[Git][security-tracker-team/security-tracker][master] qemu triage

Moritz Muehlenhoff jmm at debian.org
Thu Nov 8 15:17:07 GMT 2018 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e1f565ba by Moritz Muehlenhoff at 2018-11-08T15:16:44Z
qemu triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -329,7 +329,8 @@ CVE-2018-18955
 	RESERVED
 CVE-2018-18954 [ppc64: Out-of-bounds r/w stack access in pnv_lpc_do_eccb]
 	RESERVED
-	- qemu <unfixed>
+	- qemu <unfixed> (low)
+	[stretch] - qemu <postponed> (Minor issue, can be backported once fixed upstream)
 	- qemu-kvm <removed>
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg00446.html
 CVE-2018-18953
@@ -552,7 +553,8 @@ CVE-2018-18849 [lsi53c895a: OOB msg buffer access leads to DoS]
 	RESERVED
 	- qemu <unfixed> (bug #912535)
 	- qemu-kvm <removed>
-	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg06682.html
+	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=e58ccf039650065a9442de43c9816f81e88f27f6
+	NOTE: https://www.openwall.com/lists/oss-security/2018/11/01/1
 CVE-2018-18848
 	RESERVED
 CVE-2018-18847
@@ -1580,9 +1582,11 @@ CVE-2018-18445 (In the Linux kernel 4.14.x, 4.15.x, 4.16.x, 4.17.x, and 4.18.x b
 	NOTE: https://git.kernel.org/linus/b799207e1e1816b09e7a5920fbb2d5fcf6edd681
 CVE-2018-18438 (Qemu has integer overflows because IOReadHandler and its associated ...)
 	- qemu <unfixed> (bug #911470)
+	[stretch] - qemu <ignored> (Minor issue, too intrusive to backport)
 	- qemu-kvm <removed>
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg02396.html
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg02402.html
+	NOTE: https://www.openwall.com/lists/oss-security/2018/10/17/3
 CVE-2018-18437 (In AXIOS ITALIA Axioscloud Sissiweb Registro Elettronico 1.7.0, ...)
 	NOT-FOR-US: AXIOS
 CVE-2018-18436 (JTBC(PHP) 3.0 allows CSRF for creating an account via the ...)
@@ -2859,10 +2863,14 @@ CVE-2018-17963 (qemu_deliver_packet_iov in net/net.c in Qemu accepts packet size
 	- qemu <unfixed> (bug #911469)
 	- qemu-kvm <removed>
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03267.html
+	NOTE: https://www.openwall.com/lists/oss-security/2018/10/08/1
+	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=1592a9947036d60dde5404204a5d45975133caf5
 CVE-2018-17962 (Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because ...)
 	- qemu <unfixed> (bug #911468)
 	- qemu-kvm <removed>
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03268.html
+	NOTE: https://www.openwall.com/lists/oss-security/2018/10/08/1
+	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=b1d80d12c5f7ff081bb80ab4f4241d4248691192
 CVE-2018-17961 (Artifex Ghostscript 9.25 and earlier allows attackers to bypass a ...)
 	{DLA-1552-1}
 	- ghostscript 9.25~dfsg-3 (bug #910678)
@@ -2879,6 +2887,8 @@ CVE-2018-17958 (Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl81
 	- qemu <unfixed> (bug #911499)
 	- qemu-kvm <removed>
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03269.html
+	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=1a326646fef38782e5542280040ec3ea23e4a730
+	NOTE: https://www.openwall.com/lists/oss-security/2018/10/08/1
 CVE-2018-17957
 	RESERVED
 CVE-2018-17956
@@ -21198,6 +21208,8 @@ CVE-2018-10839 (Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation su
 	- qemu <unfixed> (bug #910431)
 	- qemu-kvm <removed>
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03273.html
+	NOTE: https://www.openwall.com/lists/oss-security/2018/10/08/1
+	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=fdc89e90fac40c5ca2686733df17b6423fb8d8fb
 CVE-2018-10838
 	RESERVED
 CVE-2018-10837



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e1f565ba88b9b74c8647f1ccdf95a2a4dd909b7f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e1f565ba88b9b74c8647f1ccdf95a2a4dd909b7f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181108/460c6a20/attachment.html>

More information about the debian-security-tracker-commits mailing list