[Secure-testing-commits] r58728 - data/CVE
Guido Guenther
agx at moszumanska.debian.org
Wed Dec 20 16:01:15 UTC 2017
Author: agx
Date: 2017-12-20 16:01:15 +0000 (Wed, 20 Dec 2017)
New Revision: 58728
Modified:
data/CVE/list
Log:
lts: mark qemu CVE-2017-15124 as postponed
The issue can only be triggered by authenticated clients and a backport
it tricky due to the vnc changed code. Even with current git the
upstream fix contains 8 patches to cleanup things before fixing the CVE.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-12-20 16:00:47 UTC (rev 58727)
+++ data/CVE/list 2017-12-20 16:01:15 UTC (rev 58728)
@@ -14793,7 +14793,9 @@
CVE-2017-15124 [memory exhaustion through framebuffer update request message in VNC server]
RESERVED
- qemu <unfixed> (bug #884806)
+ [wheezy] - qemu <postponed> (Can be fixed along in later update)
- qemu-kvm <removed>
+ [wheezy] - qemu-kvm <postponed> (Can be fixed along in later update)
NOTE: http://www.openwall.com/lists/oss-security/2017/12/19/4
CVE-2017-15123
RESERVED
More information about the Secure-testing-commits
mailing list