[Git][security-tracker-team/security-tracker][master] Remove no-dsa tagged entries which got an update
Salvatore Bonaccorso
carnil at debian.org
Thu Sep 6 21:20:50 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
afd37adf by Salvatore Bonaccorso at 2018-09-06T20:19:43Z
Remove no-dsa tagged entries which got an update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -29044,7 +29044,6 @@ CVE-2018-5773 (An issue was discovered in markdown2 (aka python-markdown2) throu
CVE-2017-18043 (Integer overflow in the macro ROUND_UP (n, d) in Quick Emulator (Qemu) ...)
{DSA-4213-1 DLA-1497-1}
- qemu 1:2.10.0+dfsg-2
- [jessie] - qemu <postponed> (Can be fixed along in a future DSA)
[wheezy] - qemu <not-affected> (vulnerable code not present)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <not-affected> (vulnerable code not present)
@@ -29432,7 +29431,6 @@ CVE-2018-5684 (In Libav through 12.2, there is an invalid memcpy call in the ...
CVE-2018-5683 (The vga_draw_text function in Qemu allows local OS guest privileged ...)
{DSA-4213-1 DLA-1497-1}
- qemu 1:2.12~rc3+dfsg-1 (bug #887392)
- [jessie] - qemu <postponed> (Minor issue, can be fixed along in future DSA)
[wheezy] - qemu <postponed> (Minor issue, can be fixed along in next DLA)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <postponed> (Minor issue, can be fixed along in next DLA)
@@ -46411,7 +46409,6 @@ CVE-2017-16846 (Zoho ManageEngine Applications Manager 13 before build 13530 all
CVE-2017-16845 (hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values ...)
{DSA-4213-1 DLA-1497-1}
- qemu 1:2.12~rc3+dfsg-1 (bug #882136)
- [jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <postponed> (Can be fixed along in a future update)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <postponed> (Can be fixed along in a future update)
@@ -50941,7 +50938,6 @@ CVE-2017-15590 (An issue was discovered in Xen through 4.9.x allowing x86 guest
CVE-2017-15289 (The mode4and5 write functions in hw/display/cirrus_vga.c in Qemu allow ...)
{DSA-4213-1 DLA-1497-1}
- qemu 1:2.11+dfsg-1 (bug #880832)
- [jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <postponed> (Can be fixed along in a future update)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <postponed> (Can be fixed along in a future update)
@@ -51838,7 +51834,6 @@ CVE-2017-15039 (Cross-site scripting (XSS) exists in Zurmo 3.2.1.57987acc3018 vi
CVE-2017-15038 (Race condition in the v9fs_xattrwalk function in hw/9pfs/9p.c in QEMU ...)
{DSA-4213-1 DLA-1497-1 DLA-1129-1 DLA-1128-1}
- qemu 1:2.10.0+dfsg-2 (bug #877890)
- [jessie] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg00729.html
CVE-2017-15037 (In FreeBSD through 11.1, the smb_strdupin function in ...)
@@ -64689,7 +64684,6 @@ CVE-2017-10808
CVE-2017-10806 (Stack-based buffer overflow in hw/usb/redirect.c in QEMU (aka Quick ...)
{DSA-3925-1 DLA-1497-1}
- qemu 1:2.8+dfsg-7 (bug #867751)
- [jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <no-dsa> (Minor issue)
@@ -68347,7 +68341,6 @@ CVE-2017-9503 (QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2 H
{DLA-1497-1}
- qemu 1:2.10.0-1 (bug #865754)
[stretch] - qemu <no-dsa> (Minor issue, can be included in future update)
- [jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
@@ -68760,7 +68753,6 @@ CVE-2017-9375 (QEMU (aka Quick Emulator), when built with USB xHCI controller ..
CVE-2017-9374 (Memory leak in QEMU (aka Quick Emulator), when built with USB EHCI ...)
{DSA-3920-1 DLA-1497-1}
- qemu 1:2.8+dfsg-7 (bug #864568)
- [jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <no-dsa> (Minor issue)
@@ -68946,7 +68938,6 @@ CVE-2017-9334 (An incorrect "pair?" check in the Scheme "length&q
CVE-2017-9330 (QEMU (aka Quick Emulator) before 2.9.0, when built with the USB OHCI ...)
{DSA-3920-1 DLA-1497-1}
- qemu 1:2.8+dfsg-7 (bug #863943)
- [jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <not-affected> (Vulnerable code no present)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <not-affected> (Vulnerable code no present)
@@ -71865,7 +71856,6 @@ CVE-2017-8380 (Buffer overflow in the "megasas_mmio_write" function in
CVE-2017-8379 (Memory leak in the keyboard input event handlers support in QEMU (aka ...)
{DLA-1497-1}
- qemu 1:2.8+dfsg-5 (bug #862289)
- [jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <no-dsa> (Minor issue)
@@ -72132,7 +72122,6 @@ CVE-2017-8310 (Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.
CVE-2017-8309 (Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows ...)
{DLA-1497-1 DLA-1071-1 DLA-1070-1}
- qemu 1:2.8+dfsg-5 (bug #862280)
- [jessie] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=3268a845f41253fb55852a8429c32b50f36f349a
CVE-2017-8308 (In Avast Antivirus before v17, an unprivileged user (and thus malware ...)
@@ -75396,7 +75385,6 @@ CVE-2017-7378 (The PoDoFo::PdfPainter::ExpandTabs function in PdfPainter.cpp in
CVE-2017-7377 (The (1) v9fs_create and (2) v9fs_lcreate functions in hw/9pfs/9p.c in ...)
{DLA-1497-1 DLA-1035-1 DLA-965-1}
- qemu 1:2.8+dfsg-4 (bug #859854)
- [jessie] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-03/msg05449.html
NOTE: http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=d63fb193e71644a073b77ff5ac6f1216f2f6cf6e
@@ -77947,7 +77935,6 @@ CVE-2017-6506 (In Azure Data Expert Ultimate 2.2.16, the SMTP verification funct
CVE-2017-6505 (The ohci_service_ed_list function in hw/usb/hcd-ohci.c in QEMU (aka ...)
{DLA-1497-1 DLA-1071-1 DLA-1070-1}
- qemu 1:2.8+dfsg-4 (bug #856969)
- [jessie] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
NOTE: Fixed by: http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=95ed56939eb2eaa4e2f349fe6dcd13ca4edfd8fb
CVE-2017-6504 (WebUI in qBittorrent before 3.3.11 did not set the X-Frame-Options ...)
@@ -79637,7 +79624,6 @@ CVE-2017-5988 (NetApp Clustered Data ONTAP 8.1 through 9.1P1, when NFS or SMB is
CVE-2017-5987 (The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU ...)
{DLA-1497-1}
- qemu 1:2.8+dfsg-3 (bug #855159)
- [jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
@@ -79716,7 +79702,6 @@ CVE-2017-5974 (Heap-based buffer overflow in the __zzip_get32 function in fetch.
CVE-2017-5973 (The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick ...)
{DLA-1497-1 DLA-845-1 DLA-842-1}
- qemu 1:2.8+dfsg-3 (bug #855611)
- [jessie] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg01101.html
NOTE: http://www.openwall.com/lists/oss-security/2017/02/13/11
@@ -80703,7 +80688,6 @@ CVE-2017-5857 (Memory leak in the virgl_cmd_resource_unref function in ...)
CVE-2017-5856 (Memory leak in the megasas_handle_dcmd function in hw/scsi/megasas.c ...)
{DLA-1497-1}
- qemu 1:2.8+dfsg-3 (bug #853996)
- [jessie] - qemu <no-dsa> (Minor issue; can be fixed in future DSA or point release)
[wheezy] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
@@ -81015,7 +80999,6 @@ CVE-2004-2778 (Ebuild in Gentoo may change directory and file permissions depend
CVE-2017-5667 (The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU ...)
{DLA-1497-1}
- qemu 1:2.8+dfsg-3 (bug #853996)
- [jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
@@ -81253,7 +81236,6 @@ CVE-2017-5580 (The parse_instruction function in gallium/auxiliary/tgsi/tgsi_tex
CVE-2017-5579 (Memory leak in the serial_exit_core function in hw/char/serial.c in ...)
{DLA-1497-1}
- qemu 1:2.8+dfsg-3 (bug #853002)
- [jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <no-dsa> (Minor issue)
@@ -81436,7 +81418,6 @@ CVE-2017-5613 (Format string vulnerability in cgiemail and cgiecho allows remote
CVE-2016-10155 (Memory leak in hw/watchdog/wdt_i6300esb.c in QEMU (aka Quick Emulator) ...)
{DLA-1497-1}
- qemu 1:2.8+dfsg-2 (low; bug #852232)
- [jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <no-dsa> (Minor issue)
@@ -81532,7 +81513,6 @@ CVE-2017-5537 (The password reset form in Weblate before 2.10.1 provides differe
CVE-2017-5526 (Memory leak in hw/audio/es1370.c in QEMU (aka Quick Emulator) allows ...)
{DLA-1497-1}
- qemu 1:2.8+dfsg-2 (bug #851910)
- [jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <no-dsa> (Minor issue)
@@ -81543,7 +81523,6 @@ CVE-2017-5526 (Memory leak in hw/audio/es1370.c in QEMU (aka Quick Emulator) all
CVE-2017-5525 (Memory leak in hw/audio/ac97.c in QEMU (aka Quick Emulator) allows ...)
{DLA-1497-1}
- qemu 1:2.8+dfsg-2 (bug #852021)
- [jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <no-dsa> (Minor issue)
@@ -86739,7 +86718,6 @@ CVE-2016-9923 (Quick Emulator (Qemu) built with the 'chardev' backend support is
CVE-2016-9922 (The cirrus_do_copy function in hw/display/cirrus_vga.c in QEMU (aka ...)
{DLA-1497-1 DLA-765-1 DLA-764-1}
- qemu 1:2.8+dfsg-1 (bug #847960)
- [jessie] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-12/msg00442.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1334398
@@ -86749,7 +86727,6 @@ CVE-2016-9922 (The cirrus_do_copy function in hw/display/cirrus_vga.c in QEMU (a
CVE-2016-9921 (Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator ...)
{DLA-1497-1 DLA-765-1 DLA-764-1}
- qemu 1:2.8+dfsg-1 (bug #847960)
- [jessie] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-12/msg00442.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1334398
@@ -88206,7 +88183,6 @@ CVE-2016-9912 (Quick Emulator (Qemu) built with the Virtio GPU Device emulator .
CVE-2016-9916 (Memory leak in hw/9pfs/9p-proxy.c in QEMU (aka Quick Emulator) allows ...)
{DLA-1497-1}
- qemu 1:2.8+dfsg-1 (bug #847496)
- [jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <no-dsa> (Minor issue, virtfs-proxy-helper not present)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <no-dsa> (Minor issue, virtfs-proxy-helper not present)
@@ -88217,7 +88193,6 @@ CVE-2016-9916 (Memory leak in hw/9pfs/9p-proxy.c in QEMU (aka Quick Emulator) al
CVE-2016-9915 (Memory leak in hw/9pfs/9p-handle.c in QEMU (aka Quick Emulator) allows ...)
{DLA-1497-1}
- qemu 1:2.8+dfsg-1 (bug #847496)
- [jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <no-dsa> (handle driver not included during compilation)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <no-dsa> (handle driver not included during compilation)
@@ -88229,7 +88204,6 @@ CVE-2016-9915 (Memory leak in hw/9pfs/9p-handle.c in QEMU (aka Quick Emulator) a
CVE-2016-9914 (Memory leak in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local ...)
{DLA-1497-1}
- qemu 1:2.8+dfsg-1 (bug #847496)
- [jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <no-dsa> (proxy and handle drivers not included during compilation)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <no-dsa> (proxy and handle drivers not included during compilation)
@@ -88249,14 +88223,12 @@ CVE-2016-9913 (Memory leak in the v9fs_device_unrealize_common function in ...)
CVE-2016-9911 (Quick Emulator (Qemu) built with the USB EHCI Emulation support is ...)
{DLA-1497-1 DLA-765-1 DLA-764-1}
- qemu 1:2.8+dfsg-1 (bug #847951)
- [jessie] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
NOTE: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=791f97758e223de3290592d169f (v2.8.0-rc0)
NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/10
CVE-2016-9907 (Quick Emulator (Qemu) built with the USB redirector usb-guest support ...)
{DLA-1497-1}
- qemu 1:2.8+dfsg-1 (bug #847953)
- [jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
@@ -95131,7 +95103,6 @@ CVE-2016-9777 (KVM in the Linux kernel before 4.8.12, when I/O APIC is enabled,
CVE-2016-9776 (QEMU (aka Quick Emulator) built with the ColdFire Fast Ethernet ...)
{DLA-1497-1}
- qemu 1:2.8+dfsg-1 (bug #846797)
- [jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <not-affected> (Coldfire is not emulated by kvm)
@@ -95586,7 +95557,6 @@ CVE-2016-9603 (A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx
CVE-2016-9602 (Qemu before version 2.9 is vulnerable to an improper link following ...)
{DLA-1497-1 DLA-1035-1 DLA-965-1}
- qemu 1:2.8+dfsg-3 (bug #853006)
- [jessie] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1413929
NOTE: The original proposed patch does not fix the issue, cf.
@@ -98844,7 +98814,6 @@ CVE-2016-8671 (The pstm_exptmod function in MatrixSSL 3.8.6 and earlier does not
CVE-2016-8669 (The serial_update_parameters function in hw/char/serial.c in QEMU (aka ...)
{DLA-1497-1 DLA-679-1 DLA-678-1}
- qemu 1:2.8+dfsg-1 (bug #840945)
- [jessie] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02461.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1384909
@@ -98859,7 +98828,6 @@ CVE-2016-8668 (The rocker_io_writel function in hw/net/rocker/rocker.c in QEMU (
CVE-2016-8667 (The rc4030_write function in hw/dma/rc4030.c in QEMU (aka Quick ...)
{DLA-1497-1}
- qemu 1:2.8+dfsg-4 (bug #840950)
- [jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <no-dsa> (minor issue)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <not-affected> (Code only affects mips platform)
@@ -99459,7 +99427,6 @@ CVE-2016-8577 (Memory leak in the v9fs_read function in hw/9pfs/9p.c in QEMU (ak
CVE-2016-8576 (The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick ...)
{DLA-1497-1 DLA-679-1 DLA-678-1}
- qemu 1:2.8+dfsg-1 (bug #840343)
- [jessie] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg01265.html
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=05f43d44e4bc26611ce25fd7d726e483f73363ce
@@ -120501,7 +120468,6 @@ CVE-2016-2092
CVE-2016-2198 (QEMU (aka Quick Emulator) built with the USB EHCI emulation support is ...)
{DLA-1497-1}
- qemu 1:2.6+dfsg-1 (bug #813193)
- [jessie] - qemu <no-dsa> (Minor issue; Can be fixed along with a future DSA)
[wheezy] - qemu <not-affected> (Introduced after v1.2.0)
[squeeze] - qemu <not-affected> (Introduced after v1.2.0)
- qemu-kvm <not-affected> (Introduced after v1.2.0)
@@ -124209,7 +124175,6 @@ CVE-2015-8665 (tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause
CVE-2015-8666 (Heap-based buffer overflow in QEMU, when built with the ...)
{DLA-1497-1}
- qemu 1:2.5+dfsg-1
- [jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <no-dsa> (Minor issue)
[squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
- qemu-kvm <removed>
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/afd37adf891bf8c911c53304944614d9549e144f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/afd37adf891bf8c911c53304944614d9549e144f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180906/5d287ca5/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list