[Git][security-tracker-team/security-tracker][master] Demote severity for CVE-2018-20123/qemu

Salvatore Bonaccorso carnil at debian.org
Tue Dec 18 16:36:40 GMT 2018


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
03d85145 by Salvatore Bonaccorso at 2018-12-18T16:34:22Z
Demote severity for CVE-2018-20123/qemu

The PVRDMA support is not enabled, so the source only affecte but not
the resulting binary packages.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2202,11 +2202,12 @@ CVE-2018-20124 [rdma: OOB access when building scatter-gather array]
 	- qemu-kvm <removed>
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg02822.html
 CVE-2018-20123 (pvrdma_realize in hw/rdma/vmw/pvrdma_main.c in QEMU has a Memory leak ...)
-	- qemu <unfixed> (low; bug #916442)
+	- qemu <unfixed> (unimportant; bug #916442)
 	[stretch] - qemu <not-affected> (Vulnerable code not present)
 	[jessie] - qemu <not-affected> (Vulnerable code not present)
 	- qemu-kvm <removed>
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg02817.html
+	NOTE: PVRDMA support not enabled.
 CVE-2018-20145 (Eclipse Mosquitto 1.5.x before 1.5.5 allows ACL bypass: if the option ...)
 	- mosquitto 1.5.5-1
 	[stretch] - mosquitto <not-affected> (Only affects 1.5.x)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/03d851459d32569bdd4caac24df24c4669cfd739

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/03d851459d32569bdd4caac24df24c4669cfd739
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181218/492a3a62/attachment.html>


More information about the debian-security-tracker-commits mailing list