[Git][security-tracker-team/security-tracker][master] remove qemu and libvirt from the tracker, while they are needing changes
Moritz Muehlenhoff
jmm at debian.org
Mon May 20 19:59:57 BST 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
83949ef4 by Moritz Muehlenhoff at 2019-05-20T18:58:11Z
remove qemu and libvirt from the tracker, while they are needing changes
(and will receive updates), they are not directly vulnerable (same
procedure as for previous cpu vulnerabilities
some poppler issues ignored for stretch
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2549,13 +2549,12 @@ CVE-2019-11091 [MDSUM Microarchitectural Data Sampling Uncacheable Memory]
- intel-microcode 3.20190514.1
- linux 4.19.37-2
- xen <unfixed> (bug #929129)
- - qemu <unfixed> (bug #929067)
- - libvirt 5.0.0-2.1 (bug #929154)
NOTE: https://git.kernel.org/linus/fa4bff165070dc40a3de35b78e4f8da8e8d85ec5
NOTE: https://software.intel.com/security-software-guidance/software-guidance/microarchitectural-data-sampling
NOTE: https://xenbits.xen.org/xsa/advisory-297.html
NOTE: libvirt support for md-clear CPUID bit:
NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=538d873571d7a682852dc1d70e5f4478f4d64e85
+ NOTE: qemu and libvirt need updates to passthrough md-clear, see #929067 for qemu adnd #929154 for libvirt
CVE-2019-11090
RESERVED
CVE-2019-11089
@@ -2747,6 +2746,7 @@ CVE-2019-11027
RESERVED
CVE-2019-11026 (FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infini ...)
- poppler <unfixed> (low; bug #926721)
+ [stretch] - poppler <ignored> (Minor issue)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/752
NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/8051f678b3b43326e5fdfd7c03f39de21059f426
CVE-2019-11025 (In clearFilter() in utilities.php in Cacti before 1.2.3, no escaping o ...)
@@ -3174,7 +3174,8 @@ CVE-2019-10875 (A URL spoofing vulnerability was found in all international vers
CVE-2019-10874 (Cross Site Request Forgery (CSRF) in the bolt/upload File Upload featu ...)
NOT-FOR-US: Bolt CMS
CVE-2019-10873 (An issue was discovered in Poppler 0.74.0. There is a NULL pointer der ...)
- - poppler <unfixed> (bug #926532)
+ - poppler <unfixed> (low; bug #926532)
+ [stretch] - poppler <ignored> (Minor issue)
[jessie] - poppler <not-affected> (vulnerable code is not present)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/748
NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/8dbe2e6c480405dab9347075cf4be626f90f1d05
@@ -5469,7 +5470,8 @@ CVE-2019-9904 (An issue was discovered in lib\cdt\dttree.c in libcdt.a in graphv
[jessie] - graphviz <no-dsa> (Minor issue)
NOTE: https://gitlab.com/graphviz/graphviz/issues/1512
CVE-2019-9903 (PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict mark ...)
- - poppler <unfixed> (bug #925264)
+ - poppler <unfixed> (low; bug #925264)
+ [stretch] - poppler <ignored> (Minor issue)
[jessie] - poppler <not-affected> (Vulnerable code not present)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/741
NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/fada09a2ccc11a3a1d308e810f1336d8df6011fd
@@ -51469,13 +51471,12 @@ CVE-2018-12130 [MFBDS Microarchitectural Fill Buffer Data Sampling]
- intel-microcode 3.20190514.1
- linux 4.19.37-2
- xen <unfixed> (bug #929129)
- - qemu <unfixed> (bug #929067)
- - libvirt 5.0.0-2.1 (bug #929154)
NOTE: https://git.kernel.org/linus/fa4bff165070dc40a3de35b78e4f8da8e8d85ec5
NOTE: https://software.intel.com/security-software-guidance/software-guidance/microarchitectural-data-sampling
NOTE: https://xenbits.xen.org/xsa/advisory-297.html
NOTE: libvirt support for md-clear CPUID bit:
NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=538d873571d7a682852dc1d70e5f4478f4d64e85
+ NOTE: qemu and libvirt need updates to passthrough md-clear, see #929067 for qemu adnd #929154 for libvirt
CVE-2018-12129
RESERVED
CVE-2018-12128
@@ -51486,26 +51487,24 @@ CVE-2018-12127 [MLPDS Microarchitectural Load Port Data Sampling]
- intel-microcode 3.20190514.1
- linux 4.19.37-2
- xen <unfixed> (bug #929129)
- - qemu <unfixed> (bug #929067)
- - libvirt 5.0.0-2.1 (bug #929154)
NOTE: https://git.kernel.org/linus/fa4bff165070dc40a3de35b78e4f8da8e8d85ec5
NOTE: https://software.intel.com/security-software-guidance/software-guidance/microarchitectural-data-sampling
NOTE: https://xenbits.xen.org/xsa/advisory-297.html
NOTE: libvirt support for md-clear CPUID bit:
NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=538d873571d7a682852dc1d70e5f4478f4d64e85
+ NOTE: qemu and libvirt need updates to passthrough md-clear, see #929067 for qemu adnd #929154 for libvirt
CVE-2018-12126 [MSBDS Microarchitectural Store Buffer Data Sampling]
RESERVED
{DSA-4447-1 DSA-4444-1 DLA-1789-1 DLA-1787-1}
- intel-microcode 3.20190514.1
- linux 4.19.37-2
- xen <unfixed> (bug #929129)
- - qemu <unfixed> (bug #929067)
- - libvirt 5.0.0-2.1 (bug #929154)
NOTE: https://git.kernel.org/linus/fa4bff165070dc40a3de35b78e4f8da8e8d85ec5
NOTE: https://software.intel.com/security-software-guidance/software-guidance/microarchitectural-data-sampling
NOTE: https://xenbits.xen.org/xsa/advisory-297.html
NOTE: libvirt support for md-clear CPUID bit:
NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=538d873571d7a682852dc1d70e5f4478f4d64e85
+ NOTE: qemu and libvirt need updates to passthrough md-clear, see #929067 for qemu adnd #929154 for libvirt
CVE-2018-12125
RESERVED
CVE-2018-12124
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/83949ef45ff5260b38711c6d05ca6fda2d6334cf
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/83949ef45ff5260b38711c6d05ca6fda2d6334cf
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190520/89a147b9/attachment.html>
More information about the debian-security-tracker-commits
mailing list