[Secure-testing-commits] r38701 - data/CVE

Mon Jan 4 20:02:54 UTC 2016

Author: carnil
Date: 2016-01-04 20:02:54 +0000 (Mon, 04 Jan 2016)
New Revision: 38701

Modified:
   data/CVE/list
Log:
Update for CVE-2015-874{4,5}/qemu

qemu/wheezy not affected, vmxnet3 introduced later. Consequently as well
squeeze is not affected.

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2016-01-04 19:51:25 UTC (rev 38700)
+++ data/CVE/list	2016-01-04 20:02:54 UTC (rev 38701)
@@ -1,17 +1,17 @@
 CVE-2015-8744 [net: vmxnet3: incorrect l2 header validation leads to a crash]
 	- qemu 1:2.5+dfsg-1
-	[squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
-	- qemu-kvm <removed>
-	[squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts)
-	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=a7278b36fcab9af469563bd7b9dadebe2ae25e48 (v2.5.0-rc0)
-	TODO: check affected versions
+	[wheezy] - qemu <not-affected> (Vulnerable code introduced later)
+	[squeeze] - qemu <not-affected> (Vulnerable code introduced later)
+	- qemu-kvm <not-affected> (Vulnerable code not present)
+	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=a7278b36fcab9af469563bd7b9dadebe2ae25e48 (v2.5.0-rc0)
+	NOTE: VMXNET3 device implementation introduced in http://git.qemu.org/?p=qemu.git;a=commit;h=786fd2b0f87baded8c9e55307b99719eea3e016e (v1.5.0-rc0)
 CVE-2015-8745 [net: vmxnet3: reading IMR registers leads to a crash]
 	- qemu 1:2.5+dfsg-1
-	[squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
-	- qemu-kvm <removed>
-	[squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts)
-	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=c6048f849c7e3f009786df76206e895a69de032c (v2.5.0-rc0)
-	TODO: check affected versions
+	[wheezy] - qemu <not-affected> (Vulnerable code introduced later)
+	[squeeze] - qemu <not-affected> (Vulnerable code introduced later)
+	- qemu-kvm <not-affected> (Vulnerable code not present)
+	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=c6048f849c7e3f009786df76206e895a69de032c (v2.5.0-rc0)
+	NOTE: VMXNET3 device implementation introduced in http://git.qemu.org/?p=qemu.git;a=commit;h=786fd2b0f87baded8c9e55307b99719eea3e016e (v1.5.0-rc0)
 CVE-2015-8743 [net: ne2000: OOB r/w in ioport operations]
 	- qemu <unfixed>
 	[squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)


