[Secure-testing-commits] r43973 - data/CVE

Guido Guenther agx at moszumanska.debian.org
Sat Aug 13 12:26:11 UTC 2016 

Author: agx
Date: 2016-08-13 12:26:11 +0000 (Sat, 13 Aug 2016)
New Revision: 43973

Modified:
   data/CVE/list
Log:
Mark qemu-{,kvm} in wheezy as not affected

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-08-13 09:10:12 UTC (rev 43972)
+++ data/CVE/list	2016-08-13 12:26:11 UTC (rev 43973)
@@ -247,25 +247,33 @@
 	NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30245
 CVE-2016-XXXX [net: vmxnet3: use after free while writing]
 	- qemu <unfixed>
+	[wheezy] - qemu <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
 	- qemu-kvm <removed>
+	[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
 	NOTE: Upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01602.html
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/08/12/1
 	TODO: check
 CVE-2016-XXXX [an infinite loop during packet fragmentation]
 	- qemu <unfixed>
+	[wheezy] - qemu <not-affected> (Vulnerable code not present, packet abstraction introduced in 1.5)
 	- qemu-kvm <removed>
+	[wheezy] - qemu <not-affected> (Vulnerable code not present, packet abstraction introduced in 1.5)
 	NOTE: Upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01601.html
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/08/11/8
 	TODO: check
 CVE-2016-XXXX [buffer overflow in vmxnet_tx_pkt_parse_headers() in vmxnet3 device emulation]
 	- qemu <unfixed>
+	[wheezy] - qemu <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
 	- qemu-kvm <removed>
+	[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
 	NOTE: Upstream patch: https://lists.gnu.org/archive/html/qemu-stable/2016-08/msg00077.html
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/08/11/7
 	TODO: check
 CVE-2016-XXXX [Information leak in vmxnet3_complete_packet]
 	- qemu <unfixed>
+	[wheezy] - qemu <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
 	- qemu-kvm <removed>
+	[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
 	NOTE: Upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg02108.html
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1366369
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/08/11/5

More information about the Secure-testing-commits mailing list