[Secure-testing-team] Bug#847496: qemu: CVE-2016-9913 CVE-2016-9914 CVE-2016-9915 CVE-2016-9916
Salvatore Bonaccorso
carnil at debian.org
Thu Dec 8 19:12:01 UTC 2016
Source: qemu
Version: 1:2.7+dfsg-3
Severity: important
Tags: security upstream patch
Hi,
the following vulnerabilities were published for qemu.
CVE-2016-9913[0]:
9pfs: adjust the order of resource cleanup in device unrealize
CVE-2016-9914[1]:
9pfs: add cleanup operation in FileOperations
CVE-2016-9915[2]:
9pfs: add cleanup operation for handle backend driver
CVE-2016-9916[3]:
9pfs: add cleanup operation for proxy backend driver
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-9913
[1] https://security-tracker.debian.org/tracker/CVE-2016-9914
[2] https://security-tracker.debian.org/tracker/CVE-2016-9915
[3] https://security-tracker.debian.org/tracker/CVE-2016-9916
Please adjust the affected versions in the BTS as needed. If I'm not
mistaken all of those affect as well 2.1 as for jessie, even though
the code is slight changed or restructured e.g. for CVE-2016-9913
codepath, but the issue should be there as well.
OTOH, I think those might be all no-dsa and can be fixed via a point
release.
Regards,
Salvatore
More information about the Secure-testing-team
mailing list