[Secure-testing-commits] r43973 - data/CVE
Guido Guenther
agx at moszumanska.debian.org
Sat Aug 13 12:26:11 UTC 2016
Author: agx
Date: 2016-08-13 12:26:11 +0000 (Sat, 13 Aug 2016)
New Revision: 43973
Modified:
data/CVE/list
Log:
Mark qemu-{,kvm} in wheezy as not affected
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-08-13 09:10:12 UTC (rev 43972)
+++ data/CVE/list 2016-08-13 12:26:11 UTC (rev 43973)
@@ -247,25 +247,33 @@
NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30245
CVE-2016-XXXX [net: vmxnet3: use after free while writing]
- qemu <unfixed>
+ [wheezy] - qemu <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
- qemu-kvm <removed>
+ [wheezy] - qemu-kvm <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
NOTE: Upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01602.html
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/08/12/1
TODO: check
CVE-2016-XXXX [an infinite loop during packet fragmentation]
- qemu <unfixed>
+ [wheezy] - qemu <not-affected> (Vulnerable code not present, packet abstraction introduced in 1.5)
- qemu-kvm <removed>
+ [wheezy] - qemu <not-affected> (Vulnerable code not present, packet abstraction introduced in 1.5)
NOTE: Upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01601.html
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/08/11/8
TODO: check
CVE-2016-XXXX [buffer overflow in vmxnet_tx_pkt_parse_headers() in vmxnet3 device emulation]
- qemu <unfixed>
+ [wheezy] - qemu <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
- qemu-kvm <removed>
+ [wheezy] - qemu-kvm <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
NOTE: Upstream patch: https://lists.gnu.org/archive/html/qemu-stable/2016-08/msg00077.html
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/08/11/7
TODO: check
CVE-2016-XXXX [Information leak in vmxnet3_complete_packet]
- qemu <unfixed>
+ [wheezy] - qemu <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
- qemu-kvm <removed>
+ [wheezy] - qemu-kvm <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
NOTE: Upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg02108.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1366369
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/08/11/5
More information about the Secure-testing-commits
mailing list