[Secure-testing-commits] r44605 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Thu Sep 15 12:47:53 UTC 2016 

Author: carnil
Date: 2016-09-15 12:47:53 +0000 (Thu, 15 Sep 2016)
New Revision: 44605

Modified:
   data/CVE/list
Log:
Varous CVEs for qemu fixed in unstable

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-09-15 12:08:06 UTC (rev 44604)
+++ data/CVE/list	2016-09-15 12:47:53 UTC (rev 44605)
@@ -2892,7 +2892,7 @@
 	RESERVED
 CVE-2016-7155 [scsi: pvscsi: OOB read and infinite loop while setting descriptor rings]
 	RESERVED
-	- qemu <unfixed> (bug #837174)
+	- qemu 1:2.6+dfsg-3.1 (bug #837174)
 	[jessie] - qemu <no-dsa> (Minor issue)
 	[wheezy] - qemu <not-affected> (Vulnerable code not present, introduced after v1.5)
 	- qemu-kvm <removed>
@@ -2903,7 +2903,7 @@
 	NOTE: Vulnerable code introduced after version 1.5: http://wiki.qemu.org/ChangeLog/1.5
 CVE-2016-7156 [scsi: pvscsi: infintie loop when building SG list]
 	RESERVED
-	- qemu <unfixed> (bug #837339)
+	- qemu 1:2.6+dfsg-3.1 (bug #837339)
 	[jessie] - qemu <no-dsa> (Minor issue)
 	[wheezy] - qemu <not-affected> (Vulnerable code not present, introduced after v1.5)
 	- qemu-kvm <removed>
@@ -2914,7 +2914,7 @@
 	NOTE: Vulnerable code introduced after version 1.5: http://wiki.qemu.org/ChangeLog/1.5
 CVE-2016-7157 [mptsas: invalid memory access while building  configuration pages]
 	RESERVED
-	- qemu <unfixed> (bug #837603)
+	- qemu 1:2.6+dfsg-3.1 (bug #837603)
 	[jessie] - qemu <not-affected> (Vulnerable code not present, introduced after v2.6)
 	[wheezy] - qemu <not-affected> (Vulnerable code not present, introduced after v2.6)
 	- qemu-kvm <removed>
@@ -3095,7 +3095,7 @@
 CVE-2016-7116 [9p: directory traversal flaw in 9p virtio backend]
 	RESERVED
 	{DLA-619-1 DLA-618-1}
-	- qemu <unfixed> (bug #836502)
+	- qemu 1:2.6+dfsg-3.1 (bug #836502)
 	[jessie] - qemu <no-dsa> (Minor issue)
 	- qemu-kvm <removed>
 	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=56f101ecce0eafd09e2daf1c4eeb1377d6959261
@@ -3712,7 +3712,7 @@
 	RESERVED
 CVE-2016-6888 [net: vmxnet: integer overflow in packet initialisation]
 	RESERVED
-	- qemu <unfixed> (bug #834902)
+	- qemu 1:2.6+dfsg-3.1 (bug #834902)
 	[jessie] - qemu <no-dsa> (Minor issue)
 	[wheezy] - qemu <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
 	- qemu-kvm <removed>
@@ -4122,7 +4122,7 @@
 	NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30245
 CVE-2016-6833 [net: vmxnet3: use after free while writing]
 	RESERVED
-	- qemu <unfixed> (bug #834904)
+	- qemu 1:2.6+dfsg-3.1 (bug #834904)
 	[wheezy] - qemu <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
 	- qemu-kvm <removed>
 	[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
@@ -4131,7 +4131,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2016/08/12/1
 CVE-2016-6834 [an infinite loop during packet fragmentation]
 	RESERVED
-	- qemu <unfixed> (bug #834905)
+	- qemu 1:2.6+dfsg-3.1 (bug #834905)
 	[jessie] - qemu <no-dsa> (Minor issue)
 	[wheezy] - qemu <not-affected> (Vulnerable code not present, packet abstraction introduced in 1.5)
 	- qemu-kvm <removed>
@@ -4141,7 +4141,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2016/08/11/8
 CVE-2016-6835 [buffer overflow in vmxnet_tx_pkt_parse_headers() in vmxnet3 device emulation]
 	RESERVED
-	- qemu <unfixed> (bug #835031)
+	- qemu 1:2.6+dfsg-3.1 (bug #835031)
 	[wheezy] - qemu <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
 	- qemu-kvm <removed>
 	[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
@@ -4149,7 +4149,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2016/08/11/7
 CVE-2016-6836 [Information leak in vmxnet3_complete_packet]
 	RESERVED
-	- qemu <unfixed> (bug #834944)
+	- qemu 1:2.6+dfsg-3.1 (bug #834944)
 	[jessie] - qemu <no-dsa> (Minor issue)
 	[wheezy] - qemu <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
 	- qemu-kvm <removed>
@@ -5001,7 +5001,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2016/07/28/3
 CVE-2016-6490 [virtio: infinite loop in virtqueue_pop]
 	RESERVED
-	- qemu <unfixed> (bug #832767)
+	- qemu 1:2.6+dfsg-3.1 (bug #832767)
 	[jessie] - qemu <not-affected> (Vulnerable code not present)
 	[wheezy] - qemu <not-affected> (Issue introduced later)
 	- qemu-kvm <removed>
@@ -5476,7 +5476,7 @@
 	TODO: It needs to be evaluated which reverse reverse build-dependencies or sources using the generated code needs fixing/rebuild
 CVE-2016-6351 (The esp_do_dma function in hw/scsi/esp.c in QEMU (aka Quick Emulator), ...)
 	{DLA-574-1 DLA-573-1}
-	- qemu <unfixed> (bug #832621)
+	- qemu 1:2.6+dfsg-3.1 (bug #832621)
 	- qemu-kvm <removed>
 	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=926cde5f3e4d2504ed161ed0cb771ac7cad6fd11 (v2.7.0-rc0)
 	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=cc96677469388bad3d66479379735cf75db069e3 (v2.7.0-rc0)
@@ -8394,7 +8394,7 @@
 	NOTE: https://fedorahosted.org/freeipa/ticket/6232
 CVE-2016-5403 (The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local ...)
 	{DLA-574-1 DLA-573-1}
-	- qemu <unfixed> (bug #832619)
+	- qemu 1:2.6+dfsg-3.1 (bug #832619)
 	[jessie] - qemu <no-dsa> (Minor issue; can be fixed in future DSA or point release)
 	- qemu-kvm <removed>
 	- xen 4.4.0-1

More information about the Secure-testing-commits mailing list