[Secure-testing-commits] r38873 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Tue Jan 12 19:54:32 UTC 2016
Author: carnil
Date: 2016-01-12 19:54:32 +0000 (Tue, 12 Jan 2016)
New Revision: 38873
Modified:
data/CVE/list
Log:
Update CVE-2016-1714/qemu information
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-01-12 19:48:28 UTC (rev 38872)
+++ data/CVE/list 2016-01-12 19:54:32 UTC (rev 38873)
@@ -29,14 +29,15 @@
CVE-2015-8752
RESERVED
CVE-2016-1714 [nvram: OOB r/w access in processing firmware configurations]
- - qemu <unfixed>
+ - qemu 1:2.4+dfsg-1a
[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
- qemu-kvm <removed>
[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1296060
NOTE: Upstream fix: https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg00428.html
NOTE: http://www.openwall.com/lists/oss-security/2016/01/11/7
- TODO: check versions
+ NOTE: fw_cfg support for guest-side data writes removed in 2.4:
+ NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=023e3148567ac898c7258138f8e86c3c2bb40d07 (v2.4.0-rc0)
CVE-2015-8767 [SCTP denial of service during heartbeat timeout functions]
- linux 4.3.1-1
- linux-2.6 <removed>
More information about the Secure-testing-commits
mailing list