Santiago R.R. pushed to branch master at Debian Security Tracker / security-tracker
Commits: 22f06078 by Santiago Ruano Rincón at 2018-11-03T12:20:33Z qemu: ignore CVE-2015-8817, CVE-2015-8818. add regression note about CVE-2017-11334 Signed-off-by: Santiago Ruano Rincón <[email protected]> - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -69468,7 +69468,7 @@ CVE-2017-11524 (The WriteBlob function in MagickCore/blob.c in ImageMagick befor CVE-2017-11334 (The address_space_write_continue function in exec.c in QEMU (aka Quick ...) {DSA-3925-1} - qemu 1:2.8+dfsg-7 (bug #869173) - [jessie] - qemu <no-dsa> (Minor issue) + [jessie] - qemu <no-dsa> (Minor issue. Backport caused regression in Ubuntu) [wheezy] - qemu <no-dsa> (Minor issue) - qemu-kvm <removed> [wheezy] - qemu-kvm <no-dsa> (Minor issue) @@ -124317,15 +124317,17 @@ CVE-2016-2784 (CMS Made Simple 2.x before 2.1.3 and 1.x before 1.12.2, when Smar NOT-FOR-US: CMS Made Simple CVE-2015-8818 (The cpu_physical_memory_write_rom_internal function in exec.c in QEMU ...) - qemu 1:2.4+dfsg-1a - [jessie] - qemu <no-dsa> (Minor issue; can be fixed along with a future DSA) + [jessie] - qemu <ignored> (Minor issue; too dangerous backport) [wheezy] - qemu <not-affected> (Affects Qemu versions >= 1.6.0 and <= 2.3.1) [squeeze] - qemu <not-affected> (Affects Qemu versions >= 1.6.0 and <= 2.3.1) - qemu-kvm <not-affected> (Affects Qemu versions >= 1.6.0 and <= 2.3.1) NOTE: http://www.openwall.com/lists/oss-security/2016/03/01/10 NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=b242e0e0e2969c044a318e56f7988bbd84de1f63 (v2.4.0-rc0) + NOTE: same patchset than CVE-2015-8817 + NOTE: https://lists.gnu.org/archive/html/qemu-stable/2016-01/msg00065.html CVE-2015-8817 (QEMU (aka Quick Emulator) built to use 'address_space_translate' to ...) - qemu 1:2.4+dfsg-1a - [jessie] - qemu <no-dsa> (Minor issue; can be fixed along with a future DSA) + [jessie] - qemu <ignored> (Minor issue; too dangerous backport) [wheezy] - qemu <not-affected> (Affects Qemu versions >= 1.6.0 and <= 2.3.1) [squeeze] - qemu <not-affected> (Affects Qemu versions >= 1.6.0 and <= 2.3.1) - qemu-kvm <not-affected> (Affects Qemu versions >= 1.6.0 and <= 2.3.1) @@ -124333,6 +124335,7 @@ CVE-2015-8817 (QEMU (aka Quick Emulator) built to use 'address_space_translate' NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=c3c1bb99d1c11978d9ce94d1bdcf0705378c1459 (v2.3.0-rc1) NOTE: https://lists.gnu.org/archive/html/qemu-stable/2016-01/msg00060.html NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=23820dbfc79d1c9dce090b4c555994f2bb6a69b3 (v2.4.0-rc0) + NOTE: https://lists.gnu.org/archive/html/qemu-stable/2016-01/msg00065.html CVE-2016-2783 (Avaya Fabric Connect Virtual Services Platform (VSP) Operating System ...) NOT-FOR-US: Avaya CVE-2016-2780 (Untrusted search path vulnerability in Huawei UTPS before ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/22f0607806c0f72b1fbb9c0e0eea1ae44c89a342 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/22f0607806c0f72b1fbb9c0e0eea1ae44c89a342 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
