Control: notfound -1 qemu/1.1.2+dfsg-6+deb7u13 On Thu, Jul 28, 2016 at 06:30:33PM +0200, Salvatore Bonaccorso wrote: > Source: qemu > Version: 1:2.6+dfsg-3 > Severity: important > Tags: security upstream > > Hi, > > the following vulnerability was published for qemu. > > CVE-2016-6490[0]: > virtio: infinite loop in virtqueue_pop > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
As far as I can tell this was introduced in 3b3b0628217e2726069990ff9942a5d6d9816bd7 which is post 2.5 so jessie wouldn't be affected either but I'd be great if one of you would double check. Cheers, -- Guido > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2016-6490 > [1] https://lists.gnu.org/archive/html/qemu-devel/2016-07/msg06246.html > > Please adjust the affected versions in the BTS as needed. > > Regards, > Salvatore
