[Git][security-tracker-team/security-tracker][master] Update CVE-2017-11334, CVE-2018-12617, CVE-2018-15746 for qemu/jessie.
Roberto C. Sánchez
roberto at debian.org
Sat Sep 8 19:59:00 BST 2018
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c4a11a85 by Roberto C. Sánchez at 2018-09-08T18:49:35Z
Update CVE-2017-11334, CVE-2018-12617, CVE-2018-15746 for qemu/jessie.
CVE-2017-11334 - marked "no-dsa" (minor issue) for wheezy; the code in
jessie is substantially different from upstream and given the low
severity of the issue it makes sense to follow the path taken for wheezy
rather than try to adapt the upstream patch to jessie
CVE-2018-12617 - marked "postponed" (minor issue) for stretch; it makes
sense to follow the same for jessie
CVE-2018-15746 - marked "no-dsa" (minor issue; only enabled by default
later) for stretch; since the same default configuration exists in
jessie, it makes sense to follow the same
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2377,6 +2377,7 @@ CVE-2018-15747
CVE-2018-15746 (qemu-seccomp.c in QEMU might allow local OS guest users to cause a ...)
- qemu <unfixed> (bug #907500)
[stretch] - qemu <no-dsa> (Minor issue; Only enabled by default later, but supported)
+ [jessie] - qemu <no-dsa> (Minor issue; Only enabled by default later, but supported)
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-08/msg02289.html
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-08/msg04892.html
@@ -9968,6 +9969,7 @@ CVE-2018-12618
CVE-2018-12617 (qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in ...)
- qemu <unfixed> (low; bug #902725)
[stretch] - qemu <postponed> (Minor issue, wait until more severe issues are around)
+ [jessie] - qemu <postponed> (Minor issue, wait until more severe issues are around)
NOTE: https://gist.github.com/fakhrizulkifli/c7740d28efa07dafee66d4da5d857ef6
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg03385.html
CVE-2018-12616
@@ -63480,6 +63482,7 @@ CVE-2017-11524 (The WriteBlob function in MagickCore/blob.c in ImageMagick befor
CVE-2017-11334 (The address_space_write_continue function in exec.c in QEMU (aka Quick ...)
{DSA-3925-1}
- qemu 1:2.8+dfsg-7 (bug #869173)
+ [jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c4a11a85bcbf7d0955589b82a3d2323e9c276732
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c4a11a85bcbf7d0955589b82a3d2323e9c276732
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180908/24ad109c/attachment.html>
More information about the debian-security-tracker-commits
mailing list