[Secure-testing-commits] r38873 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Tue Jan 12 19:54:32 UTC 2016


Author: carnil
Date: 2016-01-12 19:54:32 +0000 (Tue, 12 Jan 2016)
New Revision: 38873

Modified:
   data/CVE/list
Log:
Update CVE-2016-1714/qemu information

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-01-12 19:48:28 UTC (rev 38872)
+++ data/CVE/list	2016-01-12 19:54:32 UTC (rev 38873)
@@ -29,14 +29,15 @@
 CVE-2015-8752
 	RESERVED
 CVE-2016-1714 [nvram: OOB r/w access in processing firmware configurations]
-	- qemu <unfixed>
+	- qemu 1:2.4+dfsg-1a
 	[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
 	- qemu-kvm <removed>
 	[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1296060
 	NOTE: Upstream fix: https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg00428.html
 	NOTE: http://www.openwall.com/lists/oss-security/2016/01/11/7
-	TODO: check versions
+	NOTE: fw_cfg support for guest-side data writes removed in 2.4:
+	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=023e3148567ac898c7258138f8e86c3c2bb40d07 (v2.4.0-rc0)
 CVE-2015-8767 [SCTP denial of service during heartbeat timeout functions]
 	- linux 4.3.1-1
 	- linux-2.6 <removed>




More information about the Secure-testing-commits mailing list