Author: agx
Date: 2017-08-31 13:48:46 +0000 (Thu, 31 Aug 2017)
New Revision: 55315
Modified:
data/CVE/list
Log:
lts: qemu not affected by CVE-2017-13711
The leak fixed in ea64d5f08817b5e79e17135dce516c7583107f91 is still
present but that's less troublesome than the use after free. And
there are many leaks in the wheezy version.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-08-31 13:42:53 UTC (rev 55314)
+++ data/CVE/list 2017-08-31 13:48:46 UTC (rev 55315)
@@ -819,7 +819,9 @@
CVE-2017-13711 [Slirp: use-after-free when sending response]
RESERVED
- qemu <unfixed>
+ [wheezy] - qemu <not-affected> (Vulnerable code introduced later)
- qemu-kvm <removed>
+ [wheezy] - qemu-kvm <not-affected> (Vulnerable code introduced later)
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg05201.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1486400
CVE-2017-14041 (A stack-based buffer overflow was discovered in the pgxtoimage
function ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
