svn commit: r394816 - head/security/vuxml
Jason Unovitch
junovitch at FreeBSD.org
Wed Aug 19 22:06:18 UTC 2015
Author: junovitch
Date: Wed Aug 19 22:06:17 2015
New Revision: 394816
URL: https://svnweb.freebsd.org/changeset/ports/394816
Log:
Extend recent QEMU related xen-tools CVEs to include the qemu-* ports
PR: 202402
Security: CVE-2015-5154
Security: CVE-2015-5165
Security: CVE-2015-5166
Security: da451130-365d-11e5-a4a5-002590263bf5
Security: f06f20dc-4347-11e5-93ad-002590263bf5
Security: ee99899d-4347-11e5-93ad-002590263bf5
Approved by: feld (mentor)
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Wed Aug 19 21:20:48 2015 (r394815)
+++ head/security/vuxml/vuln.xml Wed Aug 19 22:06:17 2015 (r394816)
@@ -316,9 +316,20 @@ Notes:
</vuln>
<vuln vid="f06f20dc-4347-11e5-93ad-002590263bf5">
- <topic>xen-tools -- QEMU leak of uninitialized heap memory in rtl8139 device model</topic>
+ <topic>qemu, xen-tools -- QEMU leak of uninitialized heap memory in rtl8139 device model</topic>
<affects>
<package>
+ <name>qemu</name>
+ <name>qemu-devel</name>
+ <range><le>0.11.1_20</le></range>
+ <range><ge>0.12</ge><le>2.3.0_2</le></range>
+ </package>
+ <package>
+ <name>qemu-sbruno</name>
+ <name>qemu-user-static</name>
+ <range><lt>2.4.50.g20150814</lt></range>
+ </package>
+ <package>
<name>xen-tools</name>
<range><lt>4.5.1</lt></range>
</package>
@@ -342,17 +353,30 @@ Notes:
<references>
<cvename>CVE-2015-5165</cvename>
<url>http://xenbits.xen.org/xsa/advisory-140.html</url>
+ <url>http://git.qemu.org/?p=qemu.git;a=commit;h=2a3612ccc1fa9cea77bd193afbfe21c77e7e91ef</url>
</references>
<dates>
<discovery>2015-08-03</discovery>
<entry>2015-08-17</entry>
+ <modified>2015-08-19</modified>
</dates>
</vuln>
<vuln vid="ee99899d-4347-11e5-93ad-002590263bf5">
- <topic>xen-tools -- use after free in QEMU/Xen block unplug protocol</topic>
+ <topic>qemu, xen-tools -- use after free in QEMU/Xen block unplug protocol</topic>
<affects>
<package>
+ <name>qemu</name>
+ <name>qemu-devel</name>
+ <range><le>0.11.1_20</le></range>
+ <range><ge>0.12</ge><le>2.3.0_2</le></range>
+ </package>
+ <package>
+ <name>qemu-sbruno</name>
+ <name>qemu-user-static</name>
+ <range><lt>2.4.50.g20150814</lt></range>
+ </package>
+ <package>
<name>xen-tools</name>
<range><lt>4.5.1</lt></range>
</package>
@@ -373,10 +397,12 @@ Notes:
<references>
<cvename>CVE-2015-5166</cvename>
<url>http://xenbits.xen.org/xsa/advisory-139.html</url>
+ <url>http://git.qemu.org/?p=qemu.git;a=commit;h=260425ab405ea76c44dd59744d05176d4f579a52</url>
</references>
<dates>
<discovery>2015-08-03</discovery>
<entry>2015-08-17</entry>
+ <modified>2015-08-19</modified>
</dates>
</vuln>
@@ -1251,9 +1277,20 @@ Notes:
</vuln>
<vuln vid="da451130-365d-11e5-a4a5-002590263bf5">
- <topic>xen-tools -- QEMU heap overflow flaw with certain ATAPI commands</topic>
+ <topic>qemu, xen-tools -- QEMU heap overflow flaw with certain ATAPI commands</topic>
<affects>
<package>
+ <name>qemu</name>
+ <name>qemu-devel</name>
+ <range><le>0.11.1_20</le></range>
+ <range><ge>0.12</ge><le>2.3.0_2</le></range>
+ </package>
+ <package>
+ <name>qemu-sbruno</name>
+ <name>qemu-user-static</name>
+ <range><lt>2.4.50.g20150814</lt></range>
+ </package>
+ <package>
<name>xen-tools</name>
<range><lt>4.5.0_9</lt></range>
</package>
@@ -1275,10 +1312,12 @@ Notes:
<references>
<cvename>CVE-2015-5154</cvename>
<url>http://xenbits.xen.org/xsa/advisory-138.html</url>
+ <url>http://git.qemu.org/?p=qemu.git;a=commit;h=e40db4c6d391419c0039fe274c74df32a6ca1a28</url>
</references>
<dates>
<discovery>2015-07-27</discovery>
<entry>2015-08-04</entry>
+ <modified>2015-08-19</modified>
</dates>
</vuln>
More information about the svn-ports-all
mailing list