date: 2014-10-03 22:04:18 +0000 (Fri, 03 Oct 2014)
New Revision: 29248
Modified:
data/CVE/list
Log:
qemu n/a
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-10-03 21:14:11 UTC (rev 29247)
+++ data/CVE/list 2014-10-03 22:04:18 UTC (rev 29248)
@@ -9017,9 +9017,11 @@
CVE-2014-3471 [hw: pci: use after free triggered via guest]
RESERVED
- qemu 2.1+dfsg-1
+ [wheezy] - qemu <not-affected> (Vulnerable code not present)
+ [wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
[squeeze] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <removed>
- [squeeze] - qemu-kvm <end-of-life>
+ [squeeze] - qemu-kvm <not-affected> (Vulnerable code not present)
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2014-06/msg05283.html
NOTE: Upstream fix: http://git.qemu.org/?p=qemu.git;a=commit;h=554f802da3f8b09b16b9a84ad5847b2eb0e9ad2b (v2.1.0-rc0)
CVE-2014-3470 (The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL ...)
More information about the Secure-testing-commits
mailing list