[Secure-testing-commits] r42504 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Mon Jun 13 14:40:34 UTC 2016 

Author: carnil
Date: 2016-06-13 14:40:34 +0000 (Mon, 13 Jun 2016)
New Revision: 42504

Modified:
   data/CVE/list
Log:
Various CVEs fixed for qemu in unstable

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-06-13 14:35:11 UTC (rev 42503)
+++ data/CVE/list	2016-06-13 14:40:34 UTC (rev 42504)
@@ -88,7 +88,7 @@
 	NOTE: Fixed by: http://git.haproxy.org/?p=haproxy-1.6.git;a=commit;h=60f01f8c89e4fb2723d5a9f2046286e699567e0b
 CVE-2016-5338 [scsi: esp: OOB r/w access while processing ESP_FIFO]
 	RESERVED
-	- qemu <unfixed> (bug #827024)
+	- qemu 1:2.6+dfsg-2 (bug #827024)
 	[jessie] - qemu <no-dsa> (Minor issue)
 	- qemu-kvm <removed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1343323
@@ -96,7 +96,7 @@
 	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=ff589551c8e8e9e95e211b9d8daafb4ed39f1aec
 CVE-2016-5337 [scsi: megasas: information leakage in megasas_ctrl_get_info]
 	RESERVED
-	- qemu <unfixed> (bug #827026)
+	- qemu 1:2.6+dfsg-2 (bug #827026)
 	[jessie] - qemu <no-dsa> (Minor issue)
 	[wheezy] - qemu <not-affected> (Vulnerable code not present)
 	- qemu-kvm <not-affected> (Vulnerable code not present)
@@ -1016,7 +1016,7 @@
 CVE-2015-8881
 	RESERVED
 CVE-2016-5126 (Heap-based buffer overflow in the iscsi_aio_ioctl function in ...)
-	- qemu <unfixed> (bug #826151)
+	- qemu 1:2.6+dfsg-2 (bug #826151)
 	[wheezy] - qemu <not-affected> (Vulnerable code not present)
 	- qemu-kvm <removed>
 	[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
@@ -1317,7 +1317,7 @@
 	NOTE: http://downloads.asterisk.org/pub/security/AST-2016-005.html
 CVE-2016-5107 [scsi: megasas: out-of-bounds read in megasas_lookup_frame() function]
 	RESERVED
-	- qemu <unfixed> (bug #825616)
+	- qemu 1:2.6+dfsg-2 (bug #825616)
 	[jessie] - qemu <no-dsa> (Minor issue)
 	[wheezy] - qemu <not-affected> (Vulnerable code not present)
 	- qemu-kvm <not-affected> (Vulnerable code not present)
@@ -1326,7 +1326,7 @@
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1336461
 CVE-2016-5106 [scsi: megasas: out-of-bounds write while setting controller properties]
 	RESERVED
-	- qemu <unfixed> (bug #825615)
+	- qemu 1:2.6+dfsg-2 (bug #825615)
 	[jessie] - qemu <no-dsa> (Minor issue)
 	[wheezy] - qemu <not-affected> (Vulnerable code not present)
 	- qemu-kvm <not-affected> (Vulnerable code not present)
@@ -1334,7 +1334,7 @@
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04340.html
 CVE-2016-5105 [scsi: megasas: stack information leakage while reading configuration]
 	RESERVED
-	- qemu <unfixed> (bug #825614)
+	- qemu 1:2.6+dfsg-2 (bug #825614)
 	[jessie] - qemu <no-dsa> (Minor issue)
 	[wheezy] - qemu <not-affected> (Vulnerable code not present)
 	- qemu-kvm <not-affected> (Vulnerable code not present)
@@ -1562,7 +1562,7 @@
 	NOTE: Authenticated TLS "contraints" introduced in 2015-03-24 OpenNTPD 5.7p4
 CVE-2016-4964 [scsi: mptsas infinite loop in mptsas_fetch_requests]
 	RESERVED
-	- qemu <unfixed> (bug #825207)
+	- qemu 1:2.6+dfsg-2 (bug #825207)
 	[jessie] - qemu <not-affected> (LSI SAS1068 (mptsas) device support added later)
 	[wheezy] - qemu <not-affected> (LSI SAS1068 (mptsas) device support added later)
 	- qemu-kvm <not-affected> (LSI SAS1068 (mptsas) device support added later)
@@ -1620,7 +1620,7 @@
 	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-May/000188.html
 CVE-2016-4952 [scsi: pvscsi: out-of-bounds access issue in pvsci_ring_init_msg/data routines]
 	RESERVED
-	- qemu <unfixed> (bug #825210)
+	- qemu 1:2.6+dfsg-2 (bug #825210)
 	[jessie] - qemu <no-dsa> (Minor issue)
 	[wheezy] - qemu <not-affected> (VMWare PVSCSI paravirtual device implementation introduced later)
 	- qemu-kvm <not-affected> (VMWare PVSCSI paravirtual device implementation introduced later)
@@ -2952,7 +2952,7 @@
 CVE-2016-4442
 	RESERVED
 CVE-2016-4441 (The get_cmd function in hw/scsi/esp.c in the 53C9X Fast SCSI ...)
-	- qemu <unfixed> (bug #824856)
+	- qemu 1:2.6+dfsg-2 (bug #824856)
 	[jessie] - qemu <no-dsa> (Minor issue; can be fixed along with a future DSA)
 	[wheezy] - qemu <no-dsa> (Minor issue; can be fixed along with a future DSA)
 	- qemu-kvm <removed>
@@ -2968,7 +2968,7 @@
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1337806
 	NOTE: http://comments.gmane.org/gmane.comp.emulators.kvm.devel/152100
 CVE-2016-4439 (The esp_reg_write function in hw/scsi/esp.c in the 53C9X Fast SCSI ...)
-	- qemu <unfixed> (bug #824856)
+	- qemu 1:2.6+dfsg-2 (bug #824856)
 	[jessie] - qemu <no-dsa> (Minor issue; can be fixed along with a future DSA)
 	[wheezy] - qemu <no-dsa> (Minor issue; can be fixed along with a future DSA)
 	- qemu-kvm <removed>
@@ -4109,7 +4109,7 @@
 	- libstruts1.2-java <not-affected> (Only affects 2.x)
 	NOTE: http://struts.apache.org/docs/s2-028.html
 CVE-2016-4020 (The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not ...)
-	- qemu <unfixed> (bug #821062)
+	- qemu 1:2.6+dfsg-2 (bug #821062)
 	[jessie] - qemu <no-dsa> (Minor issue)
 	[wheezy] - qemu <no-dsa> (Minor issue)
 	- qemu-kvm <removed>
@@ -4200,7 +4200,7 @@
 CVE-2015-8841 (Heap-based buffer overflow in the Archive support module in ESET NOD32 ...)
 	NOT-FOR-US: ESET NOD32
 CVE-2016-4002 (Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in ...)
-	- qemu <unfixed> (bug #821061)
+	- qemu 1:2.6+dfsg-2 (bug #821061)
 	[jessie] - qemu <no-dsa> (Minor issue)
 	[wheezy] - qemu <no-dsa> (Minor issue)
 	- qemu-kvm <removed>

More information about the Secure-testing-commits mailing list