[Secure-testing-commits] r39535 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Sun Feb 7 21:10:18 UTC 2016
Author: sectracker
Date: 2016-02-07 21:10:18 +0000 (Sun, 07 Feb 2016)
New Revision: 39535
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-02-07 20:01:56 UTC (rev 39534)
+++ data/CVE/list 2016-02-07 21:10:18 UTC (rev 39535)
@@ -1942,6 +1942,7 @@
RESERVED
CVE-2016-1714 [nvram: OOB r/w access in processing firmware configurations]
RESERVED
+ {DSA-3471-1 DSA-3470-1 DSA-3469-1}
- qemu 1:2.5+dfsg-4
[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
- qemu-kvm <removed>
@@ -1968,6 +1969,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/01/10/2
CVE-2016-1568 [ide: ahci use-after-free vulnerability in aio port commands]
RESERVED
+ {DSA-3471-1 DSA-3470-1 DSA-3469-1}
- qemu 1:2.5+dfsg-2 (bug #810527)
[squeeze] - qemu <not-affected> (Vulnerable code introduced later)
- qemu-kvm <removed>
@@ -2879,6 +2881,7 @@
RESERVED
CVE-2015-8744 [net: vmxnet3: incorrect l2 header validation leads to a crash]
RESERVED
+ {DSA-3471-1}
- qemu 1:2.5+dfsg-1
[wheezy] - qemu <not-affected> (Vulnerable code introduced later)
[squeeze] - qemu <not-affected> (Vulnerable code introduced later)
@@ -2887,6 +2890,7 @@
NOTE: VMXNET3 device implementation introduced in http://git.qemu.org/?p=qemu.git;a=commit;h=786fd2b0f87baded8c9e55307b99719eea3e016e (v1.5.0-rc0)
CVE-2015-8745 [net: vmxnet3: reading IMR registers leads to a crash]
RESERVED
+ {DSA-3471-1}
- qemu 1:2.5+dfsg-1
[wheezy] - qemu <not-affected> (Vulnerable code introduced later)
[squeeze] - qemu <not-affected> (Vulnerable code introduced later)
@@ -2895,6 +2899,7 @@
NOTE: VMXNET3 device implementation introduced in http://git.qemu.org/?p=qemu.git;a=commit;h=786fd2b0f87baded8c9e55307b99719eea3e016e (v1.5.0-rc0)
CVE-2015-8743 [net: ne2000: OOB r/w in ioport operations]
RESERVED
+ {DSA-3471-1 DSA-3470-1 DSA-3469-1}
- qemu 1:2.5+dfsg-2 (bug #810519)
[squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
- qemu-kvm <removed>
@@ -3983,6 +3988,7 @@
TODO: check
CVE-2015-8613 [scsi: stack based buffer overflow in megasas_ctrl_get_info]
RESERVED
+ {DSA-3471-1}
- qemu 1:2.5+dfsg-3 (bug #809232)
[wheezy] - qemu <not-affected> (Vulnerable code not present)
[squeeze] - qemu <not-affected> (Vulnerable code not present)
@@ -4016,6 +4022,7 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283926
CVE-2016-1922 [i386: null pointer dereference in vapic_write()]
RESERVED
+ {DSA-3471-1 DSA-3470-1 DSA-3469-1}
- qemu 1:2.5+dfsg-4 (bug #811201)
[squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
- qemu-kvm <removed>
@@ -4757,7 +4764,7 @@
NOTE: https://git.kernel.org/linus/408fb0e5aa7fda0059db282ff58c3b2a4278baa0
CVE-2015-8550 [paravirtualized drivers incautious about shared memory contents]
RESERVED
- {DSA-3434-1}
+ {DSA-3471-1 DSA-3434-1}
[experimental] - linux 4.4~rc6-1~exp1
- linux 4.3.3-3
- linux-2.6 <removed>
@@ -4790,6 +4797,7 @@
NOTE: https://lkml.org/lkml/2015/12/14/252
CVE-2015-8568 [net: vmxnet3: host memory leakage -- did not free the transmit & receive buffers while deactivating]
RESERVED
+ {DSA-3471-1}
- qemu 1:2.5+dfsg-3 (bug #808145)
[wheezy] - qemu <not-affected> (Vulnerable code not present)
[squeeze] - qemu <not-affected> (Vulnerable code not present)
@@ -4814,6 +4822,7 @@
NOTE: Workaround: use validatorless bootstrapping
CVE-2015-8558 [usb: infinite loop in ehci_advance_state results in DoS]
RESERVED
+ {DSA-3471-1 DSA-3470-1 DSA-3469-1}
- qemu 1:2.5+dfsg-2 (bug #808144)
[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
- qemu-kvm <removed>
@@ -6122,6 +6131,7 @@
TODO: check
CVE-2015-8504 [vnc: avoid floating point exception]
RESERVED
+ {DSA-3471-1 DSA-3470-1 DSA-3469-1}
- qemu 1:2.5+dfsg-1 (bug #808130)
[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
- qemu-kvm <removed>
@@ -6967,6 +6977,7 @@
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/11/25/5
CVE-2015-8345 [Qemu: net: eepro100: infinite loop in processing command block list]
RESERVED
+ {DSA-3471-1 DSA-3470-1 DSA-3469-1}
- qemu 1:2.5+dfsg-1 (bug #806373)
[jessie] - qemu <no-dsa> (Minor issue, can be fixed along in a later DSA)
[wheezy] - qemu <no-dsa> (Minor issue, can be fixed along in a later DSA)
@@ -9432,6 +9443,7 @@
NOTE: https://git.kernel.org/linus/b4a1b4f5047e4f54e194681125c74c0aa64d637d (v4.4-rc8)
CVE-2015-7549 [pci: msi-x: null pointer dereference issue]
RESERVED
+ {DSA-3471-1}
- qemu 1:2.5+dfsg-1 (bug #808131)
[wheezy] - qemu <not-affected> (Vulnerable code not present)
[squeeze] - qemu <not-affected> (Vulnerable code not present)
@@ -9543,6 +9555,7 @@
[squeeze] - linux-2.6 <no-dsa> (KVM not supported in Squeeze LTS)
NOTE: https://git.kernel.org/linus/0185604c2d82c560dab2f2933a18f797e74ab5a8 (v4.4-rc7)
CVE-2015-7512 (Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in ...)
+ {DSA-3471-1 DSA-3470-1 DSA-3469-1}
- qemu 1:2.5+dfsg-1 (bug #806741)
[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
- qemu-kvm <removed>
@@ -9594,6 +9607,7 @@
[wheezy] - netsurf <no-dsa> (netsurf already relies only entirely unsupported mozjs)
CVE-2015-7504 [net: pcnet: heap overflow vulnerability in loopback mode]
RESERVED
+ {DSA-3471-1 DSA-3470-1 DSA-3469-1}
- qemu 1:2.5+dfsg-1 (bug #806742)
[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
- qemu-kvm <removed>
@@ -10216,6 +10230,7 @@
- puppet-module-puppetlabs-mysql 3.6.1-1
[jessie] - puppet-module-puppetlabs-mysql <not-affected> (Vulnerable code not present)
CVE-2015-7295 (hw/virtio/virtio.c in the Virtual Network Device (virtio-net) support ...)
+ {DSA-3471-1 DSA-3470-1 DSA-3469-1}
- qemu 1:2.4+dfsg-4 (bug #799452)
[jessie] - qemu <no-dsa> (Minor issue; can be fixed along in a later DSA)
[wheezy] - qemu <no-dsa> (Minor issue; can be fixed along in a later DSA)
More information about the Secure-testing-commits
mailing list