[Secure-testing-commits] r49148 - data/CVE

Thu, 23 Feb 2017 07:02:29 -0800 

Author: agx
Date: 2017-02-23 15:01:46 +0000 (Thu, 23 Feb 2017)
New Revision: 49148

Modified:
   data/CVE/list
Log:
lts: mark several CVEs as no-dsa

These are all about missing cleanup on exit functions allowing for the
guest to cause OOM. Wheezy's qemu{-kvm} has more many more of these
leaks so there's no point to fix some of them.

The devices are not hot-unpluggable via libvirt.

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-02-23 14:12:31 UTC (rev 49147)
+++ data/CVE/list       2017-02-23 15:01:46 UTC (rev 49148)
@@ -1898,7 +1898,9 @@
        RESERVED
        - qemu <unfixed> (bug #853002)
        [jessie] - qemu <no-dsa> (Minor issue)
+       [wheezy] - qemu <no-dsa> (Minor issue)
        - qemu-kvm <removed>
+       [wheezy] - qemu-kvm <no-dsa> (Minor issue)
        NOTE: 
http://git.qemu.org/?p=qemu.git;a=commit;h=8409dc884a201bf74b30a9d232b6bbdd00cb7e2b
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1416157
 CVE-2017-5578 [display: virtio-gpu: host memory leakage in 
virtio_gpu_resource_attach_backing]
@@ -2076,7 +2078,9 @@
        RESERVED
        - qemu 1:2.8+dfsg-2 (low; bug #852232)
        [jessie] - qemu <no-dsa> (Minor issue)
+       [wheezy] - qemu <no-dsa> (Minor issue)
        - qemu-kvm <removed>
+       [wheezy] - qemu-kvm <no-dsa> (Minor issue)
        NOTE: 
https://lists.nongnu.org/archive/html/qemu-devel/2016-12/msg03104.html
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1415199
        NOTE: Fixed by: 
http://git.qemu.org/?p=qemu.git;a=commit;h=eb7a20a3616085d46aa6b4b4224e15587ec67e6e
@@ -2174,7 +2178,9 @@
        RESERVED
        - qemu 1:2.8+dfsg-2 (bug #851910)
        [jessie] - qemu <no-dsa> (Minor issue)
+       [wheezy] - qemu <no-dsa> (Minor issue)
        - qemu-kvm <removed>
+       [wheezy] - qemu-kvm <no-dsa> (Minor issue)
        NOTE: 
https://lists.nongnu.org/archive/html/qemu-devel/2017-01/msg01742.html
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1414209
        NOTE: 
http://git.qemu.org/?p=qemu.git;a=commit;h=069eb7b2b8fc47c7cb52e5a4af23ea98d939e3da
@@ -2183,7 +2189,9 @@
        RESERVED
        - qemu 1:2.8+dfsg-2 (bug #852021)
        [jessie] - qemu <no-dsa> (Minor issue)
+       [wheezy] - qemu <no-dsa> (Minor issue)
        - qemu-kvm <removed>
+       [wheezy] - qemu-kvm <no-dsa> (Minor issue)
        NOTE: 
https://lists.nongnu.org/archive/html/qemu-devel/2017-01/msg01740.html
        NOTE: 
http://git.qemu.org/?p=qemu.git;a=commit;h=12351a91da97b414eec8cdb09f1d9f41e535a401
        NOTE: Sound device hotplug not supported by libvirt


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to