[Secure-testing-commits] r36394 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Tue Sep 1 05:00:28 UTC 2015
Author: carnil
Date: 2015-09-01 05:00:27 +0000 (Tue, 01 Sep 2015)
New Revision: 36394
Modified:
data/CVE/list
Log:
Adjust version number for qemu since reuploaded to unstable by maintainer with this version
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-09-01 04:57:46 UTC (rev 36393)
+++ data/CVE/list 2015-09-01 05:00:27 UTC (rev 36394)
@@ -2283,7 +2283,7 @@
NOTE: Non-exploitable starting with Wheezy due to D_FORTIFY_SOURCE
CVE-2015-5745 [buffer overflow in virtio-serial]
RESERVED
- - qemu 1:2.4+dfsg-1 (bug #795087)
+ - qemu 1:2.4+dfsg-1a (bug #795087)
[squeeze] - qemu <not-affected> (Vulnerable code introduced later)
- qemu-kvm <removed>
[squeeze] - qemu-kvm <not-affected> (Vulnerable code introduced later)
@@ -3689,7 +3689,7 @@
NOT-FOR-US: OpenShift3
CVE-2015-5225 [vnc: heap memory corruption issue]
RESERVED
- - qemu 1:2.4+dfsg-1 (bug #796465)
+ - qemu 1:2.4+dfsg-1a (bug #796465)
[wheezy] - qemu <not-affected> (Vulnerable code introduced in 2.1.0)
[squeeze] - qemu <not-affected> (Vulnerable code introduced in 2.1.0)
- qemu-kvm <not-affected> (Vulnerable code introduced in 2.1.0)
@@ -3868,7 +3868,7 @@
CVE-2015-5167
RESERVED
CVE-2015-5166 (Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not ...)
- - qemu 1:2.4+dfsg-1 (bug #794611)
+ - qemu 1:2.4+dfsg-1a (bug #794611)
[jessie] - qemu <not-affected> (Vulnerable code not present)
[wheezy] - qemu <not-affected> (Vulnerable code not present)
[squeeze] - qemu <not-affected> (Vulnerable code not present)
@@ -3882,7 +3882,7 @@
NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=6cd387833d05e8ad31829d97e474dc420625aed9 (v2.4.0-rc4)
NOTE: http://xenbits.xen.org/xsa/advisory-139.html
CVE-2015-5165 (The C+ mode offload emulation in the RTL8139 network card device model ...)
- - qemu 1:2.4+dfsg-1 (bug #794610)
+ - qemu 1:2.4+dfsg-1a (bug #794610)
[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
- qemu-kvm <removed>
[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
@@ -3926,7 +3926,7 @@
NOT-FOR-US: kdcproxy
CVE-2015-5158 [scsi stack buffer overflow]
RESERVED
- - qemu 1:2.4+dfsg-1 (bug #793388)
+ - qemu 1:2.4+dfsg-1a (bug #793388)
[jessie] - qemu <not-affected> (Vulnerable code not present)
[wheezy] - qemu <not-affected> (Vulnerable code not present)
[squeeze] - qemu <not-affected> (Vulnerable code not present)
@@ -3949,7 +3949,7 @@
CVE-2015-5155
RESERVED
CVE-2015-5154 (Heap-based buffer overflow in the IDE subsystem in QEMU, as used in ...)
- - qemu 1:2.4+dfsg-1 (bug #793811)
+ - qemu 1:2.4+dfsg-1a (bug #793811)
[wheezy] - qemu <not-affected> (Vulnerable code not present, introduced in 1.3)
[squeeze] - qemu <not-affected> (Vulnerable code not present, introduced in 1.3)
- qemu-kvm <not-affected> (Vulnerable code not present, introduced in 1.3)
@@ -9166,7 +9166,7 @@
NOT-FOR-US: virtio Windows drivers
CVE-2015-3214 [i8254: out-of-bounds memory access in pit_ioport_read function]
RESERVED
- - qemu 1:2.4+dfsg-1 (bug #795461)
+ - qemu 1:2.4+dfsg-1a (bug #795461)
[jessie] - qemu <no-dsa> (Minor issue, can be fixed along with future DSA)
[wheezy] - qemu <not-affected> (Introduced in 1.3.0)
[squeeze] - qemu <not-affected> (Introduced in 1.3.0)
More information about the Secure-testing-commits
mailing list