[Git][security-tracker-team/security-tracker][master] CVE-2018-19665/qemu: jessie: ignored, patch not gonna happen

Mon, 09 Sep 2019 09:12:01 -0700 


Sylvain Beucler pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
be5432eb by Sylvain Beucler at 2019-09-09T16:09:10Z
CVE-2018-19665/qemu: jessie: ignored, patch not gonna happen

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -42383,12 +42383,14 @@ CVE-2018-19666 (The agent in OSSEC through 3.1.0 on 
Windows allows local users t
 CVE-2018-19665 (The Bluetooth subsystem in QEMU mishandles negative values for 
length  ...)
        - qemu 1:3.1+dfsg-2 (low; bug #916278)
        [stretch] - qemu <ignored> (Minor issue)
-       [jessie] - qemu <postponed> (Revisit when final upstream patch is out)
+       [jessie] - qemu <ignored> (Minor issue, bluetooth subsystem 
unmaintained/unusable and now deprecated, no sanctioned patch)
        - qemu-kvm <removed>
+       NOTE: initial patch disputed
+       NOTE: 
https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg03822.html
+       NOTE: second patch never accepted, no activity as of 20190909
        NOTE: 
https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg03570.html
-       NOTE: note that previously mentioned patch will never be merged by 
upstream, see
        NOTE: https://lists.debian.org/debian-lts/2019/01/msg00073.html
-       NOTE: 3.1 marked bluetooth subsystem as unused/deprecated, will most 
likely be removed:
+       NOTE: 3.1 marked bluetooth subsystem deprecated
        NOTE: https://github.com/qemu/qemu/commit/c0188e69d
 CVE-2018-19664 (libjpeg-turbo 2.0.1 has a heap-based buffer over-read in the 
put_pixel ...)
        - libjpeg-turbo <not-affected> (Vulnerable code introduced later)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/be5432ebbe4aff4dacaafe89345d6a1c12e654ec

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/be5432ebbe4aff4dacaafe89345d6a1c12e654ec
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to