[Secure-testing-commits] r49148 - data/CVE
Guido Guenther
agx at moszumanska.debian.org
Thu Feb 23 15:01:46 UTC 2017
Author: agx
Date: 2017-02-23 15:01:46 +0000 (Thu, 23 Feb 2017)
New Revision: 49148
Modified:
data/CVE/list
Log:
lts: mark several CVEs as no-dsa
These are all about missing cleanup on exit functions allowing for the
guest to cause OOM. Wheezy's qemu{-kvm} has more many more of these
leaks so there's no point to fix some of them.
The devices are not hot-unpluggable via libvirt.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-02-23 14:12:31 UTC (rev 49147)
+++ data/CVE/list 2017-02-23 15:01:46 UTC (rev 49148)
@@ -1898,7 +1898,9 @@
RESERVED
- qemu <unfixed> (bug #853002)
[jessie] - qemu <no-dsa> (Minor issue)
+ [wheezy] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
+ [wheezy] - qemu-kvm <no-dsa> (Minor issue)
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=8409dc884a201bf74b30a9d232b6bbdd00cb7e2b
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1416157
CVE-2017-5578 [display: virtio-gpu: host memory leakage in virtio_gpu_resource_attach_backing]
@@ -2076,7 +2078,9 @@
RESERVED
- qemu 1:2.8+dfsg-2 (low; bug #852232)
[jessie] - qemu <no-dsa> (Minor issue)
+ [wheezy] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
+ [wheezy] - qemu-kvm <no-dsa> (Minor issue)
NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2016-12/msg03104.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1415199
NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=eb7a20a3616085d46aa6b4b4224e15587ec67e6e
@@ -2174,7 +2178,9 @@
RESERVED
- qemu 1:2.8+dfsg-2 (bug #851910)
[jessie] - qemu <no-dsa> (Minor issue)
+ [wheezy] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
+ [wheezy] - qemu-kvm <no-dsa> (Minor issue)
NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2017-01/msg01742.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1414209
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=069eb7b2b8fc47c7cb52e5a4af23ea98d939e3da
@@ -2183,7 +2189,9 @@
RESERVED
- qemu 1:2.8+dfsg-2 (bug #852021)
[jessie] - qemu <no-dsa> (Minor issue)
+ [wheezy] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
+ [wheezy] - qemu-kvm <no-dsa> (Minor issue)
NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2017-01/msg01740.html
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=12351a91da97b414eec8cdb09f1d9f41e535a401
NOTE: Sound device hotplug not supported by libvirt
More information about the Secure-testing-commits
mailing list