[Git][security-tracker-team/security-tracker][master] CVE-2018-20123/qemu source-code wise again affected

Salvatore Bonaccorso carnil at debian.org
Tue Feb 12 09:28:54 GMT 2019 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7b6cbea9 by Salvatore Bonaccorso at 2019-02-12T09:28:02Z
CVE-2018-20123/qemu source-code wise again affected

PVRDMA support was disabled again in 1:3.1+dfsg-4 and the applied patch
from 1:3.1+dfsg-3 reverted again.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -13643,12 +13643,13 @@ CVE-2018-20124 (hw/rdma/rdma_backend.c in QEMU allows guest OS users to trigger
 	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=0e68373cc2b3a063ce067bc0cc3edaf370752890
 	NOTE: RDMA support not enabled in the binary packages until 1:3.1+dfsg-3
 CVE-2018-20123 (pvrdma_realize in hw/rdma/vmw/pvrdma_main.c in QEMU has a Memory leak ...)
-	- qemu 1:3.1+dfsg-3 (unimportant; bug #916442)
+	- qemu <unfixed> (unimportant; bug #916442)
 	[stretch] - qemu <not-affected> (Vulnerable code not present)
 	[jessie] - qemu <not-affected> (Vulnerable code not present)
 	- qemu-kvm <removed>
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg02817.html
-	NOTE: PVRDMA support not enabled until 1:3.1+dfsg-3.
+	NOTE: PVRDMA support not enabled until 1:3.1+dfsg-3, disabled again in 1:3.1+dfsg-4, and
+	NOTE: applied patch in 1:3.1+dfsg-3 reverted.
 CVE-2018-20145 (Eclipse Mosquitto 1.5.x before 1.5.5 allows ACL bypass: if the option ...)
 	- mosquitto 1.5.5-1
 	[stretch] - mosquitto <not-affected> (Only affects 1.5.x)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7b6cbea948a81536d08fe42f431c31da8ee60f8a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7b6cbea948a81536d08fe42f431c31da8ee60f8a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190212/0b98c971/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list