556630 – (CVE-2015-5165) <app-emulation/qemu-2.3.0-r5: Use after free and leak of uninitialized heap memory in rtl8139 device model

Bug 556630 (CVE-2015-5165) - <app-emulation/qemu-2.3.0-r5: Use after free and leak of uninitialized heap memory in rtl8139 device model

Summary: <app-emulation/qemu-2.3.0-r5: Use after free and leak of uninitialized heap m...

Status:	RESOLVED FIXED

Alias:	CVE-2015-5165

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Gentoo Security

URL:
Whiteboard:	B3 [noglsa]
Keywords:

Depends on:
Blocks:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Agostino Sarubbo gentoo-dev

2015-08-04 07:24:06 UTC

+++ This bug was initially created as a clone of Bug #556304 +++

Comment 1 Agostino Sarubbo gentoo-dev

2015-08-04 07:28:01 UTC

Arches, please test and mark stable:
=app-emulation/qemu-2.3.0-r5
=app-emulation/qemu-guest-agent-2.3.0
Target keywords : "amd64 x86"

Comment 2 Agostino Sarubbo gentoo-dev

2015-08-04 08:19:06 UTC

amd64 stable

Comment 3 Agostino Sarubbo gentoo-dev

2015-08-04 08:19:45 UTC

x86 stable.

Maintainer(s), please cleanup.
Security, please vote.

Comment 4 Agostino Sarubbo gentoo-dev

2015-08-04 08:20:54 UTC

Unless there will be request, ppc and ppc64 pass for now for qemu-guest-agent

Comment 5 Manuel Rüger (RETIRED) gentoo-dev

2015-08-28 00:19:32 UTC

Vulnerable versions have been removed.

Comment 6 Stefan Behte (RETIRED) gentoo-dev

2015-11-09 21:53:41 UTC

Vote: no.

Comment 7 Kristian Fiskerstrand (RETIRED) gentoo-dev

2015-11-09 21:58:15 UTC

GLSA Vote: No