Author: jmm Date: 2017-01-14 15:56:00 +0000 (Sat, 14 Jan 2017) New Revision: 48048
Modified: data/CVE/list Log: drop qemu entry glance issue mostly a shoot-your-self-in-the-foot scenario Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-01-14 15:45:55 UTC (rev 48047) +++ data/CVE/list 2017-01-14 15:56:00 UTC (rev 48048) @@ -15494,8 +15494,7 @@ - libapache2-mod-cluster <itp> (bug #731410) CVE-2016-8611 [Glance Image service v1 and v2 api image-create vulnerability] RESERVED - - glance <unfixed> - [jessie] - glance <no-dsa> (Minor issue) + - glance <unfixed> (unimportant) NOTE: http://www.openwall.com/lists/oss-security/2016/10/27/16 CVE-2016-8610 [SSL/TLS SSL3_AL_WARNING undefined alert DoS] RESERVED @@ -84518,15 +84517,11 @@ NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9de7922bc709eee2f609cd01d98aaedc4cf5ea74 (v3.18-rc1) CVE-2014-3672 (The qemu implementation in libvirt before 1.3.0 and Xen allows local ...) {DLA-571-1} - - qemu <unfixed> - [jessie] - qemu <no-dsa> (Minor issue) - [wheezy] - qemu <no-dsa> (Minor issue) - - qemu-kvm <removed> - [wheezy] - qemu-kvm <no-dsa> (Minor issue) - xen 4.4.0-1 NOTE: Xen switched to qemu-system in 4.4.0-1 NOTE: http://xenbits.xen.org/xsa/advisory-180.html NOTE: Related hardening for libvirt: https://libvirt.org/git/?p=libvirt.git;a=commit;h=0d968ad715475a1660779bcdd2c5b38ad63db4cf + NOTE: This is hardly a vulnerability in qemu per se, but rather a problem of integrating qemu CVE-2014-3671 REJECTED CVE-2014-3670 (The exif_ifd_make_value function in exif.c in the EXIF extension in ...) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits