[Secure-testing-commits] r45167 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Sun Oct 9 19:28:38 UTC 2016


Author: carnil
Date: 2016-10-09 19:28:38 +0000 (Sun, 09 Oct 2016)
New Revision: 45167

Modified:
   data/CVE/list
Log:
Update status for CVE-2016-7995

Note for reviewers: See the respective updated notes and please double
check if this analysis is correct.

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-10-09 19:15:24 UTC (rev 45166)
+++ data/CVE/list	2016-10-09 19:28:38 UTC (rev 45167)
@@ -1785,10 +1785,15 @@
 CVE-2016-7995 [usb: hcd-ehci: memory leak in ehci_process_itd]
 	RESERVED
 	- qemu <unfixed>
-	- qemu-kvm <removed>
+	[jessie] - qemu <not-affected> (Vulnerable code introduced in v2.6.0-rc0)
+	[wheezy] - qemu <not-affected> (Vulnerable code introduced in v2.6.0-rc0)
+	- qemu-kvm <not-affected> (Vulnerable code introduced in v2.6.0-rc0)
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg06609.html
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1382668
-	TODO: check versions
+	NOTE: Vulnerable code introduced in 49d925ce50383a286278143c05511d30ec41a36e
+	NOTE: Though this commit fixed an OOB read access issue which might need
+	NOTE: potentially a new separate CVE id if it does not have one yet.
+	TODO: double-check notes and analysis
 CVE-2016-7994 [virtio-gpu: memory leak in virtio_gpu_resource_create_2d]
 	RESERVED
 	- qemu <unfixed> (bug #840228)




More information about the Secure-testing-commits mailing list