[Secure-testing-commits] r44448 - data/CVE

Hugo Lefeuvre hle at moszumanska.debian.org
Fri Sep 9 11:19:06 UTC 2016 

Author: hle
Date: 2016-09-09 11:19:06 +0000 (Fri, 09 Sep 2016)
New Revision: 44448

Modified:
   data/CVE/list
Log:
Update wheezy status for CVE-2016-7155, CVE-2016-7156, CVE-2016-7157. Update jessie status for CVE-2016-7157.

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-09-09 10:58:52 UTC (rev 44447)
+++ data/CVE/list	2016-09-09 11:19:06 UTC (rev 44448)
@@ -104,24 +104,34 @@
 CVE-2016-7155 [scsi: pvscsi: OOB read and infinite loop while setting descriptor rings]
 	RESERVED
 	- qemu <unfixed>
+	[wheezy] - qemu <not-affected> (Vulnerable code not present, introduced after v1.5)
 	- qemu-kvm <removed>
+	[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
 	NOTE: Upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg00050.html
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1373462
 	NOTE: http://www.openwall.com/lists/oss-security/2016/09/06/2
+	NOTE: Vulnerable code introduced after version 1.5: http://wiki.qemu.org/ChangeLog/1.5
 CVE-2016-7156 [scsi: pvscsi: infintie loop when building SG list]
 	RESERVED
 	- qemu <unfixed>
+	[wheezy] - qemu <not-affected> (Vulnerable code not present, introduced after v1.5)
 	- qemu-kvm <removed>
+	[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
 	NOTE: Upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg00772.html
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1373478
 	NOTE: http://www.openwall.com/lists/oss-security/2016/09/06/3
+	NOTE: Vulnerable code introduced after version 1.5: http://wiki.qemu.org/ChangeLog/1.5
 CVE-2016-7157 [mptsas: invalid memory access while building  configuration pages]
 	RESERVED
 	- qemu <unfixed>
+	[wheezy] - qemu <not-affected> (Vulnerable code not present, introduced after v2.6)
+	[jessie] - qemu <not-affected> (Vulnerable code not present, introduced after v2.6)
 	- qemu-kvm <removed>
+	[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
 	NOTE: Upstream patches: https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg04295.html
 	NOTE: Upstream patches: https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg04296.html
 	NOTE: http://www.openwall.com/lists/oss-security/2016/09/06/4
+	NOTE: Vulnerable code introduced after version 2.6: http://wiki.qemu.org/ChangeLog/2.6
 CVE-2016-7140
 	RESERVED
 	NOT-FOR-US: Plone

More information about the Secure-testing-commits mailing list