[Git][security-tracker-team/security-tracker][master] Update CVE-2017-11334, CVE-2018-12617, CVE-2018-15746 for qemu/jessie.

Roberto C. Sánchez roberto at debian.org
Sat Sep 8 19:59:00 BST 2018


Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c4a11a85 by Roberto C. Sánchez at 2018-09-08T18:49:35Z
Update CVE-2017-11334, CVE-2018-12617, CVE-2018-15746 for qemu/jessie.

CVE-2017-11334 - marked "no-dsa" (minor issue) for wheezy; the code in
jessie is substantially different from upstream and given the low
severity of the issue it makes sense to follow the path taken for wheezy
rather than try to adapt the upstream patch to jessie

CVE-2018-12617 - marked "postponed" (minor issue) for stretch; it makes
sense to follow the same for jessie

CVE-2018-15746 - marked "no-dsa" (minor issue; only enabled by default
later) for stretch; since the same default configuration exists in
jessie, it makes sense to follow the same

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2377,6 +2377,7 @@ CVE-2018-15747
 CVE-2018-15746 (qemu-seccomp.c in QEMU might allow local OS guest users to cause a ...)
 	- qemu <unfixed> (bug #907500)
 	[stretch] - qemu <no-dsa> (Minor issue; Only enabled by default later, but supported)
+	[jessie] - qemu <no-dsa> (Minor issue; Only enabled by default later, but supported)
 	- qemu-kvm <removed>
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-08/msg02289.html
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-08/msg04892.html
@@ -9968,6 +9969,7 @@ CVE-2018-12618
 CVE-2018-12617 (qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in ...)
 	- qemu <unfixed> (low; bug #902725)
 	[stretch] - qemu <postponed> (Minor issue, wait until more severe issues are around)
+	[jessie] - qemu <postponed> (Minor issue, wait until more severe issues are around)
 	NOTE: https://gist.github.com/fakhrizulkifli/c7740d28efa07dafee66d4da5d857ef6
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg03385.html
 CVE-2018-12616
@@ -63480,6 +63482,7 @@ CVE-2017-11524 (The WriteBlob function in MagickCore/blob.c in ImageMagick befor
 CVE-2017-11334 (The address_space_write_continue function in exec.c in QEMU (aka Quick ...)
 	{DSA-3925-1}
 	- qemu 1:2.8+dfsg-7 (bug #869173)
+	[jessie] - qemu <no-dsa> (Minor issue)
 	[wheezy] - qemu <no-dsa> (Minor issue)
 	- qemu-kvm <removed>
 	[wheezy] - qemu-kvm <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c4a11a85bcbf7d0955589b82a3d2323e9c276732

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c4a11a85bcbf7d0955589b82a3d2323e9c276732
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180908/24ad109c/attachment.html>


More information about the debian-security-tracker-commits mailing list