Author: carnil
Date: 2016-09-15 12:47:53 +0000 (Thu, 15 Sep 2016)
New Revision: 44605
Modified:
data/CVE/list
Log:
Varous CVEs for qemu fixed in unstable
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-09-15 12:08:06 UTC (rev 44604)
+++ data/CVE/list 2016-09-15 12:47:53 UTC (rev 44605)
@@ -2892,7 +2892,7 @@
RESERVED
CVE-2016-7155 [scsi: pvscsi: OOB read and infinite loop while setting
descriptor rings]
RESERVED
- - qemu <unfixed> (bug #837174)
+ - qemu 1:2.6+dfsg-3.1 (bug #837174)
[jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <not-affected> (Vulnerable code not present, introduced
after v1.5)
- qemu-kvm <removed>
@@ -2903,7 +2903,7 @@
NOTE: Vulnerable code introduced after version 1.5:
http://wiki.qemu.org/ChangeLog/1.5
CVE-2016-7156 [scsi: pvscsi: infintie loop when building SG list]
RESERVED
- - qemu <unfixed> (bug #837339)
+ - qemu 1:2.6+dfsg-3.1 (bug #837339)
[jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <not-affected> (Vulnerable code not present, introduced
after v1.5)
- qemu-kvm <removed>
@@ -2914,7 +2914,7 @@
NOTE: Vulnerable code introduced after version 1.5:
http://wiki.qemu.org/ChangeLog/1.5
CVE-2016-7157 [mptsas: invalid memory access while building configuration
pages]
RESERVED
- - qemu <unfixed> (bug #837603)
+ - qemu 1:2.6+dfsg-3.1 (bug #837603)
[jessie] - qemu <not-affected> (Vulnerable code not present, introduced
after v2.6)
[wheezy] - qemu <not-affected> (Vulnerable code not present, introduced
after v2.6)
- qemu-kvm <removed>
@@ -3095,7 +3095,7 @@
CVE-2016-7116 [9p: directory traversal flaw in 9p virtio backend]
RESERVED
{DLA-619-1 DLA-618-1}
- - qemu <unfixed> (bug #836502)
+ - qemu 1:2.6+dfsg-3.1 (bug #836502)
[jessie] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
NOTE: Fixed by:
http://git.qemu.org/?p=qemu.git;a=commit;h=56f101ecce0eafd09e2daf1c4eeb1377d6959261
@@ -3712,7 +3712,7 @@
RESERVED
CVE-2016-6888 [net: vmxnet: integer overflow in packet initialisation]
RESERVED
- - qemu <unfixed> (bug #834902)
+ - qemu 1:2.6+dfsg-3.1 (bug #834902)
[jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <not-affected> (Vulnerable code not present, vmxnet3
introduced in 1.5)
- qemu-kvm <removed>
@@ -4122,7 +4122,7 @@
NOTE:
https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30245
CVE-2016-6833 [net: vmxnet3: use after free while writing]
RESERVED
- - qemu <unfixed> (bug #834904)
+ - qemu 1:2.6+dfsg-3.1 (bug #834904)
[wheezy] - qemu <not-affected> (Vulnerable code not present, vmxnet3
introduced in 1.5)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present,
vmxnet3 introduced in 1.5)
@@ -4131,7 +4131,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/08/12/1
CVE-2016-6834 [an infinite loop during packet fragmentation]
RESERVED
- - qemu <unfixed> (bug #834905)
+ - qemu 1:2.6+dfsg-3.1 (bug #834905)
[jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <not-affected> (Vulnerable code not present, packet
abstraction introduced in 1.5)
- qemu-kvm <removed>
@@ -4141,7 +4141,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/08/11/8
CVE-2016-6835 [buffer overflow in vmxnet_tx_pkt_parse_headers() in vmxnet3
device emulation]
RESERVED
- - qemu <unfixed> (bug #835031)
+ - qemu 1:2.6+dfsg-3.1 (bug #835031)
[wheezy] - qemu <not-affected> (Vulnerable code not present, vmxnet3
introduced in 1.5)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present,
vmxnet3 introduced in 1.5)
@@ -4149,7 +4149,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/08/11/7
CVE-2016-6836 [Information leak in vmxnet3_complete_packet]
RESERVED
- - qemu <unfixed> (bug #834944)
+ - qemu 1:2.6+dfsg-3.1 (bug #834944)
[jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <not-affected> (Vulnerable code not present, vmxnet3
introduced in 1.5)
- qemu-kvm <removed>
@@ -5001,7 +5001,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/07/28/3
CVE-2016-6490 [virtio: infinite loop in virtqueue_pop]
RESERVED
- - qemu <unfixed> (bug #832767)
+ - qemu 1:2.6+dfsg-3.1 (bug #832767)
[jessie] - qemu <not-affected> (Vulnerable code not present)
[wheezy] - qemu <not-affected> (Issue introduced later)
- qemu-kvm <removed>
@@ -5476,7 +5476,7 @@
TODO: It needs to be evaluated which reverse reverse build-dependencies
or sources using the generated code needs fixing/rebuild
CVE-2016-6351 (The esp_do_dma function in hw/scsi/esp.c in QEMU (aka Quick
Emulator), ...)
{DLA-574-1 DLA-573-1}
- - qemu <unfixed> (bug #832621)
+ - qemu 1:2.6+dfsg-3.1 (bug #832621)
- qemu-kvm <removed>
NOTE: Fixed by:
http://git.qemu.org/?p=qemu.git;a=commit;h=926cde5f3e4d2504ed161ed0cb771ac7cad6fd11
(v2.7.0-rc0)
NOTE: Fixed by:
http://git.qemu.org/?p=qemu.git;a=commit;h=cc96677469388bad3d66479379735cf75db069e3
(v2.7.0-rc0)
@@ -8394,7 +8394,7 @@
NOTE: https://fedorahosted.org/freeipa/ticket/6232
CVE-2016-5403 (The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows
local ...)
{DLA-574-1 DLA-573-1}
- - qemu <unfixed> (bug #832619)
+ - qemu 1:2.6+dfsg-3.1 (bug #832619)
[jessie] - qemu <no-dsa> (Minor issue; can be fixed in future DSA or
point release)
- qemu-kvm <removed>
- xen 4.4.0-1
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
