Author: carnil Date: 2016-09-15 12:47:53 +0000 (Thu, 15 Sep 2016) New Revision: 44605
Modified: data/CVE/list Log: Varous CVEs for qemu fixed in unstable Modified: data/CVE/list =================================================================== --- data/CVE/list 2016-09-15 12:08:06 UTC (rev 44604) +++ data/CVE/list 2016-09-15 12:47:53 UTC (rev 44605) @@ -2892,7 +2892,7 @@ RESERVED CVE-2016-7155 [scsi: pvscsi: OOB read and infinite loop while setting descriptor rings] RESERVED - - qemu <unfixed> (bug #837174) + - qemu 1:2.6+dfsg-3.1 (bug #837174) [jessie] - qemu <no-dsa> (Minor issue) [wheezy] - qemu <not-affected> (Vulnerable code not present, introduced after v1.5) - qemu-kvm <removed> @@ -2903,7 +2903,7 @@ NOTE: Vulnerable code introduced after version 1.5: http://wiki.qemu.org/ChangeLog/1.5 CVE-2016-7156 [scsi: pvscsi: infintie loop when building SG list] RESERVED - - qemu <unfixed> (bug #837339) + - qemu 1:2.6+dfsg-3.1 (bug #837339) [jessie] - qemu <no-dsa> (Minor issue) [wheezy] - qemu <not-affected> (Vulnerable code not present, introduced after v1.5) - qemu-kvm <removed> @@ -2914,7 +2914,7 @@ NOTE: Vulnerable code introduced after version 1.5: http://wiki.qemu.org/ChangeLog/1.5 CVE-2016-7157 [mptsas: invalid memory access while building configuration pages] RESERVED - - qemu <unfixed> (bug #837603) + - qemu 1:2.6+dfsg-3.1 (bug #837603) [jessie] - qemu <not-affected> (Vulnerable code not present, introduced after v2.6) [wheezy] - qemu <not-affected> (Vulnerable code not present, introduced after v2.6) - qemu-kvm <removed> @@ -3095,7 +3095,7 @@ CVE-2016-7116 [9p: directory traversal flaw in 9p virtio backend] RESERVED {DLA-619-1 DLA-618-1} - - qemu <unfixed> (bug #836502) + - qemu 1:2.6+dfsg-3.1 (bug #836502) [jessie] - qemu <no-dsa> (Minor issue) - qemu-kvm <removed> NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=56f101ecce0eafd09e2daf1c4eeb1377d6959261 @@ -3712,7 +3712,7 @@ RESERVED CVE-2016-6888 [net: vmxnet: integer overflow in packet initialisation] RESERVED - - qemu <unfixed> (bug #834902) + - qemu 1:2.6+dfsg-3.1 (bug #834902) [jessie] - qemu <no-dsa> (Minor issue) [wheezy] - qemu <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5) - qemu-kvm <removed> @@ -4122,7 +4122,7 @@ NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30245 CVE-2016-6833 [net: vmxnet3: use after free while writing] RESERVED - - qemu <unfixed> (bug #834904) + - qemu 1:2.6+dfsg-3.1 (bug #834904) [wheezy] - qemu <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5) - qemu-kvm <removed> [wheezy] - qemu-kvm <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5) @@ -4131,7 +4131,7 @@ NOTE: http://www.openwall.com/lists/oss-security/2016/08/12/1 CVE-2016-6834 [an infinite loop during packet fragmentation] RESERVED - - qemu <unfixed> (bug #834905) + - qemu 1:2.6+dfsg-3.1 (bug #834905) [jessie] - qemu <no-dsa> (Minor issue) [wheezy] - qemu <not-affected> (Vulnerable code not present, packet abstraction introduced in 1.5) - qemu-kvm <removed> @@ -4141,7 +4141,7 @@ NOTE: http://www.openwall.com/lists/oss-security/2016/08/11/8 CVE-2016-6835 [buffer overflow in vmxnet_tx_pkt_parse_headers() in vmxnet3 device emulation] RESERVED - - qemu <unfixed> (bug #835031) + - qemu 1:2.6+dfsg-3.1 (bug #835031) [wheezy] - qemu <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5) - qemu-kvm <removed> [wheezy] - qemu-kvm <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5) @@ -4149,7 +4149,7 @@ NOTE: http://www.openwall.com/lists/oss-security/2016/08/11/7 CVE-2016-6836 [Information leak in vmxnet3_complete_packet] RESERVED - - qemu <unfixed> (bug #834944) + - qemu 1:2.6+dfsg-3.1 (bug #834944) [jessie] - qemu <no-dsa> (Minor issue) [wheezy] - qemu <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5) - qemu-kvm <removed> @@ -5001,7 +5001,7 @@ NOTE: http://www.openwall.com/lists/oss-security/2016/07/28/3 CVE-2016-6490 [virtio: infinite loop in virtqueue_pop] RESERVED - - qemu <unfixed> (bug #832767) + - qemu 1:2.6+dfsg-3.1 (bug #832767) [jessie] - qemu <not-affected> (Vulnerable code not present) [wheezy] - qemu <not-affected> (Issue introduced later) - qemu-kvm <removed> @@ -5476,7 +5476,7 @@ TODO: It needs to be evaluated which reverse reverse build-dependencies or sources using the generated code needs fixing/rebuild CVE-2016-6351 (The esp_do_dma function in hw/scsi/esp.c in QEMU (aka Quick Emulator), ...) {DLA-574-1 DLA-573-1} - - qemu <unfixed> (bug #832621) + - qemu 1:2.6+dfsg-3.1 (bug #832621) - qemu-kvm <removed> NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=926cde5f3e4d2504ed161ed0cb771ac7cad6fd11 (v2.7.0-rc0) NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=cc96677469388bad3d66479379735cf75db069e3 (v2.7.0-rc0) @@ -8394,7 +8394,7 @@ NOTE: https://fedorahosted.org/freeipa/ticket/6232 CVE-2016-5403 (The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local ...) {DLA-574-1 DLA-573-1} - - qemu <unfixed> (bug #832619) + - qemu 1:2.6+dfsg-3.1 (bug #832619) [jessie] - qemu <no-dsa> (Minor issue; can be fixed in future DSA or point release) - qemu-kvm <removed> - xen 4.4.0-1 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits