[Secure-testing-commits] r57879 - in data: . CVE

Emilio Pozuelo Monfort pochu at moszumanska.debian.org
Mon Nov 20 22:28:17 UTC 2017 

Author: pochu
Date: 2017-11-20 22:28:17 +0000 (Mon, 20 Nov 2017)
New Revision: 57879

Modified:
   data/CVE/list
   data/dla-needed.txt
Log:
mark qemu(-kvm) as postponed on wheezy

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-11-20 22:24:04 UTC (rev 57878)
+++ data/CVE/list	2017-11-20 22:28:17 UTC (rev 57879)
@@ -524,7 +524,9 @@
 	- qemu <unfixed> (bug #882136)
 	[stretch] - qemu <no-dsa> (Minor issue)
 	[jessie] - qemu <no-dsa> (Minor issue)
+	[wheezy] - qemu <postponed> (Can be fixed along in a future update)
 	- qemu-kvm <removed>
+	[wheezy] - qemu-kvm <postponed> (Can be fixed along in a future update)
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg02982.html
 CVE-2017-16844 (Heap-based buffer overflow in the loadbuf function in formisc.c in ...)
 	{DSA-4041-1 DLA-1173-1}
@@ -4666,7 +4668,9 @@
 	- qemu <unfixed> (bug #880832)
 	[stretch] - qemu <no-dsa> (Minor issue)
 	[jessie] - qemu <no-dsa> (Minor issue)
+	[wheezy] - qemu <postponed> (Can be fixed along in a future update)
 	- qemu-kvm <removed>
+	[wheezy] - qemu-kvm <postponed> (Can be fixed along in a future update)
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg02557.html
 	NOTE: Fixed by: https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=eb38e1bc3740725ca29a535351de94107ec58d51
 CVE-2017-15288 (The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, ...)

Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt	2017-11-20 22:24:04 UTC (rev 57878)
+++ data/dla-needed.txt	2017-11-20 22:28:17 UTC (rev 57879)
@@ -87,12 +87,6 @@
 python2.7 (Roberto C. Sánchez)
   NOTE: 20171118: Update is prepared, call for testing has been sent, will upload and release DLA 20171125
 --
-qemu
-  NOTE: 20171120 Can wait for more issues to pile up
---
-qemu-kvm
-  NOTE: 20171120 Can wait for more issues to pile up
---
 roundcube (Roberto C. Sánchez)
   NOTE: 2017118: Patch is ready; because of code differences, waiting on upstream to review or provide information on how to reproduce the exploit
 --

More information about the Secure-testing-commits mailing list