Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6121b0bc by Salvatore Bonaccorso at 2019-02-06T15:28:03Z
Raise severity of qemu entries after (PV)RDMA support has been enabled
Until the change in 1:3.1+dfsg-3, PVRDMA and RDMA support in qemu was
not enabled, so the issues affected the source package but not the
produced binary packages, and as such were classified unimportant. Since
1:3.1+dfsg-3 qemu enables rmda and pvrdma support:
> qemu (1:3.1+dfsg-3) unstable; urgency=medium
> [...]
> * enable rdma and pvrdma, build-depend on
> librdmacm-dev, libibverbs-dev, libibumad-dev
> [...]
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -10465,13 +10465,13 @@ CVE-2018-20217 (A Reachable Assertion issue was
discovered in the KDC in MIT Ker
NOTE: http://krbdev.mit.edu/rt/Ticket/Display.html?id=8763
NOTE:
https://github.com/krb5/krb5/commit/5e6d1796106df8ba6bc1973ee0917c170d929086
CVE-2018-20216 (QEMU can have an infinite loop in
hw/rdma/vmw/pvrdma_dev_ring.c ...)
- - qemu <unfixed> (unimportant)
+ - qemu <unfixed>
[stretch] - qemu <not-affected> (Vulnerable code not present)
[jessie] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <removed>
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg03052.html
NOTE:
https://git.qemu.org/?p=qemu.git;a=commit;h=f1e2e38ee0136b7710a2caa347049818afd57a1b
- NOTE: PVRDMA support not enabled in the binary packages.
+ NOTE: PVRDMA support not enabled in the binary packages until
1:3.1+dfsg-3.
CVE-2018-20215
RESERVED
CVE-2018-20214
@@ -10531,12 +10531,12 @@ CVE-2018-20193 (Certain Secure Access SA Series SSL
VPN products (originally dev
CVE-2018-20192
RESERVED
CVE-2018-20191 (hw/rdma/vmw/pvrdma_main.c in QEMU does not implement a read
operation ...)
- - qemu <unfixed> (unimportant)
+ - qemu <unfixed>
[stretch] - qemu <not-affected> (Vulnerable code not present)
[jessie] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <removed>
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg03066.html
- NOTE: PVRDMA support not enabled.
+ NOTE: PVRDMA support not enabled until 1:3.1+dfsg-3.
CVE-2018-20190 (In LibSass 3.5.5, a NULL Pointer Dereference in the function
...)
- libsass <unfixed> (low)
[stretch] - libsass <no-dsa> (Minor issue)
@@ -12782,36 +12782,36 @@ CVE-2018-20128 (An issue was discovered in
UsualToolCMS v8.0. cmsadmin\a_sqlback
CVE-2018-20127 (An issue was discovered in zzzphp cms 1.5.8. del_file in ...)
NOT-FOR-US: zzzphp cms
CVE-2018-20126 (hw/rdma/vmw/pvrdma_cmd.c in QEMU allows create_cq and
create_qp memory ...)
- - qemu <unfixed> (unimportant)
+ - qemu <unfixed>
[stretch] - qemu <not-affected> (Vulnerable code not present)
[jessie] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <removed>
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg02824.html
NOTE:
https://git.qemu.org/?p=qemu.git;a=commit;h=509f57c98e7536905bb4902363d0cba66ce7e089
- NOTE: PVRDMA support not enabled in the binary packages.
+ NOTE: PVRDMA support not enabled in the binary packages until
1:3.1+dfsg-3.
CVE-2018-20125 (hw/rdma/vmw/pvrdma_cmd.c in QEMU allows attackers to cause a
denial of ...)
- - qemu <unfixed> (unimportant)
+ - qemu <unfixed>
[stretch] - qemu <not-affected> (Vulnerable code not present)
[jessie] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <removed>
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg02823.html
NOTE:
https://git.qemu.org/?p=qemu.git;a=commit;h=2c858ce5da8ae6689c75182b73bc455a291cad41
- NOTE: PVRDMA support not enabled in the binary packages.
+ NOTE: PVRDMA support not enabled in the binary packages until
1:3.1+dfsg-3.
CVE-2018-20124 (hw/rdma/rdma_backend.c in QEMU allows guest OS users to
trigger ...)
- - qemu <unfixed> (unimportant)
+ - qemu <unfixed>
[stretch] - qemu <not-affected> (Vulnerable code not present)
[jessie] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <removed>
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg02822.html
NOTE:
https://git.qemu.org/?p=qemu.git;a=commit;h=0e68373cc2b3a063ce067bc0cc3edaf370752890
- NOTE: RDMA support not enabled in the binary packages.
+ NOTE: RDMA support not enabled in the binary packages until
1:3.1+dfsg-3.
CVE-2018-20123 (pvrdma_realize in hw/rdma/vmw/pvrdma_main.c in QEMU has a
Memory leak ...)
- qemu 1:3.1+dfsg-3 (unimportant; bug #916442)
[stretch] - qemu <not-affected> (Vulnerable code not present)
[jessie] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <removed>
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg02817.html
- NOTE: PVRDMA support not enabled.
+ NOTE: PVRDMA support not enabled until 1:3.1+dfsg-3.
CVE-2018-20145 (Eclipse Mosquitto 1.5.x before 1.5.5 allows ACL bypass: if the
option ...)
- mosquitto 1.5.5-1
[stretch] - mosquitto <not-affected> (Only affects 1.5.x)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6121b0bc3c5c075b10f2bde6b4f8adae258aaea2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6121b0bc3c5c075b10f2bde6b4f8adae258aaea2
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
