[Secure-testing-team] Bug#824856: qemu: CVE-2016-4439 CVE-2016-4441
Salvatore Bonaccorso
carnil at debian.org
Fri May 20 13:19:44 UTC 2016
Source: qemu
Version: 2.1+dfsg-1
Severity: important
Tags: security upstream patch
Hi,
the following vulnerabilities were published for qemu.
CVE-2016-4439[0]:
scsi: esp: OOB write while writing to 's->cmdbuf' in esp_reg_write
CVE-2016-4441[1]:
scsi: esp: OOB write while writing to 's->cmdbuf' in get_cmd
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-4439
[1] https://security-tracker.debian.org/tracker/CVE-2016-4441
Please adjust the affected versions in the BTS as needed.
I think this does not warrant a DSA on it's own but can be obviously
included in any future DSA.
Regards,
Salvatore
More information about the Secure-testing-team
mailing list