Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 182726ab by Moritz Muehlenhoff at 2018-04-12T20:34:57+02:00 qemu fixed - - - - - 165ad983 by Moritz Muehlenhoff at 2018-04-12T20:35:28+02:00 Merge branch 'master' of salsa.debian.org:security-tracker-team/security-tracker - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -5142,7 +5142,7 @@ CVE-2018-7860 CVE-2018-7859 RESERVED CVE-2018-7858 (Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA ...) - - qemu <unfixed> (bug #892497) + - qemu 1:2.12~rc3+dfsg-1 (bug #892497) [stretch] - qemu <not-affected> (Vulnerable code not present) [jessie] - qemu <not-affected> (Vulnerable code not present) [wheezy] - qemu <not-affected> (Vulnerable code not present) @@ -6090,7 +6090,7 @@ CVE-2018-7551 (There is an invalid free in MiniPS::delete0 in minips.cpp that le [jessie] - sam2p <no-dsa> (Will be fixed via point release) NOTE: https://github.com/pts/sam2p/issues/28 CVE-2018-7550 (The load_multiboot function in hw/i386/multiboot.c in Quick Emulator ...) - - qemu <unfixed> (bug #892041) + - qemu 1:2.12~rc3+dfsg-1 (bug #892041) - qemu-kvm <removed> NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2018-03/msg01885.html CVE-2018-7549 (In params.c in zsh through 5.4.2, there is a crash during a copy of an ...) @@ -11796,7 +11796,7 @@ CVE-2018-5684 (In Libav through 12.2, there is an invalid memcpy call in the ... [jessie] - libav <ignored> (Minor issue) NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1110 CVE-2018-5683 (The vga_draw_text function in Qemu allows local OS guest privileged ...) - - qemu <unfixed> (bug #887392) + - qemu 1:2.12~rc3+dfsg-1 (bug #887392) [stretch] - qemu <postponed> (Minor issue, can be fixed along in future DSA) [jessie] - qemu <postponed> (Minor issue, can be fixed along in future DSA) [wheezy] - qemu <postponed> (Minor issue, can be fixed along in next DLA) @@ -27971,7 +27971,7 @@ CVE-2017-16847 (Zoho ManageEngine Applications Manager 13 allows SQL injection v CVE-2017-16846 (Zoho ManageEngine Applications Manager 13 allows SQL injection via the ...) NOT-FOR-US: Zoho ManageEngine Applications Manager CVE-2017-16845 (hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values ...) - - qemu <unfixed> (bug #882136) + - qemu 1:2.12~rc3+dfsg-1 (bug #882136) [stretch] - qemu <no-dsa> (Minor issue) [jessie] - qemu <no-dsa> (Minor issue) [wheezy] - qemu <postponed> (Can be fixed along in a future update) @@ -32942,7 +32942,7 @@ CVE-2017-15125 RESERVED NOT-FOR-US: Red Hat CloudForms CVE-2017-15124 (VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older ...) - - qemu <unfixed> (bug #884806) + - qemu 1:2.12~rc3+dfsg-1 (bug #884806) [stretch] - qemu <postponed> (Can be fixed along in later update) [jessie] - qemu <postponed> (Can be fixed along in later update) [wheezy] - qemu <postponed> (Can be fixed along in later update) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/c324ddb9cccd6987c79abdeef62d799daa74e4fb...165ad983f458c3c1a6e2903650285170e2f791cf --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/c324ddb9cccd6987c79abdeef62d799daa74e4fb...165ad983f458c3c1a6e2903650285170e2f791cf You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits