Author: agx Date: 2017-08-31 13:48:46 +0000 (Thu, 31 Aug 2017) New Revision: 55315
Modified: data/CVE/list Log: lts: qemu not affected by CVE-2017-13711 The leak fixed in ea64d5f08817b5e79e17135dce516c7583107f91 is still present but that's less troublesome than the use after free. And there are many leaks in the wheezy version. Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-08-31 13:42:53 UTC (rev 55314) +++ data/CVE/list 2017-08-31 13:48:46 UTC (rev 55315) @@ -819,7 +819,9 @@ CVE-2017-13711 [Slirp: use-after-free when sending response] RESERVED - qemu <unfixed> + [wheezy] - qemu <not-affected> (Vulnerable code introduced later) - qemu-kvm <removed> + [wheezy] - qemu-kvm <not-affected> (Vulnerable code introduced later) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg05201.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1486400 CVE-2017-14041 (A stack-based buffer overflow was discovered in the pgxtoimage function ...) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits