[Secure-testing-commits] r45490 - data/CVE
Guido Guenther
agx at moszumanska.debian.org
Fri Oct 21 11:49:41 UTC 2016
Author: agx
Date: 2016-10-21 11:49:40 +0000 (Fri, 21 Oct 2016)
New Revision: 45490
Modified:
data/CVE/list
Log:
Update entry for CVE-2016-7466
While Wheezy and Jessie lack the usb_xhci_exit function we're still
vulnerable since there's no cleanup being done at all on controller
unplug. Controller unplug and replug is not possible from the guest
though so mark it as no-dsa.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-10-21 11:00:58 UTC (rev 45489)
+++ data/CVE/list 2016-10-21 11:49:40 UTC (rev 45490)
@@ -1233,9 +1233,10 @@
CVE-2016-7466 [usb: xhci memory leakage during device unplug]
RESERVED
- qemu <unfixed> (bug #838687)
- [jessie] - qemu <not-affected> (Introduced in v2.2.0-rc0)
- [wheezy] - qemu <not-affected> (Introduced in v2.2.0-rc0)
- - qemu-kvm <not-affected> (Introduced in v2.2.0-rc0)
+ [jessie] - qemu <no-dsa> (Minor issue, needs qemu monitor access to unplug nec-xhci controller)
+ [wheezy] - qemu <no-dsa> (Minor issue, needs qemu monitor access to unplug nec-xhci controller)
+ - qemu-kvm <removed>
+ [wheezy] - qemu-kvm <not-affected> (Minor issue, needs qemu monitor access to unplug nec-xhci controller)
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg02773.html
NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=b53dd4495ced2432a0b652ea895e651d07336f7e
NOTE: The usb_xhci_exit and thus the patched code was introduced in:
More information about the Secure-testing-commits
mailing list