[Secure-testing-commits] r56762 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Mon Oct 16 18:40:57 UTC 2017
Author: carnil
Date: 2017-10-16 18:40:57 +0000 (Mon, 16 Oct 2017)
New Revision: 56762
Modified:
data/CVE/list
Log:
Add more information for libvirt issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-10-16 18:37:52 UTC (rev 56761)
+++ data/CVE/list 2017-10-16 18:40:57 UTC (rev 56762)
@@ -774,8 +774,12 @@
NOTE: https://pagure.io/koji/c/ba7b5a3cbed11ade11c3af5e834c9a6de4f6d7c3
CVE-2017-1000256 [LSN-2017-0002: TLS certificate verification disabled for clients]
- libvirt <unfixed> (bug #878799)
+ [jessie] - libvirt <not-affected> (Vulnerable code introduced later)
+ [wheezy] - libvirt <not-affected> (Vulnerable code introduced later)
NOTE: https://www.redhat.com/archives/libvirt-announce/2017-October/msg00001.html
NOTE: http://security.libvirt.org/2017/0002.html
+ NOTE: Broken by: http://libvirt.org/git/?p=libvirt.git;a=commit;h=ce61c16450d4992612d1fc6f39a39e79bfccead5 (master)
+ NOTE: Fixed by: http://libvirt.org/git/?p=libvirt.git;a=commit;h=441d3eb6d1be940a67ce45a286602a967601b157 (master)
CVE-2017-1000255 [kernel memory overwrite in transactional memory handling]
RESERVED
- linux 4.13.4-2
More information about the Secure-testing-commits
mailing list