[Git][security-tracker-team/security-tracker][master] CVE-2019-6501: qemu stretch & jessie not-affected

Wed, 27 Feb 2019 23:30:55 -0800 

Hugo Lefeuvre pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
aa4e021d by Hugo Lefeuvre at 2019-02-28T07:29:17Z
CVE-2019-6501: qemu stretch & jessie not-affected

The overflow was introduced in a71c775b24. Before that, page_len was
neither read from r->buf nor used as index to write the 0xb0 blocks
limit page.

FTR, this piece of code was later moved to the scsi_handle_inquiry_reply
helper in https://git.qemu.org/?p=qemu.git;a=commit;h=0a96ca2437.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -6279,11 +6279,15 @@ CVE-2019-1003000 (A sandbox bypass vulnerability exists 
in Script Security Plugi
 CVE-2019-6501 [scsi-generic: possible OOB access while handling inquiry 
request]
        RESERVED
        - qemu 1:3.1+dfsg-3 (bug #920222)
+       [stretch] - qemu <not-affected> (vulnerable code introduced later)
+       [jessie] - qemu <not-affected> (vulnerable code introduced later)
        - qemu-kvm <removed>
        NOTE: 
https://lists.gnu.org/archive/html/qemu-devel/2019-01/msg02324.html
        NOTE: Code introduced by 
https://git.qemu.org/?p=qemu.git;a=commit;h=6c219fc8a1 ,
        NOTE: but but the overflow was already possible before.
        NOTE: 
https://git.qemu.org/?p=qemu.git;a=commit;h=e909ff93698851777faac3c45d03c1b73f311ea6
+       NOTE: Overflow introduced by 
https://git.qemu.org/?p=qemu.git;a=commit;h=a71c775b24,
+       NOTE: vulnerability not present prior 2.12.50
 CVE-2016-10739 (In the GNU C Library (aka glibc or libc6) through 2.28, the 
getaddrinfo ...)
        - glibc 2.28-6 (bug #920047)
        [stretch] - glibc <no-dsa> (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/aa4e021d4f464869c16c2d925eeea166c719f98f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/aa4e021d4f464869c16c2d925eeea166c719f98f
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to