Summary: | <app-emulation/qemu-2.7.0-r2: scsi: mptsas: invalid memory access while building configuration pages | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | qemu+disabled |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2016/09/06/4 | ||
Whiteboard: | B3 [glsa cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 593034, 593036, 593284, 593950, 593956 |
Description
Agostino Sarubbo
2016-09-07 09:38:30 UTC
commit b28fcd11405545eb2e4973f96823337531eebb08 Author: Matthias Maier <tamiko@gentoo.org> Date: Fri Sep 9 00:10:05 2016 -0500 app-emulation/qemu: fix static-user dep, security patches, bug #593038 This commit resolves bug #591202 bug #593024 bug #593034 CVE-2016-7155 bug #593036 CVE-2016-7156 bug #593038 CVE-2016-7157 Package-Manager: portage-2.2.28 Maintainer(s), please advise if you are ready for stabilization or call for stabilization yourself. Arches, please stabilize =app-emulation/qemu-2.7.0-r2 Target-keywords:"amd64 x86" amd64 stable I hijack the stabilization for another round: Arches, please stabilize =app-emulation/qemu-2.7.0-r3 Target-keywords:"amd64 x86" commit b50850bf14489740441b408a2d45f6e64d724f7d Author: Matthias Maier <tamiko@gentoo.org> Date: Sat Sep 17 23:02:53 2016 -0500 app-emulation/qemu: security fixes, ebuild maintenance bug 593956: CVE-2016-7422 bug 593950: CVE-2016-7421 bug 590230: missing use depend opengl? ( media-libs/mesa[...,gbm] ) bug 575326: update to readme.gentoo-r1 eclass Package-Manager: portage-2.2.28 amd64 stable x86 stable. Maintainer(s), please cleanup. Security, please vote. Arches, Thank you for your work. Added to an existing GLSA Request. Maintainer(s), please drop the vulnerable version(s). 2.7.0-r2 2.7.0 commit 4dd281902e043e8e8299cf9991aa4841076ae66b Author: Matthias Maier <tamiko@gentoo.org> Date: Sun Sep 25 19:15:20 2016 -0500 app-emulation/qemu: drop vulnerable versions 2.7.0, 2.7.0-r2 Package-Manager: portage-2.2.28 This issue was resolved and addressed in GLSA 201609-01 at https://security.gentoo.org/glsa/201609-01 by GLSA coordinator Yury German (BlueKnight). |