[Git][security-tracker-team/security-tracker][master] New upstream version for qemu to unstable fixing several CVEs
Salvatore Bonaccorso
carnil at debian.org
Tue Aug 27 18:54:48 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c6405ced by Salvatore Bonaccorso at 2019-08-27T17:53:48Z
New upstream version for qemu to unstable fixing several CVEs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4137,7 +4137,7 @@ CVE-2019-14379 (SubTypeValidator.java in FasterXML jackson-databind before 2.9.9
NOTE: https://github.com/FasterXML/jackson-databind/commit/ad418eeb974e357f2797aef64aa0e3ffaaa6125b
CVE-2019-14378 (ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overf ...)
{DSA-4506-1}
- - qemu <unfixed> (bug #933741)
+ - qemu 1:4.1-1 (bug #933741)
- qemu-kvm <removed>
- slirp4netns 0.3.2-1 (bug #933742)
NOTE: https://gitlab.freedesktop.org/slirp/libslirp/commit/126c04acbabd7ad32c2b018fe10dfac2a3bc1210
@@ -8144,7 +8144,7 @@ CVE-2019-13165
RESERVED
CVE-2019-13164 (qemu-bridge-helper.c in QEMU 4.0.0 does not ensure that a network inte ...)
{DSA-4506-1}
- - qemu <unfixed> (bug #931351)
+ - qemu 1:4.1-1 (bug #931351)
[buster] - qemu <postponed> (Minor issue, can be fixed along in future DSA)
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2019-07/msg00245.html
@@ -20482,7 +20482,7 @@ CVE-2019-8936 (NTP through 4.2.8p12 has a NULL Pointer Dereference. ...)
NOTE: Relates/corresponds to https://gitlab.com/NTPsec/ntpsec/issues/509 for ntpsec
NOTE: which has a separate CVE id CVE-2019-6445 specifically for src:ntpsec
CVE-2019-8934 (hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure becau ...)
- - qemu <unfixed> (low; bug #922923)
+ - qemu 1:4.1-1 (low; bug #922923)
[buster] - qemu <ignored> (Too intrusive to backport, marginal impact)
[stretch] - qemu <ignored> (Too intrusive to backport, marginal impact)
[jessie] - qemu <ignored> (Too intrusive to backport, marginal impact, ppc not supported in jessie-lts)
@@ -35228,7 +35228,7 @@ CVE-2018-20217 (A Reachable Assertion issue was discovered in the KDC in MIT Ker
NOTE: http://krbdev.mit.edu/rt/Ticket/Display.html?id=8763
NOTE: https://github.com/krb5/krb5/commit/5e6d1796106df8ba6bc1973ee0917c170d929086
CVE-2018-20216 (QEMU can have an infinite loop in hw/rdma/vmw/pvrdma_dev_ring.c becaus ...)
- - qemu <unfixed> (unimportant)
+ - qemu 1:4.1-1 (unimportant)
[stretch] - qemu <not-affected> (Vulnerable code not present)
[jessie] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <removed>
@@ -35308,7 +35308,7 @@ CVE-2018-20193 (Certain Secure Access SA Series SSL VPN products (originally dev
CVE-2018-20192
RESERVED
CVE-2018-20191 (hw/rdma/vmw/pvrdma_main.c in QEMU does not implement a read operation ...)
- - qemu <unfixed> (unimportant)
+ - qemu 1:4.1-1 (unimportant)
[stretch] - qemu <not-affected> (Vulnerable code not present)
[jessie] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <removed>
@@ -37693,7 +37693,7 @@ CVE-2018-20128 (An issue was discovered in UsualToolCMS v8.0. cmsadmin\a_sqlback
CVE-2018-20127 (An issue was discovered in zzzphp cms 1.5.8. del_file in /admin/save.p ...)
NOT-FOR-US: zzzphp cms
CVE-2018-20126 (hw/rdma/vmw/pvrdma_cmd.c in QEMU allows create_cq and create_qp memory ...)
- - qemu <unfixed> (unimportant)
+ - qemu 1:4.1-1 (unimportant)
[stretch] - qemu <not-affected> (Vulnerable code not present)
[jessie] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <removed>
@@ -37701,7 +37701,7 @@ CVE-2018-20126 (hw/rdma/vmw/pvrdma_cmd.c in QEMU allows create_cq and create_qp
NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=509f57c98e7536905bb4902363d0cba66ce7e089
NOTE: PVRDMA support not enabled in the binary packages until 1:3.1+dfsg-3, disabled again in 1:3.1+dfsg-4
CVE-2018-20125 (hw/rdma/vmw/pvrdma_cmd.c in QEMU allows attackers to cause a denial of ...)
- - qemu <unfixed> (unimportant)
+ - qemu 1:4.1-1 (unimportant)
[stretch] - qemu <not-affected> (Vulnerable code not present)
[jessie] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <removed>
@@ -37709,7 +37709,7 @@ CVE-2018-20125 (hw/rdma/vmw/pvrdma_cmd.c in QEMU allows attackers to cause a den
NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=2c858ce5da8ae6689c75182b73bc455a291cad41
NOTE: PVRDMA support not enabled in the binary packages until 1:3.1+dfsg-3, disabled again in 1:3.1+dfsg-4
CVE-2018-20124 (hw/rdma/rdma_backend.c in QEMU allows guest OS users to trigger out-of ...)
- - qemu <unfixed> (bug #922461; unimportant)
+ - qemu 1:4.1-1 (bug #922461; unimportant)
[stretch] - qemu <not-affected> (Vulnerable code not present)
[jessie] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <removed>
@@ -37718,7 +37718,7 @@ CVE-2018-20124 (hw/rdma/rdma_backend.c in QEMU allows guest OS users to trigger
NOTE: PVRDMA support not enabled in the binary packages until 1:3.1+dfsg-3, disabled again in 1:3.1+dfsg-4
NOTE: The issue is in PVRDMA support, cf. https://bugs.debian.org/922461#18
CVE-2018-20123 (pvrdma_realize in hw/rdma/vmw/pvrdma_main.c in QEMU has a Memory leak ...)
- - qemu <unfixed> (unimportant; bug #916442)
+ - qemu 1:4.1-1 (unimportant; bug #916442)
[stretch] - qemu <not-affected> (Vulnerable code not present)
[jessie] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <removed>
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c6405ced666c7ad701c0d8040ac5c15258c0ff4d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c6405ced666c7ad701c0d8040ac5c15258c0ff4d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190827/1b22a3a8/attachment.html>
More information about the debian-security-tracker-commits
mailing list