[Git][security-tracker-team/security-tracker][master] CVE-2018-19665/qemu: jessie: ignored, patch not gonna happen
Sylvain Beucler
beuc at debian.org
Mon Sep 9 17:11:09 BST 2019
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits:
be5432eb by Sylvain Beucler at 2019-09-09T16:09:10Z
CVE-2018-19665/qemu: jessie: ignored, patch not gonna happen
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -42383,12 +42383,14 @@ CVE-2018-19666 (The agent in OSSEC through 3.1.0 on Windows allows local users t
CVE-2018-19665 (The Bluetooth subsystem in QEMU mishandles negative values for length ...)
- qemu 1:3.1+dfsg-2 (low; bug #916278)
[stretch] - qemu <ignored> (Minor issue)
- [jessie] - qemu <postponed> (Revisit when final upstream patch is out)
+ [jessie] - qemu <ignored> (Minor issue, bluetooth subsystem unmaintained/unusable and now deprecated, no sanctioned patch)
- qemu-kvm <removed>
+ NOTE: initial patch disputed
+ NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg03822.html
+ NOTE: second patch never accepted, no activity as of 20190909
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg03570.html
- NOTE: note that previously mentioned patch will never be merged by upstream, see
NOTE: https://lists.debian.org/debian-lts/2019/01/msg00073.html
- NOTE: 3.1 marked bluetooth subsystem as unused/deprecated, will most likely be removed:
+ NOTE: 3.1 marked bluetooth subsystem deprecated
NOTE: https://github.com/qemu/qemu/commit/c0188e69d
CVE-2018-19664 (libjpeg-turbo 2.0.1 has a heap-based buffer over-read in the put_pixel ...)
- libjpeg-turbo <not-affected> (Vulnerable code introduced later)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/be5432ebbe4aff4dacaafe89345d6a1c12e654ec
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/be5432ebbe4aff4dacaafe89345d6a1c12e654ec
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190909/5aa1a819/attachment.html>
More information about the debian-security-tracker-commits
mailing list