[Git][security-tracker-team/security-tracker][master] CVE-2018-19665/qemu: update notes
Hugo Lefeuvre
hle at debian.org
Mon Jan 28 13:04:50 GMT 2019
Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0b921702 by Hugo Lefeuvre at 2019-01-28T13:03:45Z
CVE-2018-19665/qemu: update notes
mentioned patch will most likely never be merged by upstream, another
patch is currently under development.
see https://lists.debian.org/debian-lts/2019/01/msg00073.html
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -14347,6 +14347,8 @@ CVE-2018-19665 (The Bluetooth subsystem in QEMU mishandles negative values for l
- qemu 1:3.1+dfsg-2 (bug #916278)
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg03570.html
+ NOTE: note that previously mentioned patch will never be merged by upstream, see
+ NOTE: https://lists.debian.org/debian-lts/2019/01/msg00073.html
CVE-2018-19664 (libjpeg-turbo 2.0.1 has a heap-based buffer over-read in the ...)
- libjpeg-turbo <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/305
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0b921702e025c368e36117d4f4e005c47aa092c3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0b921702e025c368e36117d4f4e005c47aa092c3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190128/57229975/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list