[Secure-testing-commits] r51745 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Fri May 19 11:00:59 UTC 2017
Author: carnil
Date: 2017-05-19 11:00:59 +0000 (Fri, 19 May 2017)
New Revision: 51745
Modified:
data/CVE/list
Log:
Add CVE-2017-9060/qemu
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-05-19 10:57:14 UTC (rev 51744)
+++ data/CVE/list 2017-05-19 11:00:59 UTC (rev 51745)
@@ -21,8 +21,16 @@
NOT-FOR-US: MODX Revolution
CVE-2017-9067 (In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is ...)
NOT-FOR-US: MODX Revolution
-CVE-2017-9060
+CVE-2017-9060 [virtio-gpu: host memory leakage in Virtio GPU device]
RESERVED
+ - qemu <unfixed> (unimportant)
+ [jessie] - qemu <not-affected> (Vulnerable code not present)
+ [wheezy] - qemu <not-affected> (Vulnerable code not present)
+ - qemu-kvm <not-affected> (Vulnerable code not present)
+ NOTE: Marked as unimportant, since 1:2.8+dfsg-2 reverted the support for
+ NOTE: virtio gpu (virglrenderer) and opengl, but the affected code is
+ NOTE: still present.
+ NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=dd248ed7e204ee8a1873914e02b8b526e8f1b80d
CVE-2017-9059 (The NFSv4 implementation in the Linux kernel through 4.11.1 allows ...)
- linux <unfixed>
CVE-2017-9057
More information about the Secure-testing-commits
mailing list