[Secure-testing-commits] r45167 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sun Oct 9 19:28:38 UTC 2016
Author: carnil
Date: 2016-10-09 19:28:38 +0000 (Sun, 09 Oct 2016)
New Revision: 45167
Modified:
data/CVE/list
Log:
Update status for CVE-2016-7995
Note for reviewers: See the respective updated notes and please double
check if this analysis is correct.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-10-09 19:15:24 UTC (rev 45166)
+++ data/CVE/list 2016-10-09 19:28:38 UTC (rev 45167)
@@ -1785,10 +1785,15 @@
CVE-2016-7995 [usb: hcd-ehci: memory leak in ehci_process_itd]
RESERVED
- qemu <unfixed>
- - qemu-kvm <removed>
+ [jessie] - qemu <not-affected> (Vulnerable code introduced in v2.6.0-rc0)
+ [wheezy] - qemu <not-affected> (Vulnerable code introduced in v2.6.0-rc0)
+ - qemu-kvm <not-affected> (Vulnerable code introduced in v2.6.0-rc0)
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg06609.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1382668
- TODO: check versions
+ NOTE: Vulnerable code introduced in 49d925ce50383a286278143c05511d30ec41a36e
+ NOTE: Though this commit fixed an OOB read access issue which might need
+ NOTE: potentially a new separate CVE id if it does not have one yet.
+ TODO: double-check notes and analysis
CVE-2016-7994 [virtio-gpu: memory leak in virtio_gpu_resource_create_2d]
RESERVED
- qemu <unfixed> (bug #840228)
More information about the Secure-testing-commits
mailing list