Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4716aab7 by Salvatore Bonaccorso at 2018-12-12T10:08:56Z
qemu issues fixed in unstable via 1:3.1+dfsg-1 upload
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5827,7 +5827,7 @@ CVE-2018-19490 (An issue was discovered in datafile.c in
Gnuplot 5.2.5. This iss
NOTE: No security impact, gnuplot can execute arbitrary commands and
need to come from a trusted source
CVE-2018-19489 [9pfs: crash due to race condition in renaming files]
RESERVED
- - qemu <unfixed> (bug #914727)
+ - qemu 1:3.1+dfsg-1 (bug #914727)
- qemu-kvm <removed>
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg04489.html
NOTE:
https://git.qemu.org/?p=qemu.git;a=commit;h=1d20398694a3b67a388d955b7a945ba4aa90a8a8
(master)
@@ -6173,7 +6173,7 @@ CVE-2018-19365
RESERVED
CVE-2018-19364 [Use-after-free due to race condition while updating fid path]
RESERVED
- - qemu <unfixed> (bug #914599)
+ - qemu 1:3.1+dfsg-1 (bug #914599)
- qemu-kvm <removed>
NOTE:
https://git.qemu.org/?p=qemu.git;a=commit;h=5b76ef50f62079a2389ba28cacaf6cce68b1a0ed
NOTE:
https://git.qemu.org/?p=qemu.git;a=commit;h=5b3c77aa581ebb215125c84b0742119483571e55
@@ -7464,7 +7464,7 @@ CVE-2018-18955 (In the Linux kernel 4.15.x through 4.19.x
before 4.19.2, map_wri
NOTE: Introduced in https://git.kernel.org/linus/6397fac4915a
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1712
CVE-2018-18954 (The pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu
before 3.1 ...)
- - qemu <unfixed> (low; bug #914604)
+ - qemu 1:3.1+dfsg-1 (low; bug #914604)
[stretch] - qemu <postponed> (Minor issue, can be backported once fixed
upstream)
[jessie] - qemu <not-affected> (Vulnerable code not present. ppc/pnv
lpc was added in 2.7)
- qemu-kvm <removed>
@@ -7689,7 +7689,7 @@ CVE-2018-18850 (In Octopus Deploy 2018.8.0 through
2018.9.x before 2018.9.1, an
NOT-FOR-US: Octopus Deploy
CVE-2018-18849 [lsi53c895a: OOB msg buffer access leads to DoS]
RESERVED
- - qemu <unfixed> (bug #912535)
+ - qemu 1:3.1+dfsg-1 (bug #912535)
[stretch] - qemu <postponed> (Minor issue, revisit for later update)
[jessie] - qemu <postponed> (Minor issue, revisit for later update)
- qemu-kvm <removed>
@@ -8744,7 +8744,7 @@ CVE-2018-18445 (In the Linux kernel 4.14.x, 4.15.x,
4.16.x, 4.17.x, and 4.18.x b
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1686
NOTE:
https://git.kernel.org/linus/b799207e1e1816b09e7a5920fbb2d5fcf6edd681
CVE-2018-18438 (Qemu has integer overflows because IOReadHandler and its
associated ...)
- - qemu <unfixed> (bug #911470)
+ - qemu 1:3.1+dfsg-1 (bug #911470)
[stretch] - qemu <ignored> (Minor issue, too intrusive to backport)
[jessie] - qemu <ignored> (Minor issue, too intrusive to backport)
- qemu-kvm <removed>
@@ -10078,14 +10078,14 @@ CVE-2018-17964 (Aryanic HighPortal 12.5 has XSS via
an Add Tags action. ...)
NOT-FOR-US: Aryanic HighPortal
CVE-2018-17963 (qemu_deliver_packet_iov in net/net.c in Qemu accepts packet
sizes ...)
{DSA-4338-1 DLA-1599-1}
- - qemu <unfixed> (bug #911469)
+ - qemu 1:3.1+dfsg-1 (bug #911469)
- qemu-kvm <removed>
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03267.html
NOTE: https://www.openwall.com/lists/oss-security/2018/10/08/1
NOTE:
https://git.qemu.org/?p=qemu.git;a=commit;h=1592a9947036d60dde5404204a5d45975133caf5
CVE-2018-17962 (Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c
because ...)
{DSA-4338-1 DLA-1599-1}
- - qemu <unfixed> (bug #911468)
+ - qemu 1:3.1+dfsg-1 (bug #911468)
- qemu-kvm <removed>
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03268.html
NOTE: https://www.openwall.com/lists/oss-security/2018/10/08/1
@@ -10106,7 +10106,7 @@ CVE-2018-17960 (CKEditor 4.x before 4.11.0 allows
user-assisted XSS involving a
CVE-2018-17959
RESERVED
CVE-2018-17958 (Qemu has a Buffer Overflow in rtl8139_do_receive in
hw/net/rtl8139.c ...)
- - qemu <unfixed> (bug #911499)
+ - qemu 1:3.1+dfsg-1 (bug #911499)
[stretch] - qemu <postponed> (Minor issue, revisit for later update)
[jessie] - qemu <postponed> (Minor issue, revisit for later update)
- qemu-kvm <removed>
@@ -12659,7 +12659,7 @@ CVE-2018-16868 (A Bleichenbacher type side-channel
based padding oracle attack w
NOTE: https://gitlab.com/gnutls/gnutls/merge_requests/832
CVE-2018-16867 [dev-mtp: path traversal in usb_mtp_write_data of the Media
Transfer Protocol (MTP)]
RESERVED
- - qemu <unfixed> (bug #915884)
+ - qemu 1:3.1+dfsg-1 (bug #915884)
- qemu-kvm <removed>
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg00390.html
NOTE:
https://git.qemu.org/?p=qemu.git;a=commit;h=c52d46e041b42bb1ee6f692e00a0abe37a9659f6
(master)
@@ -15615,7 +15615,7 @@ CVE-2018-15748 (On Dell 2335dn printers with Printer
Firmware Version 2.70.05.02
CVE-2018-15747
RESERVED
CVE-2018-15746 (qemu-seccomp.c in QEMU might allow local OS guest users to
cause a ...)
- - qemu <unfixed> (bug #907500)
+ - qemu 1:3.1+dfsg-1 (bug #907500)
[stretch] - qemu <no-dsa> (Minor issue; Only enabled by default later,
but supported)
[jessie] - qemu <no-dsa> (Minor issue; Only enabled by default later,
but supported)
- qemu-kvm <removed>
@@ -23414,7 +23414,7 @@ CVE-2018-12619
CVE-2018-12618
RESERVED
CVE-2018-12617 (qmp_guest_file_read in qga/commands-posix.c and
qga/commands-win32.c in ...)
- - qemu <unfixed> (low; bug #902725)
+ - qemu 1:3.1+dfsg-1 (low; bug #902725)
[stretch] - qemu <postponed> (Minor issue, wait until more severe
issues are around)
[jessie] - qemu <postponed> (Minor issue, wait until more severe issues
are around)
NOTE:
https://gist.github.com/fakhrizulkifli/c7740d28efa07dafee66d4da5d857ef6
@@ -25682,7 +25682,7 @@ CVE-2018-11808 (Incorrect Access Control in
CustomFieldsFeedServlet in Zoho ...)
CVE-2018-11807
RESERVED
CVE-2018-11806 (m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow
via ...)
- - qemu <unfixed> (bug #901017)
+ - qemu 1:3.1+dfsg-1 (bug #901017)
[stretch] - qemu <postponed> (Minor issue, wait until more severe
issues are around)
[jessie] - qemu <postponed> (Minor issue, wait until more severe issues
are around)
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg01012.html
@@ -28587,7 +28587,7 @@ CVE-2018-10840 (Linux kernel is vulnerable to a
heap-based buffer overflow in th
NOTE: Fixed by:
https://git.kernel.org/linus/8a2b307c21d4b290e3cbe33f768f194286d07c23
CVE-2018-10839 (Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation
support is ...)
{DSA-4338-1 DLA-1599-1}
- - qemu <unfixed> (bug #910431)
+ - qemu 1:3.1+dfsg-1 (bug #910431)
- qemu-kvm <removed>
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03273.html
NOTE: https://www.openwall.com/lists/oss-security/2018/10/08/1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4716aab7ada74522e64d6efe98ae0a74140ea1dc
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4716aab7ada74522e64d6efe98ae0a74140ea1dc
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
