Source: qemu Version: 1:2.12+dfsg-3 Severity: grave Tags: patch security upstream Justification: user security hole Forwarded: https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg00390.html
Hi, The following vulnerability was published for qemu. CVE-2018-16867[0]: |dev-mtp: path traversal in usb_mtp_write_data of the Media Transfer |Protocol (MTP) If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-16867 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16867 [1] https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg00390.html [2] https://git.qemu.org/?p=qemu.git;a=commit;h=c52d46e041b42bb1ee6f692e00a0abe37a9659f6 Please adjust the affected versions in the BTS as needed. Regards, Salvatore