[Git][security-tracker-team/security-tracker][master] qemu: ignore CVE-2015-8817, CVE-2015-8818. add regression note about CVE-2017-11334
Santiago R.R.
santiago at debian.org
Sat Nov 3 12:21:33 GMT 2018
Santiago R.R. pushed to branch master at Debian Security Tracker / security-tracker
Commits:
22f06078 by Santiago Ruano Rincón at 2018-11-03T12:20:33Z
qemu: ignore CVE-2015-8817, CVE-2015-8818. add regression note about CVE-2017-11334
Signed-off-by: Santiago Ruano Rincón <santiagorr at riseup.net>
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -69468,7 +69468,7 @@ CVE-2017-11524 (The WriteBlob function in MagickCore/blob.c in ImageMagick befor
CVE-2017-11334 (The address_space_write_continue function in exec.c in QEMU (aka Quick ...)
{DSA-3925-1}
- qemu 1:2.8+dfsg-7 (bug #869173)
- [jessie] - qemu <no-dsa> (Minor issue)
+ [jessie] - qemu <no-dsa> (Minor issue. Backport caused regression in Ubuntu)
[wheezy] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <no-dsa> (Minor issue)
@@ -124317,15 +124317,17 @@ CVE-2016-2784 (CMS Made Simple 2.x before 2.1.3 and 1.x before 1.12.2, when Smar
NOT-FOR-US: CMS Made Simple
CVE-2015-8818 (The cpu_physical_memory_write_rom_internal function in exec.c in QEMU ...)
- qemu 1:2.4+dfsg-1a
- [jessie] - qemu <no-dsa> (Minor issue; can be fixed along with a future DSA)
+ [jessie] - qemu <ignored> (Minor issue; too dangerous backport)
[wheezy] - qemu <not-affected> (Affects Qemu versions >= 1.6.0 and <= 2.3.1)
[squeeze] - qemu <not-affected> (Affects Qemu versions >= 1.6.0 and <= 2.3.1)
- qemu-kvm <not-affected> (Affects Qemu versions >= 1.6.0 and <= 2.3.1)
NOTE: http://www.openwall.com/lists/oss-security/2016/03/01/10
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=b242e0e0e2969c044a318e56f7988bbd84de1f63 (v2.4.0-rc0)
+ NOTE: same patchset than CVE-2015-8817
+ NOTE: https://lists.gnu.org/archive/html/qemu-stable/2016-01/msg00065.html
CVE-2015-8817 (QEMU (aka Quick Emulator) built to use 'address_space_translate' to ...)
- qemu 1:2.4+dfsg-1a
- [jessie] - qemu <no-dsa> (Minor issue; can be fixed along with a future DSA)
+ [jessie] - qemu <ignored> (Minor issue; too dangerous backport)
[wheezy] - qemu <not-affected> (Affects Qemu versions >= 1.6.0 and <= 2.3.1)
[squeeze] - qemu <not-affected> (Affects Qemu versions >= 1.6.0 and <= 2.3.1)
- qemu-kvm <not-affected> (Affects Qemu versions >= 1.6.0 and <= 2.3.1)
@@ -124333,6 +124335,7 @@ CVE-2015-8817 (QEMU (aka Quick Emulator) built to use 'address_space_translate'
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=c3c1bb99d1c11978d9ce94d1bdcf0705378c1459 (v2.3.0-rc1)
NOTE: https://lists.gnu.org/archive/html/qemu-stable/2016-01/msg00060.html
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=23820dbfc79d1c9dce090b4c555994f2bb6a69b3 (v2.4.0-rc0)
+ NOTE: https://lists.gnu.org/archive/html/qemu-stable/2016-01/msg00065.html
CVE-2016-2783 (Avaya Fabric Connect Virtual Services Platform (VSP) Operating System ...)
NOT-FOR-US: Avaya
CVE-2016-2780 (Untrusted search path vulnerability in Huawei UTPS before ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/22f0607806c0f72b1fbb9c0e0eea1ae44c89a342
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/22f0607806c0f72b1fbb9c0e0eea1ae44c89a342
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181103/09f7d7eb/attachment.html>
More information about the debian-security-tracker-commits
mailing list