Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
be5432eb by Sylvain Beucler at 2019-09-09T16:09:10Z
CVE-2018-19665/qemu: jessie: ignored, patch not gonna happen
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -42383,12 +42383,14 @@ CVE-2018-19666 (The agent in OSSEC through 3.1.0 on
Windows allows local users t
CVE-2018-19665 (The Bluetooth subsystem in QEMU mishandles negative values for
length ...)
- qemu 1:3.1+dfsg-2 (low; bug #916278)
[stretch] - qemu <ignored> (Minor issue)
- [jessie] - qemu <postponed> (Revisit when final upstream patch is out)
+ [jessie] - qemu <ignored> (Minor issue, bluetooth subsystem
unmaintained/unusable and now deprecated, no sanctioned patch)
- qemu-kvm <removed>
+ NOTE: initial patch disputed
+ NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg03822.html
+ NOTE: second patch never accepted, no activity as of 20190909
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg03570.html
- NOTE: note that previously mentioned patch will never be merged by
upstream, see
NOTE: https://lists.debian.org/debian-lts/2019/01/msg00073.html
- NOTE: 3.1 marked bluetooth subsystem as unused/deprecated, will most
likely be removed:
+ NOTE: 3.1 marked bluetooth subsystem deprecated
NOTE: https://github.com/qemu/qemu/commit/c0188e69d
CVE-2018-19664 (libjpeg-turbo 2.0.1 has a heap-based buffer over-read in the
put_pixel ...)
- libjpeg-turbo <not-affected> (Vulnerable code introduced later)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/be5432ebbe4aff4dacaafe89345d6a1c12e654ec
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/be5432ebbe4aff4dacaafe89345d6a1c12e654ec
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits