[Git][security-tracker-team/security-tracker][master] qemu triage
Moritz Muehlenhoff
jmm at debian.org
Thu Nov 8 15:17:07 GMT 2018
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e1f565ba by Moritz Muehlenhoff at 2018-11-08T15:16:44Z
qemu triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -329,7 +329,8 @@ CVE-2018-18955
RESERVED
CVE-2018-18954 [ppc64: Out-of-bounds r/w stack access in pnv_lpc_do_eccb]
RESERVED
- - qemu <unfixed>
+ - qemu <unfixed> (low)
+ [stretch] - qemu <postponed> (Minor issue, can be backported once fixed upstream)
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg00446.html
CVE-2018-18953
@@ -552,7 +553,8 @@ CVE-2018-18849 [lsi53c895a: OOB msg buffer access leads to DoS]
RESERVED
- qemu <unfixed> (bug #912535)
- qemu-kvm <removed>
- NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg06682.html
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=e58ccf039650065a9442de43c9816f81e88f27f6
+ NOTE: https://www.openwall.com/lists/oss-security/2018/11/01/1
CVE-2018-18848
RESERVED
CVE-2018-18847
@@ -1580,9 +1582,11 @@ CVE-2018-18445 (In the Linux kernel 4.14.x, 4.15.x, 4.16.x, 4.17.x, and 4.18.x b
NOTE: https://git.kernel.org/linus/b799207e1e1816b09e7a5920fbb2d5fcf6edd681
CVE-2018-18438 (Qemu has integer overflows because IOReadHandler and its associated ...)
- qemu <unfixed> (bug #911470)
+ [stretch] - qemu <ignored> (Minor issue, too intrusive to backport)
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg02396.html
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg02402.html
+ NOTE: https://www.openwall.com/lists/oss-security/2018/10/17/3
CVE-2018-18437 (In AXIOS ITALIA Axioscloud Sissiweb Registro Elettronico 1.7.0, ...)
NOT-FOR-US: AXIOS
CVE-2018-18436 (JTBC(PHP) 3.0 allows CSRF for creating an account via the ...)
@@ -2859,10 +2863,14 @@ CVE-2018-17963 (qemu_deliver_packet_iov in net/net.c in Qemu accepts packet size
- qemu <unfixed> (bug #911469)
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03267.html
+ NOTE: https://www.openwall.com/lists/oss-security/2018/10/08/1
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=1592a9947036d60dde5404204a5d45975133caf5
CVE-2018-17962 (Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because ...)
- qemu <unfixed> (bug #911468)
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03268.html
+ NOTE: https://www.openwall.com/lists/oss-security/2018/10/08/1
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=b1d80d12c5f7ff081bb80ab4f4241d4248691192
CVE-2018-17961 (Artifex Ghostscript 9.25 and earlier allows attackers to bypass a ...)
{DLA-1552-1}
- ghostscript 9.25~dfsg-3 (bug #910678)
@@ -2879,6 +2887,8 @@ CVE-2018-17958 (Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl81
- qemu <unfixed> (bug #911499)
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03269.html
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=1a326646fef38782e5542280040ec3ea23e4a730
+ NOTE: https://www.openwall.com/lists/oss-security/2018/10/08/1
CVE-2018-17957
RESERVED
CVE-2018-17956
@@ -21198,6 +21208,8 @@ CVE-2018-10839 (Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation su
- qemu <unfixed> (bug #910431)
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03273.html
+ NOTE: https://www.openwall.com/lists/oss-security/2018/10/08/1
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=fdc89e90fac40c5ca2686733df17b6423fb8d8fb
CVE-2018-10838
RESERVED
CVE-2018-10837
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e1f565ba88b9b74c8647f1ccdf95a2a4dd909b7f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e1f565ba88b9b74c8647f1ccdf95a2a4dd909b7f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181108/460c6a20/attachment.html>
More information about the debian-security-tracker-commits
mailing list