[Secure-testing-commits] r47516 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Wed Dec 28 14:29:58 UTC 2016
Author: jmm
Date: 2016-12-28 14:29:58 +0000 (Wed, 28 Dec 2016)
New Revision: 47516
Modified:
data/CVE/list
Log:
qemu fixed in sid
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-12-28 14:21:04 UTC (rev 47515)
+++ data/CVE/list 2016-12-28 14:29:58 UTC (rev 47516)
@@ -2896,7 +2896,7 @@
NOTE: http://downloads.asterisk.org/pub/security/AST-2016-009.html
NOTE: Only applicable if a proxy is in use.
CVE-2016-9923 (Quick Emulator (Qemu) built with the 'chardev' backend support is ...)
- - qemu <unfixed> (bug #847957)
+ - qemu 1:2.8+dfsg-1 (bug #847957)
[jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
@@ -2906,7 +2906,7 @@
CVE-2016-9922 [display: cirrus_vga: a divide by zero in cirrus_do_copy]
RESERVED
{DLA-765-1 DLA-764-1}
- - qemu <unfixed> (bug #847960)
+ - qemu 1:2.8+dfsg-1 (bug #847960)
[jessie] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
- xen 4.4.0-1
@@ -2918,7 +2918,7 @@
NOTE: Should be fixed along with CVE-2014-8106
CVE-2016-9921 (Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator ...)
{DLA-765-1 DLA-764-1}
- - qemu <unfixed> (bug #847960)
+ - qemu 1:2.8+dfsg-1 (bug #847960)
[jessie] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
- xen 4.4.0-1
@@ -4084,7 +4084,7 @@
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=189851
NOTE: Fixed by: https://git.kernel.org/linus/79dc7e3f1cd323be4c81aa1a94faa1b3ed987fb2 (v4.9-rc8)
CVE-2016-9912 (Quick Emulator (Qemu) built with the Virtio GPU Device emulator ...)
- - qemu <unfixed> (bug #847391)
+ - qemu 1:2.8+dfsg-1 (bug #847391)
[jessie] - qemu <not-affected> (Vulnerable code not present)
[wheezy] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <not-affected> (Vulnerable code not present)
@@ -4095,7 +4095,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/12
CVE-2016-9916 [9pfs: add cleanup operation for proxy backend driver]
RESERVED
- - qemu <unfixed> (bug #847496)
+ - qemu 1:2.8+dfsg-1 (bug #847496)
[wheezy] - qemu <no-dsa> (Minor issue, virtfs-proxy-helper not present)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <no-dsa> (Minor issue, virtfs-proxy-helper not present)
@@ -4109,7 +4109,7 @@
NOTE: Minor issue, virtfs-proxy-helper not present in wheezy, see debian-lts ML: https://lists.debian.org/debian-lts/2016/12/msg00136.html
CVE-2016-9915 [9pfs: add cleanup operation for handle backend driver]
RESERVED
- - qemu <unfixed> (bug #847496)
+ - qemu 1:2.8+dfsg-1 (bug #847496)
[wheezy] - qemu <no-dsa> (handle driver not included during compilation)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <no-dsa> (handle driver not included during compilation)
@@ -4123,7 +4123,7 @@
NOTE: proxy driver not included during compilation in wheezy, see debian-lts ML: https://lists.debian.org/debian-lts/2016/12/msg00136.html
CVE-2016-9914 [9pfs: add cleanup operation in FileOperations]
RESERVED
- - qemu <unfixed> (bug #847496)
+ - qemu 1:2.8+dfsg-1 (bug #847496)
[wheezy] - qemu <no-dsa> (proxy and handle drivers not included during compilation)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <no-dsa> (proxy and handle drivers not included during compilation)
@@ -4137,7 +4137,7 @@
NOTE: see debian-lts ML: https://lists.debian.org/debian-lts/2016/12/msg00136.html
CVE-2016-9913 [9pfs: adjust the order of resource cleanup in device unrealize]
RESERVED
- - qemu <unfixed> (bug #847496)
+ - qemu 1:2.8+dfsg-1 (bug #847496)
[wheezy] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
@@ -4149,7 +4149,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/11
CVE-2016-9911 (Quick Emulator (Qemu) built with the USB EHCI Emulation support is ...)
{DLA-765-1 DLA-764-1}
- - qemu <unfixed> (bug #847951)
+ - qemu 1:2.8+dfsg-1 (bug #847951)
[jessie] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
- xen 4.4.0-1
@@ -4158,7 +4158,7 @@
NOTE: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=791f97758e223de3290592d169f (v2.8.0-rc0)
NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/10
CVE-2016-9907 (Quick Emulator (Qemu) built with the USB redirector usb-guest support ...)
- - qemu <unfixed> (bug #847953)
+ - qemu 1:2.8+dfsg-1 (bug #847953)
[wheezy] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
@@ -4900,14 +4900,14 @@
TODO: check
CVE-2016-9846 [display: virtio-gpu: memory leakage while updating cursor]
RESERVED
- - qemu <unfixed> (bug #847382)
+ - qemu 1:2.8+dfsg-1 (bug #847382)
[jessie] - qemu <not-affected> (Vulnerable code not present)
[wheezy] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <not-affected> (Vulnerable code not present)
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg00029.html
CVE-2016-9845 [display: virtio-gpu-3d: information leakage in virgl_cmd_get_capset_info]
RESERVED
- - qemu <unfixed> (bug #847381)
+ - qemu 1:2.8+dfsg-1 (bug #847381)
[jessie] - qemu <not-affected> (Vulnerable code not present)
[wheezy] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <not-affected> (Vulnerable code not present)
@@ -10372,7 +10372,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/12/02/2
CVE-2016-9776 [net: mcf_fec: infinite loop while receiving data in mcf_fec_receive]
RESERVED
- - qemu <unfixed> (bug #846797)
+ - qemu 1:2.8+dfsg-1 (bug #846797)
[jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
@@ -12701,7 +12701,7 @@
RESERVED
CVE-2016-9106 (Memory leak in the v9fs_write function in hw/9pfs/9p.c in QEMU (aka ...)
{DLA-698-1 DLA-689-1}
- - qemu <unfixed> (bug #842463)
+ - qemu 1:2.8+dfsg-1 (bug #842463)
- qemu-kvm <removed>
- xen 4.4.0-1
[wheezy] - xen <not-affected> (Vulnerable code not present)
@@ -12711,7 +12711,7 @@
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=fdfcc9aeea1492f4b819a24c94dfb678145b1bf9
CVE-2016-9105 (Memory leak in the v9fs_link function in hw/9pfs/9p.c in QEMU (aka ...)
{DLA-698-1 DLA-689-1}
- - qemu <unfixed> (bug #842463)
+ - qemu 1:2.8+dfsg-1 (bug #842463)
- qemu-kvm <removed>
- xen 4.4.0-1
[wheezy] - xen <not-affected> (Vulnerable code not present)
@@ -12721,7 +12721,7 @@
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=4c1586787ff43c9acd18a56c12d720e3e6be9f7c
CVE-2016-9104 (Multiple integer overflows in the (1) v9fs_xattr_read and (2) ...)
{DLA-698-1 DLA-689-1}
- - qemu <unfixed> (bug #842463)
+ - qemu 1:2.8+dfsg-1 (bug #842463)
- qemu-kvm <removed>
- xen 4.4.0-1
[wheezy] - xen <not-affected> (Vulnerable code not present)
@@ -12730,7 +12730,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/10/28/2
CVE-2016-9103 (The v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick ...)
{DLA-698-1 DLA-689-1}
- - qemu <unfixed> (bug #842463)
+ - qemu 1:2.8+dfsg-1 (bug #842463)
- qemu-kvm <removed>
- xen 4.4.0-1
[wheezy] - xen <not-affected> (Vulnerable code not present)
@@ -12740,7 +12740,7 @@
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=eb687602853b4ae656e9236ee4222609f3a6887d
CVE-2016-9102 (Memory leak in the v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU ...)
{DLA-698-1 DLA-689-1}
- - qemu <unfixed> (bug #842463)
+ - qemu 1:2.8+dfsg-1 (bug #842463)
- qemu-kvm <removed>
- xen 4.4.0-1
[wheezy] - xen <not-affected> (Vulnerable code not present)
@@ -13681,7 +13681,7 @@
NOT-FOR-US: TGCaptcha2
CVE-2016-8910 (The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka ...)
{DLA-698-1 DLA-689-1}
- - qemu <unfixed> (bug #841955)
+ - qemu 1:2.8+dfsg-1 (bug #841955)
- qemu-kvm <removed>
- xen 4.4.0-1
NOTE: Xen switched to qemu-system in 4.4.0-1
@@ -13689,7 +13689,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/10/24/2
CVE-2016-8909 (The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick ...)
{DLA-698-1 DLA-689-1}
- - qemu <unfixed> (bug #841950)
+ - qemu 1:2.8+dfsg-1 (bug #841950)
- qemu-kvm <removed>
- xen 4.4.0-1
[wheezy] - xen <not-affected> (Vulnerable code not present)
@@ -13996,7 +13996,7 @@
NOTE: https://blog.fuzzing-project.org/54-Update-on-MatrixSSL-miscalculation-incomplete-fix-for-CVE-2016-6887.html
CVE-2016-8669 (The serial_update_parameters function in hw/char/serial.c in QEMU (aka ...)
{DLA-679-1 DLA-678-1}
- - qemu <unfixed> (bug #840945)
+ - qemu 1:2.8+dfsg-1 (bug #840945)
- qemu-kvm <removed>
- xen 4.4.0-1
NOTE: Xen switched to qemu-system in 4.4.0-1
@@ -14004,7 +14004,7 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1384909
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=3592fe0c919cf27a81d8e9f9b4f269553418bb01
CVE-2016-8668 (The rocker_io_writel function in hw/net/rocker/rocker.c in QEMU (aka ...)
- - qemu <unfixed> (bug #840948)
+ - qemu 1:2.8+dfsg-1 (bug #840948)
[jessie] - qemu <not-affected> (Vulnerable code introduced after v2.4.0-rc0)
[wheezy] - qemu <not-affected> (Vulnerable code introduced after v2.4.0-rc0)
- qemu-kvm <not-affected> (Vulnerable code introduced later)
@@ -14630,7 +14630,7 @@
REJECTED
CVE-2016-8578 (The v9fs_iov_vunmarshal function in fsdev/9p-iov-marshal.c in QEMU ...)
{DLA-679-1 DLA-678-1}
- - qemu <unfixed> (bug #840340)
+ - qemu 1:2.8+dfsg-1 (bug #840340)
- qemu-kvm <removed>
- xen 4.4.0-1
[wheezy] - xen <not-affected> (Vulnerable code not present)
@@ -14639,7 +14639,7 @@
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=ba42ebb863ab7d40adc79298422ed9596df8f73a
CVE-2016-8577 (Memory leak in the v9fs_read function in hw/9pfs/9p.c in QEMU (aka ...)
{DLA-679-1 DLA-678-1}
- - qemu <unfixed> (bug #840341)
+ - qemu 1:2.8+dfsg-1 (bug #840341)
- qemu-kvm <removed>
- xen 4.4.0-1
[wheezy] - xen <not-affected> (Vulnerable code not present)
@@ -14648,7 +14648,7 @@
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=e95c9a493a5a8d6f969e86c9f19f80ffe6587e19
CVE-2016-8576 (The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick ...)
{DLA-679-1 DLA-678-1}
- - qemu <unfixed> (bug #840343)
+ - qemu 1:2.8+dfsg-1 (bug #840343)
- qemu-kvm <removed>
- xen 4.4.0-1
[wheezy] - xen <not-affected> (Vulnerable code introduced in 1.1, embedded version is 0.10.2)
@@ -16522,7 +16522,7 @@
NOTE: potentially a new separate CVE id if it does not have one yet.
TODO: double-check notes and analysis
CVE-2016-7994 (Memory leak in the virtio_gpu_resource_create_2d function in ...)
- - qemu <unfixed> (bug #840228)
+ - qemu 1:2.8+dfsg-1 (bug #840228)
[jessie] - qemu <not-affected> (Vulnerable code introduced in 2.4.0-rc0)
[wheezy] - qemu <not-affected> (Vulnerable code introduced in 2.4.0-rc0)
- qemu-kvm <not-affected> (Vulnerable code introduced in 2.4.0-rc0)
@@ -16817,7 +16817,7 @@
NOTE: Fixed by: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=77da160530dd1dc94f6ae15a981f24e5f0021e84
CVE-2016-7909 (The pcnet_rdra_addr function in hw/net/pcnet.c in QEMU (aka Quick ...)
{DLA-698-1 DLA-689-1}
- - qemu <unfixed> (bug #839834)
+ - qemu 1:2.8+dfsg-1 (bug #839834)
[jessie] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
- xen 4.4.0-1
@@ -16825,7 +16825,7 @@
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg07942.html
CVE-2016-7908 (The mcf_fec_do_tx function in hw/net/mcf_fec.c in QEMU (aka Quick ...)
{DLA-653-1 DLA-652-1}
- - qemu <unfixed> (bug #839835)
+ - qemu 1:2.8+dfsg-1 (bug #839835)
- qemu-kvm <removed>
- xen 4.4.0-1
NOTE: Xen switched to qemu-system in 4.4.0-1
@@ -18632,7 +18632,7 @@
TODO: check
CVE-2016-7170 (The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU (aka ...)
{DLA-653-1 DLA-652-1}
- - qemu <unfixed> (bug #837316)
+ - qemu 1:2.8+dfsg-1 (bug #837316)
- qemu-kvm <removed>
- xen 4.4.0-1
NOTE: Xen switched to qemu-system in 4.4.0-1
More information about the Secure-testing-commits
mailing list