[Git][security-tracker-team/security-tracker][master] 3 commits: qemu in jessie: tag CVE-2016-7466 not affected, CVE-2016-9923 ignored, CVE-2017-12809 not affected

[Santiago R.R.]

Santiago R.R. pushed to branch master at Debian Security Tracker / security-tracker


Commits:
43a3d7a5 by Santiago Ruano Rincón at 2018-11-16T14:28:32Z
qemu in jessie: tag CVE-2016-7466 not affected, CVE-2016-9923 ignored, CVE-2017-12809 not affected

Signed-off-by: Santiago Ruano Rincón <santiagorr at riseup.net>

- - - - -
ce50f4a2 by Santiago Ruano Rincón at 2018-11-16T14:28:58Z
CVE-2017-13672/qemu in jessie: no-dsa, too complex to backport

Signed-off-by: Santiago Ruano Rincón <santiagorr at riseup.net>

- - - - -
0a9aca7e by Santiago Ruano Rincón at 2018-11-16T14:30:51Z
Merge branch 'master' of salsa.debian.org:security-tracker-team/security-tracker

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -63732,7 +63732,7 @@ CVE-2017-13673 (The vga display update in mis-calculated the region for the dirt
 CVE-2017-13672 (QEMU (aka Quick Emulator), when built with the VGA display emulator ...)
 	{DSA-3991-1}
 	- qemu 1:2.10.0-1 (low; bug #873851)
-	[jessie] - qemu <postponed> (Can be fixed along in a future DSA)
+	[jessie] - qemu <no-dsa> (Minor issue. Too complex to backport)
 	[wheezy] - qemu <postponed> (Can be fixed along in a future DSA)
 	- qemu-kvm <removed>
 	[wheezy] - qemu-kvm <postponed> (Can be fixed along in a future DSA)
@@ -66425,7 +66425,7 @@ CVE-2017-12810 (PHPJabbers PHP Newsletter Script 4.2 has stored XSS in lists in
 CVE-2017-12809 (QEMU (aka Quick Emulator), when built with the IDE disk and CD/DVD-ROM ...)
 	{DSA-3991-1}
 	- qemu 1:2.10.0-1 (bug #873849)
-	[jessie] - qemu <no-dsa> (Minor issue)
+	[jessie] - qemu <not-affected> (Vulnerable code not present)
 	[wheezy] - qemu <no-dsa> (Minor issue)
 	- qemu-kvm <removed>
 	[wheezy] - qemu-kvm <no-dsa> (Minor issue)
@@ -94414,7 +94414,7 @@ CVE-2016-9938 (An issue was discovered in Asterisk Open Source 11.x before 11.25
 	NOTE: Only applicable if a proxy is in use.
 CVE-2016-9923 (Quick Emulator (Qemu) built with the 'chardev' backend support is ...)
 	- qemu 1:2.8+dfsg-1 (bug #847957)
-	[jessie] - qemu <no-dsa> (Minor issue)
+	[jessie] - qemu <ignored> (Minor issue; too complex to backport)
 	[wheezy] - qemu <no-dsa> (Minor issue)
 	- qemu-kvm <removed>
 	[wheezy] - qemu-kvm <no-dsa> (Minor issue)
@@ -107757,7 +107757,7 @@ CVE-2016-1000031 (Apache Commons FileUpload before 1.3.3 DiskFileItem File Manip
 	NOTE: Thus we are not going to diverge from Apache upstream here.
 CVE-2016-7466 (Memory leak in the usb_xhci_exit function in hw/usb/hcd-xhci.c in QEMU ...)
 	- qemu 1:2.7+dfsg-1 (bug #838687)
-	[jessie] - qemu <no-dsa> (Minor issue, needs qemu monitor access to unplug nec-xhci controller)
+	[jessie] - qemu <not-affected> (Vulnerable code not present. Introduced in 2.2.x)
 	[wheezy] - qemu <no-dsa> (Minor issue, needs qemu monitor access to unplug nec-xhci controller)
 	- qemu-kvm <removed>
 	[wheezy] - qemu-kvm <not-affected> (Minor issue, needs qemu monitor access to unplug nec-xhci controller)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/b3ed02d2cd89cfbe9a8f8f3fea1eafd815cf5604...0a9aca7e5eaf0c8fffa061015e61aa33342c8e38

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/b3ed02d2cd89cfbe9a8f8f3fea1eafd815cf5604...0a9aca7e5eaf0c8fffa061015e61aa33342c8e38
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181116/4459fbf6/attachment.html>