[Git][security-tracker-team/security-tracker][master] Remove no-dsa tags for qemu issues fixed in DLA-1599-1
Santiago R.R.
santiago at debian.org
Thu Nov 29 10:53:45 GMT 2018
Santiago R.R. pushed to branch master at Debian Security Tracker / security-tracker
Commits:
86e170a2 by Santiago Ruano Rincón at 2018-11-29T10:52:53Z
Remove no-dsa tags for qemu issues fixed in DLA-1599-1
Signed-off-by: Santiago Ruano Rincón <santiagorr at riseup.net>
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -76516,7 +76516,6 @@ CVE-2017-9997
CVE-2017-10664 (qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which ...)
{DSA-3920-1 DLA-1071-1 DLA-1070-1}
- qemu 1:2.8+dfsg-7 (bug #866674)
- [jessie] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg02693.html
NOTE: Fixed by (master): http://git.qemu.org/?p=qemu.git;a=commitdiff;h=041e32b8d9d076980b4e35317c0339e57ab888f1
@@ -109034,7 +109033,6 @@ CVE-2014-9909 (An elevation of privilege vulnerability in the Broadcom Wi-Fi dri
CVE-2016-9106 (Memory leak in the v9fs_write function in hw/9pfs/9p.c in QEMU (aka ...)
{DLA-698-1 DLA-689-1}
- qemu 1:2.8+dfsg-1 (bug #842463)
- [jessie] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02623.html
NOTE: http://www.openwall.com/lists/oss-security/2016/10/28/4
@@ -109042,14 +109040,12 @@ CVE-2016-9106 (Memory leak in the v9fs_write function in hw/9pfs/9p.c in QEMU (a
CVE-2016-9105 (Memory leak in the v9fs_link function in hw/9pfs/9p.c in QEMU (aka ...)
{DLA-698-1 DLA-689-1}
- qemu 1:2.8+dfsg-1 (bug #842463)
- [jessie] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02608.html
NOTE: http://www.openwall.com/lists/oss-security/2016/10/28/3
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=4c1586787ff43c9acd18a56c12d720e3e6be9f7c
CVE-2016-9104 (Multiple integer overflows in the (1) v9fs_xattr_read and (2) ...)
{DLA-698-1 DLA-689-1}
- [jessie] - qemu <no-dsa> (Minor issue)
- qemu 1:2.8+dfsg-1 (bug #842463)
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02942.html
@@ -109057,7 +109053,6 @@ CVE-2016-9104 (Multiple integer overflows in the (1) v9fs_xattr_read and (2) ...
CVE-2016-9103 (The v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick ...)
{DLA-698-1 DLA-689-1}
- qemu 1:2.8+dfsg-1 (bug #842463)
- [jessie] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg01790.html
NOTE: http://www.openwall.com/lists/oss-security/2016/10/28/1
@@ -109065,7 +109060,6 @@ CVE-2016-9103 (The v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick
CVE-2016-9102 (Memory leak in the v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU ...)
{DLA-698-1 DLA-689-1}
- qemu 1:2.8+dfsg-1 (bug #842463)
- [jessie] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg01861.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1389550
@@ -109074,7 +109068,6 @@ CVE-2016-9102 (Memory leak in the v9fs_xattrcreate function in hw/9pfs/9p.c in Q
CVE-2016-9101 (Memory leak in hw/net/eepro100.c in QEMU (aka Quick Emulator) allows ...)
{DLA-698-1 DLA-689-1}
- qemu 1:2.8+dfsg-1 (bug #842455)
- [jessie] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg03024.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1389538
@@ -110008,14 +110001,12 @@ CVE-2016-1000032 (TGCaptcha2 version 0.3.0 is vulnerable to a replay attack due
CVE-2016-8910 (The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka ...)
{DLA-698-1 DLA-689-1}
- qemu 1:2.8+dfsg-1 (bug #841955)
- [jessie] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg05495.html
NOTE: http://www.openwall.com/lists/oss-security/2016/10/24/2
CVE-2016-8909 (The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick ...)
{DLA-698-1 DLA-689-1}
- qemu 1:2.8+dfsg-1 (bug #841950)
- [jessie] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg04717.html
NOTE: http://www.openwall.com/lists/oss-security/2016/10/24/1
@@ -110889,14 +110880,12 @@ CVE-2016-8601
CVE-2016-8578 (The v9fs_iov_vunmarshal function in fsdev/9p-iov-marshal.c in QEMU ...)
{DLA-679-1 DLA-678-1}
- qemu 1:2.8+dfsg-1 (bug #840340)
- [jessie] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg07143.html
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=ba42ebb863ab7d40adc79298422ed9596df8f73a
CVE-2016-8577 (Memory leak in the v9fs_read function in hw/9pfs/9p.c in QEMU (aka ...)
{DLA-679-1 DLA-678-1}
- qemu 1:2.8+dfsg-1 (bug #840341)
- [jessie] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg07127.html
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=e95c9a493a5a8d6f969e86c9f19f80ffe6587e19
@@ -111671,7 +111660,6 @@ CVE-2016-7422 (The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (ak
NOTE: http://www.openwall.com/lists/oss-security/2016/09/16/4
CVE-2016-7421 (The pvscsi_ring_pop_req_descr function in hw/scsi/vmw_pvscsi.c in QEMU ...)
- qemu 1:2.7+dfsg-1 (bug #838147)
- [jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <not-affected> (Vulnerable code not present, introduced after 1.5)
- qemu-kvm <not-affected> (Vulnerable code not present, introduced after 1.5)
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg03609.html
@@ -113106,13 +113094,11 @@ CVE-2016-7910 (Use-after-free vulnerability in the disk_seqf_stop function in ..
CVE-2016-7909 (The pcnet_rdra_addr function in hw/net/pcnet.c in QEMU (aka Quick ...)
{DLA-698-1 DLA-689-1}
- qemu 1:2.8+dfsg-1 (bug #839834)
- [jessie] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg07942.html
CVE-2016-7908 (The mcf_fec_do_tx function in hw/net/mcf_fec.c in QEMU (aka Quick ...)
{DLA-653-1 DLA-652-1}
- qemu 1:2.8+dfsg-1 (bug #839835)
- [jessie] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg05557.html
NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=070c4b92b8cd5390889716677a0b92444d6e087a
@@ -114925,7 +114911,6 @@ CVE-2016-7171 (NetApp Plug-in for Symantec NetBackup prior to version 2.0.1 make
CVE-2016-7170 (The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU (aka ...)
{DLA-653-1 DLA-652-1}
- qemu 1:2.8+dfsg-1 (bug #837316)
- [jessie] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg01764.html
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=167d97a3def77ee2dbf6e908b0ecbfe2103977db
@@ -114961,7 +114946,6 @@ CVE-2016-7162 (The _g_file_remove_directory function in file-utils.c in File Rol
CVE-2016-7161 (Heap-based buffer overflow in the .receive callback of ...)
{DLA-653-1 DLA-652-1}
- qemu 1:2.7+dfsg-1 (bug #838850)
- [jessie] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=a0d1cbdacff5df4ded16b753b38fdd9da6092968 (2.7.0-rc3)
NOTE: http://patchwork.ozlabs.org/patch/657076/
@@ -115037,7 +115021,6 @@ CVE-2016-7121
RESERVED
CVE-2016-7155 (hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest ...)
- qemu 1:2.6+dfsg-3.1 (bug #837174)
- [jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <not-affected> (Vulnerable code not present, introduced after v1.5)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
@@ -115047,7 +115030,6 @@ CVE-2016-7155 (hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local gu
NOTE: Vulnerable code introduced after version 1.5: http://wiki.qemu.org/ChangeLog/1.5
CVE-2016-7156 (The pvscsi_convert_sglist function in hw/scsi/vmw_pvscsi.c in QEMU ...)
- qemu 1:2.6+dfsg-3.1 (bug #837339)
- [jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <not-affected> (Vulnerable code not present, introduced after v1.5)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
@@ -115267,7 +115249,6 @@ CVE-2016-7118 (fs/fcntl.c in the "aufs 3.2.x+setfl-debian" patch in th
CVE-2016-7116 (Directory traversal vulnerability in hw/9pfs/9p.c in QEMU (aka Quick ...)
{DLA-619-1 DLA-618-1}
- qemu 1:2.6+dfsg-3.1 (bug #836502)
- [jessie] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=56f101ecce0eafd09e2daf1c4eeb1377d6959261
NOTE: May as well need: http://git.qemu.org/?p=qemu.git;a=commit;h=fff39a7ad09da07ef490de05c92c91f22f8002f2
@@ -115974,7 +115955,6 @@ CVE-2016-6824 (Huawei AC6003, AC6005, AC6605, and ACU2 access controllers with .
NOT-FOR-US: Huawei Campus Switch
CVE-2016-6888 (Integer overflow in the net_tx_pkt_init function in ...)
- qemu 1:2.6+dfsg-3.1 (bug #834902)
- [jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
@@ -116461,7 +116441,6 @@ CVE-2016-6833 (Use-after-free vulnerability in the vmxnet3_io_bar0_write functio
NOTE: http://www.openwall.com/lists/oss-security/2016/08/12/1
CVE-2016-6834 (The net_tx_pkt_do_sw_fragmentation function in hw/net/net_tx_pkt.c in ...)
- qemu 1:2.6+dfsg-3.1 (bug #834905)
- [jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <not-affected> (Vulnerable code not present, packet abstraction introduced in 1.5)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present, packet abstraction introduced in 1.5)
@@ -116478,7 +116457,6 @@ CVE-2016-6835 (The vmxnet_tx_pkt_parse_headers function in hw/net/vmxnet_tx_pkt.
NOTE: http://www.openwall.com/lists/oss-security/2016/08/11/7
CVE-2016-6836 (The vmxnet3_complete_packet function in hw/net/vmxnet3.c in QEMU (aka ...)
- qemu 1:2.6+dfsg-3.1 (bug #834944)
- [jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
@@ -117880,7 +117858,6 @@ CVE-2016-6354 (Heap-based buffer overflow in the yy_get_next_buffer function in
CVE-2016-6351 (The esp_do_dma function in hw/scsi/esp.c in QEMU (aka Quick Emulator), ...)
{DLA-574-1 DLA-573-1}
- qemu 1:2.6+dfsg-3.1 (bug #832621)
- [jessie] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=926cde5f3e4d2504ed161ed0cb771ac7cad6fd11 (v2.7.0-rc0)
NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=cc96677469388bad3d66479379735cf75db069e3 (v2.7.0-rc0)
@@ -121103,7 +121080,6 @@ CVE-2016-5360 (HAproxy 1.6.x before 1.6.6, when a deny comes from a reqdeny rule
NOTE: Fixed by: http://git.haproxy.org/?p=haproxy-1.6.git;a=commit;h=60f01f8c89e4fb2723d5a9f2046286e699567e0b
CVE-2016-5338 (The (1) esp_reg_read and (2) esp_reg_write functions in hw/scsi/esp.c ...)
- qemu 1:2.6+dfsg-2 (bug #827024)
- [jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <no-dsa> (Minor issue)
@@ -121112,7 +121088,6 @@ CVE-2016-5338 (The (1) esp_reg_read and (2) esp_reg_write functions in hw/scsi/e
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=ff589551c8e8e9e95e211b9d8daafb4ed39f1aec
CVE-2016-5337 (The megasas_ctrl_get_info function in hw/scsi/megasas.c in QEMU allows ...)
- qemu 1:2.6+dfsg-2 (bug #827026)
- [jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <not-affected> (Vulnerable code not present)
NOTE: Xen switched to qemu-system in 4.4.0-1
@@ -121971,7 +121946,6 @@ CVE-2016-5239 (The gnuplot delegate functionality in ImageMagick before 6.9.4-0
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/e38b4f74ca19
CVE-2016-5238 (The get_cmd function in hw/scsi/esp.c in QEMU might allow local guest ...)
- qemu 1:2.6+dfsg-3 (bug #826152)
- [jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <no-dsa> (Minor issue)
@@ -122960,7 +122934,6 @@ CVE-2016-XXXX [AST-2016-005]
NOTE: http://downloads.asterisk.org/pub/security/AST-2016-005.html
CVE-2016-5107 (The megasas_lookup_frame function in QEMU, when built with MegaRAID ...)
- qemu 1:2.6+dfsg-2 (bug #825616)
- [jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <not-affected> (Vulnerable code not present)
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04424.html
@@ -122968,14 +122941,12 @@ CVE-2016-5107 (The megasas_lookup_frame function in QEMU, when built with MegaRA
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1336461
CVE-2016-5106 (The megasas_dcmd_set_properties function in hw/scsi/megasas.c in QEMU, ...)
- qemu 1:2.6+dfsg-2 (bug #825615)
- [jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <not-affected> (Vulnerable code not present)
NOTE: Introduced after: http://git.qemu.org/?p=qemu.git;a=commit;h=e8f943c3bcc2a578bfd30b825f2ebaf345c63a09 (v1.2.0-rc0)
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04340.html
CVE-2016-5105 (The megasas_dcmd_cfg_read function in hw/scsi/megasas.c in QEMU, when ...)
- qemu 1:2.6+dfsg-2 (bug #825614)
- [jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <not-affected> (Vulnerable code not present)
NOTE: Introduced after: http://git.qemu.org/?p=qemu.git;a=commit;h=e8f943c3bcc2a578bfd30b825f2ebaf345c63a09 (v1.2.0-rc0)
@@ -123243,7 +123214,6 @@ CVE-2016-XXXX [mediawiki issues from 1.26.3, 1.25.6 and 1.23.14]
NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-May/000188.html
CVE-2016-4952 (QEMU (aka Quick Emulator), when built with VMWARE PVSCSI paravirtual ...)
- qemu 1:2.6+dfsg-2 (bug #825210)
- [jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <not-affected> (VMWare PVSCSI paravirtual device implementation introduced later)
- qemu-kvm <not-affected> (VMWare PVSCSI paravirtual device implementation introduced later)
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg03774.html
@@ -124574,7 +124544,6 @@ CVE-2016-4455 (The Subscription Manager package (aka subscription-manager) befor
NOT-FOR-US: Red Hat Subscription Manager
CVE-2016-4454 (The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in QEMU ...)
- qemu 1:2.6+dfsg-3
- [jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <no-dsa> (Minor issue)
@@ -124582,7 +124551,6 @@ CVE-2016-4454 (The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in Q
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1336429
CVE-2016-4453 (The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU allows ...)
- qemu 1:2.6+dfsg-3
- [jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <no-dsa> (Minor issue)
@@ -124625,7 +124593,6 @@ CVE-2016-4442 (The rack-mini-profiler gem before 0.10.1 for Ruby allows remote .
NOT-FOR-US: rack-mini-profiler gem
CVE-2016-4441 (The get_cmd function in hw/scsi/esp.c in the 53C9X Fast SCSI ...)
- qemu 1:2.6+dfsg-2 (bug #824856)
- [jessie] - qemu <no-dsa> (Minor issue; can be fixed along with a future DSA)
[wheezy] - qemu <no-dsa> (Minor issue; can be fixed along with a future DSA)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <no-dsa> (Minor issue; can be fixed along with a future DSA)
@@ -124641,7 +124608,6 @@ CVE-2016-4440 (arch/x86/kvm/vmx.c in the Linux kernel through 4.6.3 mishandles t
CVE-2016-4439 (The esp_reg_write function in hw/scsi/esp.c in the 53C9X Fast SCSI ...)
{DLA-574-1 DLA-573-1}
- qemu 1:2.6+dfsg-2 (bug #824856)
- [jessie] - qemu <no-dsa> (Minor issue; can be fixed along with a future DSA)
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg03273.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1337502
@@ -125735,7 +125701,6 @@ CVE-2016-4031 (Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build
NOT-FOR-US: Samsung
CVE-2016-4037 (The ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU allows ...)
- qemu 1:2.6+dfsg-1 (bug #822344)
- [jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <no-dsa> (Minor issue)
@@ -125826,7 +125791,6 @@ CVE-2016-4003 (Cross-site scripting (XSS) vulnerability in the URLDecoder functi
CVE-2016-4020 (The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not ...)
{DLA-574-1 DLA-573-1}
- qemu 1:2.6+dfsg-2 (bug #821062)
- [jessie] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01118.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1313686
@@ -125915,7 +125879,6 @@ CVE-2015-8841 (Heap-based buffer overflow in the Archive support module in ESET
NOT-FOR-US: ESET NOD32
CVE-2016-4002 (Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in ...)
- qemu 1:2.6+dfsg-2 (bug #821061)
- [jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <no-dsa> (Minor issue)
@@ -125924,7 +125887,6 @@ CVE-2016-4002 (Buffer overflow in the mipsnet_receive function in hw/net/mipsnet
NOTE: http://www.openwall.com/lists/oss-security/2016/04/11/6
CVE-2016-4001 (Buffer overflow in the stellaris_enet_receive function in ...)
- qemu 1:2.6+dfsg-1 (bug #821038)
- [jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <no-dsa> (Minor issue)
@@ -129010,7 +128972,6 @@ CVE-2016-3141 (Use-after-free vulnerability in wddx.c in the WDDX extension in P
NOTE: http://www.openwall.com/lists/oss-security/2016/03/13/1
CVE-2016-2858 (QEMU, when built with the Pseudo Random Number Generator (PRNG) ...)
- qemu 1:2.6+dfsg-1 (bug #817183)
- [jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <not-affected> (Vulnerable code not present)
[squeeze] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <not-affected> (Vulnerable code not present)
@@ -129037,7 +128998,6 @@ CVE-2016-2840 (An issue was discovered in Open-Xchange Server 6 / OX AppSuite be
CVE-2016-2857 (The net_checksum_calculate function in net/checksum.c in QEMU allows ...)
{DLA-574-1 DLA-573-1}
- qemu 1:2.6+dfsg-1 (bug #817182)
- [jessie] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=362786f14a753d8a5256ef97d7c10ed576d6572b (v2.6.0-rc0)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1296567
@@ -129362,7 +129322,6 @@ CVE-2015-8819
RESERVED
CVE-2016-2841 (The ne2000_receive function in the NE2000 NIC emulation support ...)
- qemu 1:2.6+dfsg-1 (bug #817181)
- [jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <no-dsa> (Minor issue)
@@ -130279,7 +130238,6 @@ CVE-2016-2512 (The utils.http.is_safe_url function in Django before 1.8.10 and 1
NOTE: https://www.djangoproject.com/weblog/2016/mar/01/security-releases/
CVE-2016-2538 (Multiple integer overflows in the USB Net device emulator ...)
- qemu 1:2.6+dfsg-1 (bug #815680)
- [jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <no-dsa> (Minor issue)
[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
- qemu-kvm <removed>
@@ -130611,7 +130569,6 @@ CVE-2015-8814 (Umbraco before 7.4.0 allows remote attackers to bypass anti-forge
NOT-FOR-US: Umbraco
CVE-2016-2392 (The is_rndis function in the USB Net device emulator ...)
- qemu 1:2.6+dfsg-1 (bug #815008)
- [jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <no-dsa> (Minor issue)
[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
- qemu-kvm <removed>
@@ -130621,7 +130578,6 @@ CVE-2016-2392 (The is_rndis function in the USB Net device emulator ...)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1302299
CVE-2016-2391 (The ohci_bus_start function in the USB OHCI emulation support ...)
- qemu 1:2.6+dfsg-1 (bug #815009)
- [jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <no-dsa> (Minor issue)
[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
- qemu-kvm <removed>
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/86e170a2be2d8bd4cea98f925a91b1429fdca26e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/86e170a2be2d8bd4cea98f925a91b1429fdca26e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181129/d7565694/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list