[Secure-testing-commits] r48488 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Jan 28 20:35:38 UTC 2017
Author: carnil
Date: 2017-01-28 20:35:38 +0000 (Sat, 28 Jan 2017)
New Revision: 48488
Modified:
data/CVE/list
Log:
Correct entry for CVE-2017-5552/qemu
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-01-28 20:33:17 UTC (rev 48487)
+++ data/CVE/list 2017-01-28 20:35:38 UTC (rev 48488)
@@ -352,13 +352,16 @@
NOTE: https://core.trac.wordpress.org/changeset/38168
CVE-2017-5552 [display: virtio-gpu-3d: memory leakage in virgl_resource_attach_backing; CVE for the memory consumption issue, not an information disclosure issue]
RESERVED
- - qemu 1:2.8+dfsg-2 (bug #852119)
+ - qemu <unfixed> (bug #852119; unimportant)
[jessie] - qemu <not-affected> (Vulnerable code not present)
[wheezy] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <not-affected> (Vulnerable code not present)
NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2017-01/msg00154.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1415281
NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=33243031dad02d161225ba99d782616da133f689
+ NOTE: Marked as unimportant, since 1:2.8+dfsg-2 reverted the support for
+ NOTE: virtio gpu (virglrenderer) and opengl, but the affected code is
+ NOTE: still present.
CVE-2017-5551 [sgid bit not cleared on tmpfs]
RESERVED
- linux 4.9.6-1
More information about the Secure-testing-commits
mailing list