[Secure-testing-commits] r29036 - data/CVE

[Raphaël Hertzog]

Author: hertzog
Date: 2014-09-25 09:48:04 +0000 (Thu, 25 Sep 2014)
New Revision: 29036

Modified:
   data/CVE/list
Log:
Mark CVE affecting qemu-kvm as <end-of-life> on squeeze + add some details

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-09-25 09:47:57 UTC (rev 29035)
+++ data/CVE/list	2014-09-25 09:48:04 UTC (rev 29036)
@@ -3807,6 +3807,7 @@
 	RESERVED
 	- qemu <unfixed>
 	- qemu-kvm <removed>
+	[squeeze] - qemu-kvm <end-of-life>
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2014-08/msg03338.html
 	TODO: check
 CVE-2014-5382 (Multiple cross-site scripting (XSS) vulnerabilities in the web ...)
@@ -8022,6 +8023,8 @@
 	RESERVED
 	- qemu <unfixed> (bug #762532)
 	- qemu-kvm <removed>
+	[squeeze] - qemu-kvm <end-of-life>
+	NOTE: http://lists.nongnu.org/archive/html/qemu-devel/2014-09/msg03543.html
 CVE-2014-3639 (The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not ...)
 	{DSA-3026-1}
 	- dbus 1.8.8-1
@@ -8109,6 +8112,7 @@
 	RESERVED
 	- qemu <unfixed>
 	- qemu-kvm <removed>
+	[squeeze] - qemu-kvm <end-of-life>
 	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=c1b886c45dc70f247300f549dce9833f3fa2def5
 	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=ab9509cceabef28071e41bdfa073083859c949a7
 	TODO: check
@@ -8604,7 +8608,9 @@
 CVE-2014-3471 [hw: pci: use after free triggered via guest]
 	RESERVED
 	- qemu <unfixed>
+	[squeeze] - qemu <not-affected> (Vulnerable code not present)
 	- qemu-kvm <removed>
+	[squeeze] - qemu-kvm <end-of-life>
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2014-06/msg05283.html
 CVE-2014-3470 (The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL ...)
 	{DSA-2950-1 DLA-0003-1}