[Secure-testing-commits] r39345 - data/CVE

[Salvatore Bonaccorso]

Author: carnil
Date: 2016-01-30 12:43:31 +0000 (Sat, 30 Jan 2016)
New Revision: 39345

Modified:
   data/CVE/list
Log:
Update status for CVE-2016-2197, add bug reference #813194

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-01-30 11:58:09 UTC (rev 39344)
+++ data/CVE/list	2016-01-30 12:43:31 UTC (rev 39345)
@@ -9,14 +9,15 @@
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1301643
 	TODO: check versions
 CVE-2016-2197 [ide: ahci null pointer dereference when using FIS CLB engines]
-	- qemu <unfixed>
-	[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
-	- qemu-kvm <removed>
-	[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
+	- qemu <unfixed> (bug #813194)
+	[jessie] - qemu <not-affected> (Vulnerable code introduced later)
+	[wheezy] - qemu <not-affected> (Vulnerable code introduced later)
+	[squeeze] - qemu <not-affected> (Vulnerable code introduced later)
+	- qemu-kvm <not-affected> (Vulnerable code introduced later)
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg05742.html
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1302057
 	NOTE: http://www.openwall.com/lists/oss-security/2016/01/29/2
-	TODO: check versions
+	NOTE: Introduced by: http://git.qemu.org/?p=qemu.git;a=commit;h=fc3d8e1138cd0c843d6fd75272633a31be6554ef (v2.3.0-rc2)
 CVE-2016-2088
 	RESERVED
 CVE-2016-2087