[Secure-testing-commits] r56386 - in data: . CVE DSA

Tue, 03 Oct 2017 14:30:48 -0700 

Author: jmm
Date: 2017-10-03 21:30:29 +0000 (Tue, 03 Oct 2017)
New Revision: 56386

Modified:
   data/CVE/list
   data/DSA/list
   data/dsa-needed.txt
Log:
asterisk, qemu DSAs


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-10-03 21:10:13 UTC (rev 56385)
+++ data/CVE/list       2017-10-03 21:30:29 UTC (rev 56386)
@@ -3546,7 +3546,6 @@
        NOTE: https://sourceforge.net/p/lame/bugs/472/
 CVE-2017-13711 (Use-after-free vulnerability in the sofree function in 
slirp/socket.c ...)
        - qemu 1:2.10.0-1 (bug #873875)
-       [stretch] - qemu <no-dsa> (Minor issue)
        [jessie] - qemu <not-affected> (Vulnerable code introduced later)
        [wheezy] - qemu <not-affected> (Vulnerable code introduced later)
        - qemu-kvm <removed>
@@ -3695,7 +3694,6 @@
        NOTE: Introduced by: 
https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=fec5e8c92becad223df9d972770522f64aafdb72
 CVE-2017-13672 (QEMU (aka Quick Emulator), when built with the VGA display 
emulator ...)
        - qemu 1:2.10.0-1 (low; bug #873851)
-       [stretch] - qemu <postponed> (Can be fixed along in a future DSA)
        [jessie] - qemu <postponed> (Can be fixed along in a future DSA)
        - qemu-kvm <removed>
        NOTE: 
https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg04684.html
@@ -6262,7 +6260,6 @@
        RESERVED
 CVE-2017-12809 (QEMU (aka Quick Emulator), when built with the IDE disk and 
CD/DVD-ROM ...)
        - qemu 1:2.10.0-1 (bug #873849)
-       [stretch] - qemu <no-dsa> (Minor issue)
        [jessie] - qemu <no-dsa> (Minor issue)
        [wheezy] - qemu <no-dsa> (Minor issue)
        - qemu-kvm <removed>
@@ -15690,7 +15687,6 @@
        RESERVED
 CVE-2017-9375 (QEMU (aka Quick Emulator), when built with USB xHCI controller 
...)
        - qemu 1:2.10.0-1 (bug #864219)
-       [stretch] - qemu <ignored> (Minor issue, originally backported, but 
caused a functional regression)
        [jessie] - qemu <no-dsa> (Minor issue)
        [wheezy] - qemu <not-affected> (vulnerable code not present)
        - qemu-kvm <removed>

Modified: data/DSA/list
===================================================================
--- data/DSA/list       2017-10-03 21:10:13 UTC (rev 56385)
+++ data/DSA/list       2017-10-03 21:30:29 UTC (rev 56386)
@@ -1,3 +1,10 @@
+[03 Oct 2017] DSA-3991-1 qemu - security update
+       {CVE-2017-9375 CVE-2017-12809 CVE-2017-13672 CVE-2017-13711 
CVE-2017-14167}
+       [stretch] - qemu 1:2.8+dfsg-6+deb9u3
+[03 Oct 2017] DSA-3990-1 asterisk - security update
+       {CVE-2017-14603}
+       [jessie] - asterisk 1:11.13.1~dfsg-2+deb8u4
+       [stretch] - asterisk 1:13.14.1~dfsg-2+deb9u2
 [02 Oct 2017] DSA-3989-1 dnsmasq - security update
        {CVE-2017-14491 CVE-2017-14492 CVE-2017-14493 CVE-2017-14494}
        [jessie] - dnsmasq 2.72-3+deb8u2

Modified: data/dsa-needed.txt
===================================================================
--- data/dsa-needed.txt 2017-10-03 21:10:13 UTC (rev 56385)
+++ data/dsa-needed.txt 2017-10-03 21:30:29 UTC (rev 56386)
@@ -14,9 +14,6 @@
 --
 389-ds-base (fw)
 --
-asterisk
-  Maintainer proposed update, needs review and ack for upload
---
 curl (ghedo)
 --
 graphicsmagick


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to