[Git][security-tracker-team/security-tracker][master] Three CVEs fixed for qemu via unstable upload
Salvatore Bonaccorso
carnil at debian.org
Wed Feb 6 15:26:41 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e27d540d by Salvatore Bonaccorso at 2019-02-06T15:26:10Z
Three CVEs fixed for qemu via unstable upload
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1658,7 +1658,7 @@ CVE-2019-6779 (Cscms 4.1.8 allows admin.php/links/save CSRF to add, modify, or d
NOT-FOR-US: Cscms
CVE-2019-6778 [slirp: heap buffer overflow in tcp_emu()]
RESERVED
- - qemu <unfixed> (bug #921525)
+ - qemu 1:3.1+dfsg-3 (bug #921525)
- qemu-kvm <removed>
- slirp4netns 0.2.1-1
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2019-01/msg03132.html
@@ -2246,7 +2246,7 @@ CVE-2019-1003000 (A sandbox bypass vulnerability exists in Script Security Plugi
NOT-FOR-US: Jenkins plugin
CVE-2019-6501 [scsi-generic: possible OOB access while handling inquiry request]
RESERVED
- - qemu <unfixed> (bug #920222)
+ - qemu 1:3.1+dfsg-3 (bug #920222)
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2019-01/msg02324.html
NOTE: Code introduced by https://git.qemu.org/?p=qemu.git;a=commit;h=6c219fc8a1 ,
@@ -12806,7 +12806,7 @@ CVE-2018-20124 (hw/rdma/rdma_backend.c in QEMU allows guest OS users to trigger
NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=0e68373cc2b3a063ce067bc0cc3edaf370752890
NOTE: RDMA support not enabled in the binary packages.
CVE-2018-20123 (pvrdma_realize in hw/rdma/vmw/pvrdma_main.c in QEMU has a Memory leak ...)
- - qemu <unfixed> (unimportant; bug #916442)
+ - qemu 1:3.1+dfsg-3 (unimportant; bug #916442)
[stretch] - qemu <not-affected> (Vulnerable code not present)
[jessie] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <removed>
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e27d540d5fbcba39a764a289ab0016314f1ff9e3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e27d540d5fbcba39a764a289ab0016314f1ff9e3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190206/d00ef4b9/attachment.html>
More information about the debian-security-tracker-commits
mailing list