Hi Guido, On Fri, Jul 29, 2016 at 04:09:37PM +0200, Guido Günther wrote: > Control: notfound -1 qemu/1.1.2+dfsg-6+deb7u13 > > On Thu, Jul 28, 2016 at 06:30:33PM +0200, Salvatore Bonaccorso wrote: > > Source: qemu > > Version: 1:2.6+dfsg-3 > > Severity: important > > Tags: security upstream > > > > Hi, > > > > the following vulnerability was published for qemu. > > > > CVE-2016-6490[0]: > > virtio: infinite loop in virtqueue_pop > > > > If you fix the vulnerability please also make sure to include the > > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > As far as I can tell this was introduced in > > 3b3b0628217e2726069990ff9942a5d6d9816bd7 > > which is post 2.5 so jessie wouldn't be affected either but I'd be great > if one of you would double check.
Thanks for investigating! I checked as well and looks plausible. I have updated the security-tracker information accordingly. Regards, Salvatore
