[Secure-testing-commits] r33242 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Sun Mar 29 18:00:39 UTC 2015
Author: jmm
Date: 2015-03-29 18:00:39 +0000 (Sun, 29 Mar 2015)
New Revision: 33242
Modified:
data/CVE/list
Log:
one qemu issue unimportant
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-03-29 18:00:03 UTC (rev 33241)
+++ data/CVE/list 2015-03-29 18:00:39 UTC (rev 33242)
@@ -854,10 +854,15 @@
NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5f5bc6b1e2d5a6f827bc860ef2dc5b6f365d1339 (v3.19-rc1)
NOTE: http://www.openwall.com/lists/oss-security/2015/03/24/11
CVE-2015-XXXX [malicious PRDT flow from guest to host]
- - qemu <unfixed> (bug #781250)
- - qemu-kvm <removed>
+ - qemu <unfixed> (unimportant; bug #781250)
+ - qemu-kvm <removed> (unimportant)
NOTE: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=3251bdcf1c67427d964517053c3d185b46e618e8 (v2.2.0-rc2)
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/03/24/4
+ NOTE: Per maintainer not a security issue:
+ NOTE: Qemu either leaks memory or loops infinitely. Memory leakage can be easily
+ NOTE: mitigated using some kind of resource limits in security-sensitive environments,
+ NOTE: and looping can trivially be done inside the virtual machine just fine, achieving
+ NOTE: the same effect
CVE-2015-2686 [sys_sendto/sys_recvfrom does not validate the user provided ubuf pointer]
RESERVED
- linux <not-affected> (Introduced in 3.19, never uploaded to unstable)
@@ -2493,6 +2498,7 @@
CVE-2015-1779 [denial of service in VNC web]
RESERVED
- qemu <unfixed> (bug #781250)
+ [jessie] - qemu <no-dsa> (Postponed until fixed upstream)
[wheezy] - qemu <not-affected> (Websocket protocol support introduced in v1.4.0-rc0)
- qemu-kvm <not-affected> (Websocket protocol support introduced in v1.4.0-rc0)
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2015-03/msg04894.html
More information about the Secure-testing-commits
mailing list