[Git][security-tracker-team/security-tracker][master] Update CVE-2017-11334, CVE-2018-12617, CVE-2018-15746 for qemu/jessie.

Sat, 08 Sep 2018 11:59:25 -0700 

Roberto C. Sánchez pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c4a11a85 by Roberto C. Sánchez at 2018-09-08T18:49:35Z
Update CVE-2017-11334, CVE-2018-12617, CVE-2018-15746 for qemu/jessie.

CVE-2017-11334 - marked "no-dsa" (minor issue) for wheezy; the code in
jessie is substantially different from upstream and given the low
severity of the issue it makes sense to follow the path taken for wheezy
rather than try to adapt the upstream patch to jessie

CVE-2018-12617 - marked "postponed" (minor issue) for stretch; it 
makes
sense to follow the same for jessie

CVE-2018-15746 - marked "no-dsa" (minor issue; only enabled by default
later) for stretch; since the same default configuration exists in
jessie, it makes sense to follow the same

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2377,6 +2377,7 @@ CVE-2018-15747
 CVE-2018-15746 (qemu-seccomp.c in QEMU might allow local OS guest users to 
cause a ...)
        - qemu <unfixed> (bug #907500)
        [stretch] - qemu <no-dsa> (Minor issue; Only enabled by default later, 
but supported)
+       [jessie] - qemu <no-dsa> (Minor issue; Only enabled by default later, 
but supported)
        - qemu-kvm <removed>
        NOTE: 
https://lists.gnu.org/archive/html/qemu-devel/2018-08/msg02289.html
        NOTE: 
https://lists.gnu.org/archive/html/qemu-devel/2018-08/msg04892.html
@@ -9968,6 +9969,7 @@ CVE-2018-12618
 CVE-2018-12617 (qmp_guest_file_read in qga/commands-posix.c and 
qga/commands-win32.c in ...)
        - qemu <unfixed> (low; bug #902725)
        [stretch] - qemu <postponed> (Minor issue, wait until more severe 
issues are around)
+       [jessie] - qemu <postponed> (Minor issue, wait until more severe issues 
are around)
        NOTE: 
https://gist.github.com/fakhrizulkifli/c7740d28efa07dafee66d4da5d857ef6
        NOTE: 
https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg03385.html
 CVE-2018-12616
@@ -63480,6 +63482,7 @@ CVE-2017-11524 (The WriteBlob function in 
MagickCore/blob.c in ImageMagick befor
 CVE-2017-11334 (The address_space_write_continue function in exec.c in QEMU 
(aka Quick ...)
        {DSA-3925-1}
        - qemu 1:2.8+dfsg-7 (bug #869173)
+       [jessie] - qemu <no-dsa> (Minor issue)
        [wheezy] - qemu <no-dsa> (Minor issue)
        - qemu-kvm <removed>
        [wheezy] - qemu-kvm <no-dsa> (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c4a11a85bcbf7d0955589b82a3d2323e9c276732

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c4a11a85bcbf7d0955589b82a3d2323e9c276732
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to