[Git][security-tracker-team/security-tracker][master] Mark qemu issues as unimporant as (PV)RDMA support disabled again

Salvatore Bonaccorso carnil at debian.org
Tue Feb 12 09:21:05 GMT 2019 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
42405ccc by Salvatore Bonaccorso at 2019-02-12T09:19:59Z
Mark qemu issues as unimporant as (PV)RDMA support disabled again

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -11292,13 +11292,13 @@ CVE-2018-20217 (A Reachable Assertion issue was discovered in the KDC in MIT Ker
 	NOTE: http://krbdev.mit.edu/rt/Ticket/Display.html?id=8763
 	NOTE: https://github.com/krb5/krb5/commit/5e6d1796106df8ba6bc1973ee0917c170d929086
 CVE-2018-20216 (QEMU can have an infinite loop in hw/rdma/vmw/pvrdma_dev_ring.c ...)
-	- qemu <unfixed>
+	- qemu <unfixed> (unimportant)
 	[stretch] - qemu <not-affected> (Vulnerable code not present)
 	[jessie] - qemu <not-affected> (Vulnerable code not present)
 	- qemu-kvm <removed>
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg03052.html
 	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=f1e2e38ee0136b7710a2caa347049818afd57a1b
-	NOTE: PVRDMA support not enabled in the binary packages until 1:3.1+dfsg-3.
+	NOTE: PVRDMA support not enabled in the binary packages until 1:3.1+dfsg-3, disabled again in 1:3.1+dfsg-4
 CVE-2018-20215
 	RESERVED
 CVE-2018-20214
@@ -11360,12 +11360,12 @@ CVE-2018-20193 (Certain Secure Access SA Series SSL VPN products (originally dev
 CVE-2018-20192
 	RESERVED
 CVE-2018-20191 (hw/rdma/vmw/pvrdma_main.c in QEMU does not implement a read operation ...)
-	- qemu <unfixed>
+	- qemu <unfixed> (unimportant)
 	[stretch] - qemu <not-affected> (Vulnerable code not present)
 	[jessie] - qemu <not-affected> (Vulnerable code not present)
 	- qemu-kvm <removed>
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg03066.html
-	NOTE: PVRDMA support not enabled until 1:3.1+dfsg-3.
+	NOTE: PVRDMA support not enabled in the binary packages until 1:3.1+dfsg-3, disabled again in 1:3.1+dfsg-4
 CVE-2018-20190 (In LibSass 3.5.5, a NULL Pointer Dereference in the function ...)
 	- libsass <unfixed> (low)
 	[stretch] - libsass <no-dsa> (Minor issue)
@@ -13619,29 +13619,29 @@ CVE-2018-20128 (An issue was discovered in UsualToolCMS v8.0. cmsadmin\a_sqlback
 CVE-2018-20127 (An issue was discovered in zzzphp cms 1.5.8. del_file in ...)
 	NOT-FOR-US: zzzphp cms
 CVE-2018-20126 (hw/rdma/vmw/pvrdma_cmd.c in QEMU allows create_cq and create_qp memory ...)
-	- qemu <unfixed>
+	- qemu <unfixed> (unimportant)
 	[stretch] - qemu <not-affected> (Vulnerable code not present)
 	[jessie] - qemu <not-affected> (Vulnerable code not present)
 	- qemu-kvm <removed>
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg02824.html
 	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=509f57c98e7536905bb4902363d0cba66ce7e089
-	NOTE: PVRDMA support not enabled in the binary packages until 1:3.1+dfsg-3.
+	NOTE: PVRDMA support not enabled in the binary packages until 1:3.1+dfsg-3, disabled again in 1:3.1+dfsg-4
 CVE-2018-20125 (hw/rdma/vmw/pvrdma_cmd.c in QEMU allows attackers to cause a denial of ...)
-	- qemu <unfixed>
+	- qemu <unfixed> (unimportant)
 	[stretch] - qemu <not-affected> (Vulnerable code not present)
 	[jessie] - qemu <not-affected> (Vulnerable code not present)
 	- qemu-kvm <removed>
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg02823.html
 	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=2c858ce5da8ae6689c75182b73bc455a291cad41
-	NOTE: PVRDMA support not enabled in the binary packages until 1:3.1+dfsg-3.
+	NOTE: PVRDMA support not enabled in the binary packages until 1:3.1+dfsg-3, disabled again in 1:3.1+dfsg-4
 CVE-2018-20124 (hw/rdma/rdma_backend.c in QEMU allows guest OS users to trigger ...)
-	- qemu <unfixed>
+	- qemu <unfixed> (unimportant)
 	[stretch] - qemu <not-affected> (Vulnerable code not present)
 	[jessie] - qemu <not-affected> (Vulnerable code not present)
 	- qemu-kvm <removed>
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg02822.html
 	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=0e68373cc2b3a063ce067bc0cc3edaf370752890
-	NOTE: RDMA support not enabled in the binary packages until 1:3.1+dfsg-3.
+	NOTE: RDMA support not enabled in the binary packages until 1:3.1+dfsg-3, disabled again in 1:3.1+dfsg-4
 CVE-2018-20123 (pvrdma_realize in hw/rdma/vmw/pvrdma_main.c in QEMU has a Memory leak ...)
 	- qemu 1:3.1+dfsg-3 (unimportant; bug #916442)
 	[stretch] - qemu <not-affected> (Vulnerable code not present)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/42405ccc606b5be1c84078f417cebbe2ad59a9cf

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/42405ccc606b5be1c84078f417cebbe2ad59a9cf
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190212/7a9f6b0e/attachment.html>

More information about the debian-security-tracker-commits mailing list