[Secure-testing-commits] r41842 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Wed May 18 16:59:57 UTC 2016 

Author: carnil
Date: 2016-05-18 16:59:57 +0000 (Wed, 18 May 2016)
New Revision: 41842

Modified:
   data/CVE/list
Log:
Several qemu issues fixed in unstable

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-05-18 16:11:37 UTC (rev 41841)
+++ data/CVE/list	2016-05-18 16:59:57 UTC (rev 41842)
@@ -2054,7 +2054,7 @@
 	RESERVED
 CVE-2016-4037 [usb: Infinite loop vulnerability in usb_ehci using siTD process]
 	RESERVED
-	- qemu <unfixed> (bug #822344)
+	- qemu 1:2.6+dfsg-1 (bug #822344)
 	[jessie] - qemu <no-dsa> (Minor issue)
 	[wheezy] - qemu <no-dsa> (Minor issue)
 	- qemu-kvm <removed>
@@ -2241,7 +2241,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2016/04/11/6
 CVE-2016-4001 [net: buffer overflow in stellaris_enet emulator]
 	RESERVED
-	- qemu <unfixed> (bug #821038)
+	- qemu 1:2.6+dfsg-1 (bug #821038)
 	[jessie] - qemu <no-dsa> (Minor issue)
 	[wheezy] - qemu <no-dsa> (Minor issue)
 	- qemu-kvm <removed>
@@ -2988,7 +2988,7 @@
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1332139
 CVE-2016-3712 (Integer overflow in the VGA module in QEMU allows local guest OS users ...)
 	{DSA-3573-1}
-	- qemu <unfixed> (bug #823830)
+	- qemu 1:2.6+dfsg-1 (bug #823830)
 	[wheezy] - qemu <end-of-life> (Not supported in Wheezy LTS)
 	- qemu-kvm <removed>
 	[wheezy] - qemu-kvm <end-of-life> (Not supported in Wheezy LTS)
@@ -3002,7 +3002,7 @@
 	NOT-FOR-US: OpenShift
 CVE-2016-3710 (The VGA module in QEMU improperly performs bounds checking on banked ...)
 	{DSA-3573-1}
-	- qemu <unfixed> (bug #823830)
+	- qemu 1:2.6+dfsg-1 (bug #823830)
 	[wheezy] - qemu <end-of-life> (Not supported in Wheezy LTS)
 	- qemu-kvm <removed>
 	[wheezy] - qemu-kvm <end-of-life> (Not supported in Wheezy LTS)
@@ -5175,7 +5175,7 @@
 	NOTE: https://github.com/htacg/tidy-html5/issues/380
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/03/04/2
 CVE-2016-2858 (QEMU, when built with the Pseudo Random Number Generator (PRNG) ...)
-	- qemu <unfixed> (bug #817183)
+	- qemu 1:2.6+dfsg-1 (bug #817183)
 	[jessie] - qemu <no-dsa> (Minor issue)
 	[wheezy] - qemu <not-affected> (Vulnerable code not present)
 	[squeeze] - qemu <not-affected> (Vulnerable code not present)
@@ -5206,7 +5206,7 @@
 	RESERVED
 	- open-xchange <itp> (bug #269329)
 CVE-2016-2857 (The net_checksum_calculate function in net/checksum.c in QEMU allows ...)
-	- qemu <unfixed> (bug #817182)
+	- qemu 1:2.6+dfsg-1 (bug #817182)
 	[jessie] - qemu <no-dsa> (Minor issue)
 	[wheezy] - qemu <no-dsa> (Minor issue)
 	- qemu-kvm <removed>
@@ -5478,7 +5478,7 @@
 	RESERVED
 CVE-2016-2841 [net: ne2000: infinite loop in ne2000_receive]
 	RESERVED
-	- qemu <unfixed> (bug #817181)
+	- qemu 1:2.6+dfsg-1 (bug #817181)
 	[jessie] - qemu <no-dsa> (Minor issue)
 	[wheezy] - qemu <no-dsa> (Minor issue)
 	- qemu-kvm <removed>
@@ -6389,7 +6389,7 @@
 	NOTE: https://www.djangoproject.com/weblog/2016/mar/01/security-releases/
 CVE-2016-2538 [usb: integer overflow in remote NDIS control message handling]
 	RESERVED
-	- qemu <unfixed> (bug #815680)
+	- qemu 1:2.6+dfsg-1 (bug #815680)
 	[jessie] - qemu <no-dsa> (Minor issue)
 	[wheezy] - qemu <no-dsa> (Minor issue)
 	[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
@@ -6720,7 +6720,7 @@
 	RESERVED
 CVE-2016-2392 [usb: null pointer dereference in remote NDIS control message handling]
 	RESERVED
-	- qemu <unfixed> (bug #815008)
+	- qemu 1:2.6+dfsg-1 (bug #815008)
 	[jessie] - qemu <no-dsa> (Minor issue)
 	[wheezy] - qemu <no-dsa> (Minor issue)
 	[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
@@ -6731,7 +6731,7 @@
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1302299
 CVE-2016-2391 [usb: multiple eof_timers in ohci leads to null  pointer dereference]
 	RESERVED
-	- qemu <unfixed> (bug #815009)
+	- qemu 1:2.6+dfsg-1 (bug #815009)
 	[jessie] - qemu <no-dsa> (Minor issue)
 	[wheezy] - qemu <no-dsa> (Minor issue)
 	[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
@@ -7913,7 +7913,7 @@
 	RESERVED
 CVE-2016-2198 [usb: ehci null pointer dereference in ehci_caps_write]
 	RESERVED
-	- qemu <unfixed> (bug #813193)
+	- qemu 1:2.6+dfsg-1 (bug #813193)
 	[jessie] - qemu <no-dsa> (Minor issue; Can be fixed along with a future DSA)
 	[wheezy] - qemu <not-affected> (Introduced after v1.2.0)
 	[squeeze] - qemu <not-affected> (Introduced after v1.2.0)
@@ -7922,7 +7922,7 @@
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1301643
 CVE-2016-2197 [ide: ahci null pointer dereference when using FIS CLB engines]
 	RESERVED
-	- qemu <unfixed> (bug #813194)
+	- qemu 1:2.6+dfsg-1 (bug #813194)
 	[jessie] - qemu <not-affected> (Vulnerable code introduced later)
 	[wheezy] - qemu <not-affected> (Vulnerable code introduced later)
 	[squeeze] - qemu <not-affected> (Vulnerable code introduced later)

More information about the Secure-testing-commits mailing list