[Secure-testing-commits] r49336 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Wed Mar 1 10:15:01 UTC 2017 

Author: jmm
Date: 2017-03-01 10:15:01 +0000 (Wed, 01 Mar 2017)
New Revision: 49336

Modified:
   data/CVE/list
Log:
qemu fixed


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-03-01 09:10:13 UTC (rev 49335)
+++ data/CVE/list	2017-03-01 10:15:01 UTC (rev 49336)
@@ -853,7 +853,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2017/02/18/1
 CVE-2017-6058 [net: vmxnet3: OOB NetRxPkt::ehdr_buf access when doing vlan stripping]
 	RESERVED
-	- qemu <unfixed> (bug #855616)
+	- qemu 1:2.8+dfsg-3 (bug #855616)
 	[jessie] - qemu <not-affected> (Vulnerable code not present)
 	[wheezy] - qemu <not-affected> (Vulnerable code not present)
 	- qemu-kvm <not-affected> (Vulnerable code not present)
@@ -1028,7 +1028,7 @@
 	RESERVED
 CVE-2017-5987 [sd: infinite loop issue in multi block transfers]
 	RESERVED
-	- qemu <unfixed> (bug #855159)
+	- qemu 1:2.8+dfsg-3 (bug #855159)
 	[wheezy] - qemu <not-affected> (Vulnerable code not present)
 	- qemu-kvm <removed>
 	[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
@@ -1090,7 +1090,7 @@
 CVE-2017-5973 [Qemu: usb: infinite loop while doing control transfer in xhci_kick_epctx]
 	RESERVED
 	{DLA-842-1}
-	- qemu <unfixed> (bug #855611)
+	- qemu 1:2.8+dfsg-3 (bug #855611)
 	- qemu-kvm <removed>
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg01101.html
 	NOTE: http://www.openwall.com/lists/oss-security/2017/02/13/11
@@ -1241,7 +1241,7 @@
 	NOTE: Fix http://git.savannah.gnu.org/cgit/bash.git/commit/?id=4f747edc625815f449048579f6e65869914dd715
 CVE-2017-5931
 	RESERVED
-	- qemu <unfixed> (bug #854730)
+	- qemu 1:2.8+dfsg-3 (bug #854730)
 	[jessie] - qemu <not-affected> (Vulnerable code not present)
 	[wheezy] - qemu <not-affected> (Vulnerable code not present)
 	- qemu-kvm <not-affected> (Vulnerable code not present)
@@ -1340,7 +1340,7 @@
 CVE-2017-5898 [Qemu: usb: integer overflow in emulated_apdu_from_guest]
 	RESERVED
 	{DLA-842-1}
-	- qemu <unfixed> (bug #854729)
+	- qemu 1:2.8+dfsg-3 (bug #854729)
 	[jessie] - qemu <not-affected> (Vulnerable code not present)
 	- qemu-kvm <not-affected> (Vulnerable code not present)
 	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2017-02/msg01075.html
@@ -1950,7 +1950,7 @@
 	RESERVED
 CVE-2017-5857 [Qemu: display: virtio-gpu-3d: host memory leakage in virgl_cmd_resource_unref]
 	RESERVED
-	- qemu <unfixed> (bug #853996; unimportant)
+	- qemu 1:2.8+dfsg-3 (bug #853996; unimportant)
 	[jessie] - qemu <not-affected> (Vulnerable code not present)
 	- qemu-kvm <not-affected> (Vulnerable code not present)
 	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2017-01/msg04615.html
@@ -1958,7 +1958,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/21
 CVE-2017-5856 [Qemu: scsi: megasas: host memory leakage in megasas_handle_dcmd]
 	RESERVED
-	- qemu <unfixed> (bug #853996)
+	- qemu 1:2.8+dfsg-3 (bug #853996)
 	[jessie] - qemu <no-dsa> (Minor issue; can be fixed in future DSA or point release)
 	[wheezy] - qemu <not-affected> (Vulnerable code not present)
 	- qemu-kvm <removed>
@@ -2203,7 +2203,7 @@
 	RESERVED
 CVE-2017-5667 [sd: sdhci OOB access during multi block SDMA transfer]
 	RESERVED
-	- qemu <unfixed> (bug #853996)
+	- qemu 1:2.8+dfsg-3 (bug #853996)
 	[jessie] - qemu <no-dsa> (Minor issue)
 	[wheezy] - qemu <not-affected> (Vulnerable code not present)
 	- qemu-kvm <removed>
@@ -2451,7 +2451,7 @@
 	NOTE: https://lists.freedesktop.org/archives/virglrenderer-devel/2017-January/000105.html
 CVE-2017-5579 [serial: host memory leakage in 16550A UART emulation]
 	RESERVED
-	- qemu <unfixed> (bug #853002)
+	- qemu 1:2.8+dfsg-3 (bug #853002)
 	[jessie] - qemu <no-dsa> (Minor issue)
 	[wheezy] - qemu <no-dsa> (Minor issue)
 	- qemu-kvm <removed>
@@ -10372,7 +10372,7 @@
 	RESERVED
 CVE-2017-2630 [nbd: oob stack write in client routine drop_sync]
 	RESERVED
-	- qemu <unfixed> (bug #855227)
+	- qemu 1:2.8+dfsg-3 (bug #855227)
 	[jessie] - qemu <not-affected> (Vulnerable code introduced in v2.8.0-rc0)
 	[wheezy] - qemu <not-affected> (Vulnerable code introduced in v2.8.0-rc0)
 	- qemu-kvm <not-affected> (Vulnerable code introduced later)
@@ -10424,7 +10424,7 @@
 CVE-2017-2620 [display: cirrus: out-of-bounds access issue while in cirrus_bitblt_cputovideo]
 	RESERVED
 	{DLA-842-1}
-	- qemu <unfixed> (bug #855791)
+	- qemu 1:2.8+dfsg-3 (bug #855791)
 	- qemu-kvm <removed>
 	- xen 4.4.0-1
 	NOTE: Xen switched to qemu-system in 4.4.0-1
@@ -10454,7 +10454,7 @@
 CVE-2017-2615
 	RESERVED
 	{DLA-842-1}
-	- qemu <unfixed> (low; bug #854731)
+	- qemu 1:2.8+dfsg-3 (low; bug #854731)
 	[jessie] - qemu <no-dsa> (Minor issue)
 	NOTE: Introduced with: http://git.qemu.org/?p=qemu.git;a=commit;h=d3532a0db02296e687711b8cdc7791924efccea0 (which was the fix for CVE-2014-8106)
 	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=62d4c6bd5263bb8413a06c80144fc678df6dfb64
@@ -15594,7 +15594,7 @@
 	RESERVED
 CVE-2016-9602 [9p: virtfs allows guest to access host filesystem]
 	RESERVED
-	- qemu <unfixed> (bug #853006)
+	- qemu 1:2.8+dfsg-3 (bug #853006)
 	- qemu-kvm <removed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1413929
 	NOTE: The original proposed patch does not fix the issue, cf.
@@ -21756,7 +21756,7 @@
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg05557.html
 	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=070c4b92b8cd5390889716677a0b92444d6e087a
 CVE-2016-7907 (The imx_fec_do_tx function in hw/net/imx_fec.c in QEMU (aka Quick ...)
-	- qemu <unfixed> (bug #839986)
+	- qemu 1:2.8+dfsg-3 (bug #839986)
 	[jessie] - qemu <not-affected> (Vulnerable code introduced after v2.5.0-rc0)
 	[wheezy] - qemu <not-affected> (Vulnerable code introduced after v2.5.0-rc0)
 	- qemu-kvm <not-affected> (Vulnerable code introduced after v2.5.0-rc0)

More information about the Secure-testing-commits mailing list