[Git][security-tracker-team/security-tracker][master] qemu issues fixed in unstable via 1:3.1+dfsg-1 upload

Wed Dec 12 10:09:08 GMT 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4716aab7 by Salvatore Bonaccorso at 2018-12-12T10:08:56Z
qemu issues fixed in unstable via 1:3.1+dfsg-1 upload

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5827,7 +5827,7 @@ CVE-2018-19490 (An issue was discovered in datafile.c in Gnuplot 5.2.5. This iss
 	NOTE: No security impact, gnuplot can execute arbitrary commands and need to come from a trusted source
 CVE-2018-19489 [9pfs: crash due to race condition in renaming files]
 	RESERVED
-	- qemu <unfixed> (bug #914727)
+	- qemu 1:3.1+dfsg-1 (bug #914727)
 	- qemu-kvm <removed>
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg04489.html
 	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=1d20398694a3b67a388d955b7a945ba4aa90a8a8 (master)
@@ -6173,7 +6173,7 @@ CVE-2018-19365
 	RESERVED
 CVE-2018-19364 [Use-after-free due to race condition while updating fid path]
 	RESERVED
-	- qemu <unfixed> (bug #914599)
+	- qemu 1:3.1+dfsg-1 (bug #914599)
 	- qemu-kvm <removed>
 	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=5b76ef50f62079a2389ba28cacaf6cce68b1a0ed
 	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=5b3c77aa581ebb215125c84b0742119483571e55
@@ -7464,7 +7464,7 @@ CVE-2018-18955 (In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_wri
 	NOTE: Introduced in https://git.kernel.org/linus/6397fac4915a
 	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1712
 CVE-2018-18954 (The pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu before 3.1 ...)
-	- qemu <unfixed> (low; bug #914604)
+	- qemu 1:3.1+dfsg-1 (low; bug #914604)
 	[stretch] - qemu <postponed> (Minor issue, can be backported once fixed upstream)
 	[jessie] - qemu <not-affected> (Vulnerable code not present. ppc/pnv lpc was added in 2.7)
 	- qemu-kvm <removed>
@@ -7689,7 +7689,7 @@ CVE-2018-18850 (In Octopus Deploy 2018.8.0 through 2018.9.x before 2018.9.1, an
 	NOT-FOR-US: Octopus Deploy
 CVE-2018-18849 [lsi53c895a: OOB msg buffer access leads to DoS]
 	RESERVED
-	- qemu <unfixed> (bug #912535)
+	- qemu 1:3.1+dfsg-1 (bug #912535)
 	[stretch] - qemu <postponed> (Minor issue, revisit for later update)
 	[jessie] - qemu <postponed> (Minor issue, revisit for later update)
 	- qemu-kvm <removed>
@@ -8744,7 +8744,7 @@ CVE-2018-18445 (In the Linux kernel 4.14.x, 4.15.x, 4.16.x, 4.17.x, and 4.18.x b
 	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1686
 	NOTE: https://git.kernel.org/linus/b799207e1e1816b09e7a5920fbb2d5fcf6edd681
 CVE-2018-18438 (Qemu has integer overflows because IOReadHandler and its associated ...)
-	- qemu <unfixed> (bug #911470)
+	- qemu 1:3.1+dfsg-1 (bug #911470)
 	[stretch] - qemu <ignored> (Minor issue, too intrusive to backport)
 	[jessie] - qemu <ignored> (Minor issue, too intrusive to backport)
 	- qemu-kvm <removed>
@@ -10078,14 +10078,14 @@ CVE-2018-17964 (Aryanic HighPortal 12.5 has XSS via an Add Tags action. ...)
 	NOT-FOR-US: Aryanic HighPortal
 CVE-2018-17963 (qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes ...)
 	{DSA-4338-1 DLA-1599-1}
-	- qemu <unfixed> (bug #911469)
+	- qemu 1:3.1+dfsg-1 (bug #911469)
 	- qemu-kvm <removed>
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03267.html
 	NOTE: https://www.openwall.com/lists/oss-security/2018/10/08/1
 	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=1592a9947036d60dde5404204a5d45975133caf5
 CVE-2018-17962 (Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because ...)
 	{DSA-4338-1 DLA-1599-1}
-	- qemu <unfixed> (bug #911468)
+	- qemu 1:3.1+dfsg-1 (bug #911468)
 	- qemu-kvm <removed>
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03268.html
 	NOTE: https://www.openwall.com/lists/oss-security/2018/10/08/1
@@ -10106,7 +10106,7 @@ CVE-2018-17960 (CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a
 CVE-2018-17959
 	RESERVED
 CVE-2018-17958 (Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c ...)
-	- qemu <unfixed> (bug #911499)
+	- qemu 1:3.1+dfsg-1 (bug #911499)
 	[stretch] - qemu <postponed> (Minor issue, revisit for later update)
 	[jessie] - qemu <postponed> (Minor issue, revisit for later update)
 	- qemu-kvm <removed>
@@ -12659,7 +12659,7 @@ CVE-2018-16868 (A Bleichenbacher type side-channel based padding oracle attack w
 	NOTE: https://gitlab.com/gnutls/gnutls/merge_requests/832
 CVE-2018-16867 [dev-mtp: path traversal in usb_mtp_write_data of the Media Transfer Protocol (MTP)]
 	RESERVED
-	- qemu <unfixed> (bug #915884)
+	- qemu 1:3.1+dfsg-1 (bug #915884)
 	- qemu-kvm <removed>
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg00390.html
 	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=c52d46e041b42bb1ee6f692e00a0abe37a9659f6 (master)
@@ -15615,7 +15615,7 @@ CVE-2018-15748 (On Dell 2335dn printers with Printer Firmware Version 2.70.05.02
 CVE-2018-15747
 	RESERVED
 CVE-2018-15746 (qemu-seccomp.c in QEMU might allow local OS guest users to cause a ...)
-	- qemu <unfixed> (bug #907500)
+	- qemu 1:3.1+dfsg-1 (bug #907500)
 	[stretch] - qemu <no-dsa> (Minor issue; Only enabled by default later, but supported)
 	[jessie] - qemu <no-dsa> (Minor issue; Only enabled by default later, but supported)
 	- qemu-kvm <removed>
@@ -23414,7 +23414,7 @@ CVE-2018-12619
 CVE-2018-12618
 	RESERVED
 CVE-2018-12617 (qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in ...)
-	- qemu <unfixed> (low; bug #902725)
+	- qemu 1:3.1+dfsg-1 (low; bug #902725)
 	[stretch] - qemu <postponed> (Minor issue, wait until more severe issues are around)
 	[jessie] - qemu <postponed> (Minor issue, wait until more severe issues are around)
 	NOTE: https://gist.github.com/fakhrizulkifli/c7740d28efa07dafee66d4da5d857ef6
@@ -25682,7 +25682,7 @@ CVE-2018-11808 (Incorrect Access Control in CustomFieldsFeedServlet in Zoho ...)
 CVE-2018-11807
 	RESERVED
 CVE-2018-11806 (m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via ...)
-	- qemu <unfixed> (bug #901017)
+	- qemu 1:3.1+dfsg-1 (bug #901017)
 	[stretch] - qemu <postponed> (Minor issue, wait until more severe issues are around)
 	[jessie] - qemu <postponed> (Minor issue, wait until more severe issues are around)
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg01012.html
@@ -28587,7 +28587,7 @@ CVE-2018-10840 (Linux kernel is vulnerable to a heap-based buffer overflow in th
 	NOTE: Fixed by: https://git.kernel.org/linus/8a2b307c21d4b290e3cbe33f768f194286d07c23
 CVE-2018-10839 (Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is ...)
 	{DSA-4338-1 DLA-1599-1}
-	- qemu <unfixed> (bug #910431)
+	- qemu 1:3.1+dfsg-1 (bug #910431)
 	- qemu-kvm <removed>
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03273.html
 	NOTE: https://www.openwall.com/lists/oss-security/2018/10/08/1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4716aab7ada74522e64d6efe98ae0a74140ea1dc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4716aab7ada74522e64d6efe98ae0a74140ea1dc
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181212/aafc4cfe/attachment-0001.html>
