Author: jmm
Date: 2015-03-29 18:00:39 +0000 (Sun, 29 Mar 2015)
New Revision: 33242
Modified:
data/CVE/list
Log:
one qemu issue unimportant
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-03-29 18:00:03 UTC (rev 33241)
+++ data/CVE/list 2015-03-29 18:00:39 UTC (rev 33242)
@@ -854,10 +854,15 @@
NOTE: Upstream commit:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5f5bc6b1e2d5a6f827bc860ef2dc5b6f365d1339
(v3.19-rc1)
NOTE: http://www.openwall.com/lists/oss-security/2015/03/24/11
CVE-2015-XXXX [malicious PRDT flow from guest to host]
- - qemu <unfixed> (bug #781250)
- - qemu-kvm <removed>
+ - qemu <unfixed> (unimportant; bug #781250)
+ - qemu-kvm <removed> (unimportant)
NOTE:
http://git.qemu.org/?p=qemu.git;a=commitdiff;h=3251bdcf1c67427d964517053c3d185b46e618e8
(v2.2.0-rc2)
NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2015/03/24/4
+ NOTE: Per maintainer not a security issue:
+ NOTE: Qemu either leaks memory or loops infinitely. Memory leakage
can be easily
+ NOTE: mitigated using some kind of resource limits in
security-sensitive environments,
+ NOTE: and looping can trivially be done inside the virtual machine
just fine, achieving
+ NOTE: the same effect
CVE-2015-2686 [sys_sendto/sys_recvfrom does not validate the user provided
ubuf pointer]
RESERVED
- linux <not-affected> (Introduced in 3.19, never uploaded to unstable)
@@ -2493,6 +2498,7 @@
CVE-2015-1779 [denial of service in VNC web]
RESERVED
- qemu <unfixed> (bug #781250)
+ [jessie] - qemu <no-dsa> (Postponed until fixed upstream)
[wheezy] - qemu <not-affected> (Websocket protocol support introduced
in v1.4.0-rc0)
- qemu-kvm <not-affected> (Websocket protocol support introduced in
v1.4.0-rc0)
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2015-03/msg04894.html
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
