[Git][security-tracker-team/security-tracker][master] qemu spu (in preparation)

Sat Apr 6 11:09:30 BST 2019


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7533304f by Moritz Muehlenhoff at 2019-04-06T10:08:50Z
qemu spu (in preparation)

- - - - -


2 changed files:

- data/CVE/list
- data/next-point-update.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -3130,6 +3130,7 @@ CVE-2019-9825 (FeiFeiCMS 4.1.190209 allows remote attackers to upload and execut
 CVE-2019-9824
 	RESERVED
 	- qemu 1:3.1+dfsg-6
+	[stretch] - qemu <no-dsa> (Minor issue, pending for stable point update)
 	- qemu-kvm <removed>
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2019-03/msg01871.html
 	NOTE: https://www.openwall.com/lists/oss-security/2019/03/18/1
@@ -10643,6 +10644,7 @@ CVE-2019-6779 (Cscms 4.1.8 allows admin.php/links/save CSRF to add, modify, or d
 CVE-2019-6778 (In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer ove ...)
 	{DLA-1694-1}
 	- qemu 1:3.1+dfsg-3 (bug #921525)
+	[stretch] - qemu <no-dsa> (Minor issue, pending for stable point update)
 	- qemu-kvm <removed>
 	- slirp4netns 0.2.1-1
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2019-01/msg03132.html
@@ -17413,6 +17415,7 @@ CVE-2019-3813 (Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1665371
 CVE-2019-3812 (QEMU, through version 2.10 and through version 3.1.0, is vulnerable to ...)
 	- qemu 1:3.1+dfsg-5 (bug #922635)
+	[stretch] - qemu <no-dsa> (Minor issue, pending for stable point update)
 	[jessie] - qemu <not-affected> (vulnerable code introduced later)
 	- qemu-kvm <removed>
 	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=b05b267840515730dbf6753495d5b7bd8b04ad1c
@@ -28305,6 +28308,7 @@ CVE-2018-19490 (An issue was discovered in datafile.c in Gnuplot 5.2.5. This iss
 CVE-2018-19489 (v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a de ...)
 	{DLA-1646-1}
 	- qemu 1:3.1+dfsg-1 (bug #914727)
+	[stretch] - qemu <no-dsa> (Minor issue, pending for stable point update)
 	- qemu-kvm <removed>
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg04489.html
 	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=1d20398694a3b67a388d955b7a945ba4aa90a8a8 (master)
@@ -28662,6 +28666,7 @@ CVE-2018-19365 (The REST API in Wowza Streaming Engine 4.7.4.01 allows traversal
 CVE-2018-19364 (hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while ...)
 	{DLA-1646-1}
 	- qemu 1:3.1+dfsg-1 (bug #914599)
+	[stretch] - qemu <no-dsa> (Minor issue, pending for stable point update)
 	- qemu-kvm <removed>
 	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=5b76ef50f62079a2389ba28cacaf6cce68b1a0ed
 	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=5b3c77aa581ebb215125c84b0742119483571e55
@@ -30021,7 +30026,7 @@ CVE-2018-18955 (In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_wri
 	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1712
 CVE-2018-18954 (The pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu before 3.1 al ...)
 	- qemu 1:3.1+dfsg-1 (low; bug #914604)
-	[stretch] - qemu <postponed> (Minor issue, can be backported once fixed upstream)
+	[stretch] - qemu <no-dsa> (Minor issue, pending for stable point update)
 	[jessie] - qemu <not-affected> (Vulnerable code not present. ppc/pnv lpc was added in 2.7)
 	- qemu-kvm <removed>
 	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=d07945e78eb6b593cd17a4640c1fc9eb35e3245d
@@ -30251,7 +30256,7 @@ CVE-2018-18850 (In Octopus Deploy 2018.8.0 through 2018.9.x before 2018.9.1, an
 	NOT-FOR-US: Octopus Deploy
 CVE-2018-18849 (In Qemu 3.0.0, lsi_do_msgin in hw/scsi/lsi53c895a.c allows out-of-boun ...)
 	- qemu 1:3.1+dfsg-1 (bug #912535)
-	[stretch] - qemu <postponed> (Minor issue, revisit for later update)
+	[stretch] - qemu <no-dsa> (Minor issue, pending for stable point update)
 	[jessie] - qemu <postponed> (Minor issue, revisit for later update)
 	- qemu-kvm <removed>
 	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=e58ccf039650065a9442de43c9816f81e88f27f6
@@ -32783,7 +32788,7 @@ CVE-2018-17959
 CVE-2018-17958 (Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c b ...)
 	{DLA-1646-1}
 	- qemu 1:3.1+dfsg-1 (bug #911499)
-	[stretch] - qemu <postponed> (Minor issue, revisit for later update)
+	[stretch] - qemu <no-dsa> (Minor issue, pending for stable point update)
 	- qemu-kvm <removed>
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03269.html
 	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=1a326646fef38782e5542280040ec3ea23e4a730
@@ -35414,6 +35419,7 @@ CVE-2018-16873 (In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" comma
 CVE-2018-16872 (A flaw was found in qemu Media Transfer Protocol (MTP). The code openi ...)
 	{DLA-1694-1}
 	- qemu 1:3.1+dfsg-2 (bug #916397)
+	[stretch] - qemu <no-dsa> (Minor issue, pending for stable point update)
 	- qemu-kvm <removed>
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg03135.html
 	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=bab9df35ce73d1c8e19a37e2737717ea1c984dc1
@@ -46374,7 +46380,7 @@ CVE-2018-12618
 CVE-2018-12617 (qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c i ...)
 	{DLA-1694-1}
 	- qemu 1:3.1+dfsg-1 (low; bug #902725)
-	[stretch] - qemu <postponed> (Minor issue, wait until more severe issues are around)
+	[stretch] - qemu <no-dsa> (Minor issue, pending for stable point update)
 	NOTE: https://gist.github.com/fakhrizulkifli/c7740d28efa07dafee66d4da5d857ef6
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg03385.html
 	NOTE: Fixed by: https://git.qemu.org/?p=qemu.git;a=commit;h=141b197408ab398c4f474ac1a728ab316e921f2b
@@ -48701,7 +48707,7 @@ CVE-2018-11807
 	RESERVED
 CVE-2018-11806 (m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via inc ...)
 	- qemu 1:3.1+dfsg-1 (bug #901017)
-	[stretch] - qemu <postponed> (Minor issue, wait until more severe issues are around)
+	[stretch] - qemu <no-dsa> (Minor issue, pending for stable point update)
 	[jessie] - qemu <postponed> (Minor issue, wait until more severe issues are around)
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg01012.html
 	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=864036e251f54c99d31df124aad7f34f01f5344c


=====================================
data/next-point-update.txt
=====================================
@@ -121,3 +121,28 @@ CVE-2018-7726
 CVE-2019-XXXX
 	[stretch] - open-vm-tools 2:10.1.5-5055683-4+deb9u2
 	NOTE: For #925959 (no CVE)
+CVE-2018-7726
+	[stretch] - zziplib 0.13.62-3.2~deb9u1
+CVE-2018-11806
+	[stretch] - qemu 1:2.8+dfsg-6+deb9u6
+CVE-2018-12617
+	[stretch] - qemu 1:2.8+dfsg-6+deb9u6
+CVE-2018-16872
+	[stretch] - qemu 1:2.8+dfsg-6+deb9u6
+CVE-2018-17958
+	[stretch] - qemu 1:2.8+dfsg-6+deb9u6
+CVE-2018-18849
+	[stretch] - qemu 1:2.8+dfsg-6+deb9u6
+CVE-2018-18954
+	[stretch] - qemu 1:2.8+dfsg-6+deb9u6
+CVE-2018-19364
+	[stretch] - qemu 1:2.8+dfsg-6+deb9u6
+CVE-2018-19489
+	[stretch] - qemu 1:2.8+dfsg-6+deb9u6
+CVE-2019-3812
+	[stretch] - qemu 1:2.8+dfsg-6+deb9u6
+CVE-2019-6778
+	[stretch] - qemu 1:2.8+dfsg-6+deb9u6
+CVE-2019-9824
+	[stretch] - qemu 1:2.8+dfsg-6+deb9u6
+



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7533304faf4aec41c5f4fe6df072bae14fc062d6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7533304faf4aec41c5f4fe6df072bae14fc062d6
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190406/d7123c25/attachment-0001.html>
