[Secure-testing-commits] r48487 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Jan 28 20:33:17 UTC 2017
Author: carnil
Date: 2017-01-28 20:33:17 +0000 (Sat, 28 Jan 2017)
New Revision: 48487
Modified:
data/CVE/list
Log:
Correct entry for CVE-2016-10028/qemu
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-01-28 20:29:30 UTC (rev 48486)
+++ data/CVE/list 2017-01-28 20:33:17 UTC (rev 48487)
@@ -4602,12 +4602,15 @@
NOTE: https://xenbits.xen.org/xsa/advisory-202.html
CVE-2016-10028 [display: virtio-gpu-3d: OOB access while reading virgl capabilities]
RESERVED
- - qemu 1:2.8+dfsg-2 (bug #849798)
+ - qemu <unfixed> (bug #849798; unimportant)
[jessie] - qemu <not-affected> (Vulnerable code not present)
[wheezy] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <not-affected> (Vulnerable code not present)
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-12/msg01903.html
NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/1
+ NOTE: Marked as unimportant, since 1:2.8+dfsg-2 reverted the support for
+ NOTE: virtio gpu (virglrenderer) and opengl, but the affected code is
+ NOTE: still present.
CVE-2016-10029 [display: virtio-gpu: out of bounds read in virtio_gpu_set_scanout]
RESERVED
- qemu 1:2.7+dfsg-1
More information about the Secure-testing-commits
mailing list