Bug#823830: qemu: CVE-2016-3710 CVE-2016-3712
thx On Tue, May 17, 2016 at 3:40 AM, Geert Stappers <stapp...@stappers.nl> wrote: > On Mon, May 16, 2016 at 05:04:29PM -0300, Cristian Aires wrote: > > On Mon, 09 May 2016 14:22:37 +0200 Salvatore Bonaccorso wrote: > > > > > > For further information see: > > > > > > [0] https://security-tracker.debian.org/tracker/CVE-2016-3710 > > > [1] https://security-tracker.debian.org/tracker/CVE-2016-3712 > > > [2] http://xenbits.xen.org/xsa/advisory-179.html > > > > > > > All types of video models are affected? > > > > In [2] is a section vulnerable systems, which answers your question. > > > Groeten > Geert Stappers > > P.S. > Visit https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823830 > to see the noise that is generated by top quoting. > > Please reply below the text. > So make reading in the discussion order possible. > Thanks. > -- *Cristian Aires* Infraestrutura (51) 3301.1432 - (51) 9994.3218 www.Under.com.br <http://www.under.com.br/>
Bug#823830: qemu: CVE-2016-3710 CVE-2016-3712
Hello, All types of video models are affected? The default is cirrus. On Mon, 09 May 2016 14:22:37 +0200 Salvatore Bonaccorsowrote: > Source: qemu > Version: 2.1+dfsg-1 > Severity: grave > Tags: security upstream > > Hi, > > the following vulnerabilities were published for qemu. > > CVE-2016-3710[0]: > incorrect banked access bounds checking in vga module > > CVE-2016-3712[1]: > Out-of-bounds read when creating weird vga screen surface > > If you fix the vulnerabilities please also make sure to include the > CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2016-3710 > [1] https://security-tracker.debian.org/tracker/CVE-2016-3712 > [2] http://xenbits.xen.org/xsa/advisory-179.html > > Please adjust the affected versions in the BTS as needed. > > Regards, > Salvatore > >