Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e1f565ba by Moritz Muehlenhoff at 2018-11-08T15:16:44Z
qemu triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -329,7 +329,8 @@ CVE-2018-18955
RESERVED
CVE-2018-18954 [ppc64: Out-of-bounds r/w stack access in pnv_lpc_do_eccb]
RESERVED
- - qemu <unfixed>
+ - qemu <unfixed> (low)
+ [stretch] - qemu <postponed> (Minor issue, can be backported once fixed
upstream)
- qemu-kvm <removed>
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg00446.html
CVE-2018-18953
@@ -552,7 +553,8 @@ CVE-2018-18849 [lsi53c895a: OOB msg buffer access leads to
DoS]
RESERVED
- qemu <unfixed> (bug #912535)
- qemu-kvm <removed>
- NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg06682.html
+ NOTE:
https://git.qemu.org/?p=qemu.git;a=commit;h=e58ccf039650065a9442de43c9816f81e88f27f6
+ NOTE: https://www.openwall.com/lists/oss-security/2018/11/01/1
CVE-2018-18848
RESERVED
CVE-2018-18847
@@ -1580,9 +1582,11 @@ CVE-2018-18445 (In the Linux kernel 4.14.x, 4.15.x,
4.16.x, 4.17.x, and 4.18.x b
NOTE:
https://git.kernel.org/linus/b799207e1e1816b09e7a5920fbb2d5fcf6edd681
CVE-2018-18438 (Qemu has integer overflows because IOReadHandler and its
associated ...)
- qemu <unfixed> (bug #911470)
+ [stretch] - qemu <ignored> (Minor issue, too intrusive to backport)
- qemu-kvm <removed>
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg02396.html
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg02402.html
+ NOTE: https://www.openwall.com/lists/oss-security/2018/10/17/3
CVE-2018-18437 (In AXIOS ITALIA Axioscloud Sissiweb Registro Elettronico
1.7.0, ...)
NOT-FOR-US: AXIOS
CVE-2018-18436 (JTBC(PHP) 3.0 allows CSRF for creating an account via the ...)
@@ -2859,10 +2863,14 @@ CVE-2018-17963 (qemu_deliver_packet_iov in net/net.c in
Qemu accepts packet size
- qemu <unfixed> (bug #911469)
- qemu-kvm <removed>
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03267.html
+ NOTE: https://www.openwall.com/lists/oss-security/2018/10/08/1
+ NOTE:
https://git.qemu.org/?p=qemu.git;a=commit;h=1592a9947036d60dde5404204a5d45975133caf5
CVE-2018-17962 (Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c
because ...)
- qemu <unfixed> (bug #911468)
- qemu-kvm <removed>
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03268.html
+ NOTE: https://www.openwall.com/lists/oss-security/2018/10/08/1
+ NOTE:
https://git.qemu.org/?p=qemu.git;a=commit;h=b1d80d12c5f7ff081bb80ab4f4241d4248691192
CVE-2018-17961 (Artifex Ghostscript 9.25 and earlier allows attackers to
bypass a ...)
{DLA-1552-1}
- ghostscript 9.25~dfsg-3 (bug #910678)
@@ -2879,6 +2887,8 @@ CVE-2018-17958 (Qemu has a Buffer Overflow in
rtl8139_do_receive in hw/net/rtl81
- qemu <unfixed> (bug #911499)
- qemu-kvm <removed>
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03269.html
+ NOTE:
https://git.qemu.org/?p=qemu.git;a=commit;h=1a326646fef38782e5542280040ec3ea23e4a730
+ NOTE: https://www.openwall.com/lists/oss-security/2018/10/08/1
CVE-2018-17957
RESERVED
CVE-2018-17956
@@ -21198,6 +21208,8 @@ CVE-2018-10839 (Qemu emulator <= 3.0.0 built with
the NE2000 NIC emulation su
- qemu <unfixed> (bug #910431)
- qemu-kvm <removed>
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03273.html
+ NOTE: https://www.openwall.com/lists/oss-security/2018/10/08/1
+ NOTE:
https://git.qemu.org/?p=qemu.git;a=commit;h=fdc89e90fac40c5ca2686733df17b6423fb8d8fb
CVE-2018-10838
RESERVED
CVE-2018-10837
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e1f565ba88b9b74c8647f1ccdf95a2a4dd909b7f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e1f565ba88b9b74c8647f1ccdf95a2a4dd909b7f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
