[Secure-testing-commits] r53789 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Jul 22 15:22:23 UTC 2017
Author: carnil
Date: 2017-07-22 15:22:23 +0000 (Sat, 22 Jul 2017)
New Revision: 53789
Modified:
data/CVE/list
Log:
Update CVE-2015-5160
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-07-22 10:22:21 UTC (rev 53788)
+++ data/CVE/list 2017-07-22 15:22:23 UTC (rev 53789)
@@ -72990,11 +72990,12 @@
NOTE: Root issue already fixed in PHP 5.6.6, so this one is not relevant starting with Jessie
CVE-2015-5160 [Ceph id/key leaked in the process list]
RESERVED
- - libvirt <unfixed> (low; bug #796111)
- [stretch] - libvirt <no-dsa> (Minor issue)
+ - libvirt 2.2.0-1 (low; bug #796111)
[jessie] - libvirt <no-dsa> (Minor issue; needs changes first in QEMU)
[wheezy] - libvirt <no-dsa> (Minor issue; needs changes first in QEMU)
[squeeze] - libvirt <end-of-life> (Unsupported in squeeze-lts)
+ NOTE: libvirt side fixed with: http://libvirt.org/git/?p=libvirt.git;a=commit;h=d53d465083edeb64cc7b78249c030734c0d91c6b
+ NOTE: and needs at least Qemu 2.6, which is satisfied in Stretch and later.
NOTE: https://www.redhat.com/archives/libvir-list/2011-November/msg00853.html
NOTE: Needs changes in QEMU for passing passwords. Affects at least iSCSI and rbd/ceph.
CVE-2015-5159
More information about the Secure-testing-commits
mailing list