[Secure-testing-commits] r40237 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Tue Mar 8 18:59:43 UTC 2016
Author: carnil
Date: 2016-03-08 18:59:43 +0000 (Tue, 08 Mar 2016)
New Revision: 40237
Modified:
data/CVE/list
Log:
Update status for CVE-2016-2858/qemu
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-03-08 18:35:35 UTC (rev 40236)
+++ data/CVE/list 2016-03-08 18:59:43 UTC (rev 40237)
@@ -56,8 +56,12 @@
CVE-2016-2858 [rng-random: arbitrary stack based allocation leading to corruption]
RESERVED
- qemu <unfixed>
- - qemu-kvm <removed>
+ [jessie] - qemu <no-dsa> (Minor issue)
+ [wheezy] - qemu <not-affected> (Vulnerable code not present)
+ [squeeze] - qemu <not-affected> (Vulnerable code not present)
+ - qemu-kvm <not-affected> (Vulnerable code not present)
NOTE: Upstream patch: http://git.qemu.org/?p=qemu.git;a=commit;h=60253ed1e6ec6d8e5ef2efe7bf755f475dce9956
+ NOTE: Introduced in: http://git.qemu.org/?p=qemu.git;a=commit;h=a9b7b2ad7b075dba5495271706670e5c6b1304bc (v1.3.0-rc0)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1314676
NOTE: http://www.openwall.com/lists/oss-security/2016/03/04/1
TODO: check affected versions
More information about the Secure-testing-commits
mailing list