Re: qemu: CVE-2016-7116

To: debian-lts@lists.debian.org
Subject: Re: qemu: CVE-2016-7116
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Sun, 4 Sep 2016 17:32:18 +0200
Message-id: <[🔎] 20160904153218.azjt2zhfzjieybvq@eldamar.local>
Mail-followup-to: debian-lts@lists.debian.org
In-reply-to: <[🔎] 20160904112556.oocrabkpcwhbjnr3@hle.local>
References: <[🔎] 20160902101216.ehmavdmk747yyvih@hle.local> <[🔎] 20160903155500.pdf6v7xwrgvpzaf2@bogon.m.sigxcpu.org> <[🔎] 20160904112556.oocrabkpcwhbjnr3@hle.local>

Hi Hugo,

On Sun, Sep 04, 2016 at 01:25:56PM +0200, Hugo Lefeuvre wrote:
> > Yes, qemu is supported (and there has was lots of file renaming after
> > the Wheezy version). If you handle qemu please look at qemu-kvm as well
> > (they're the same version).
> 
> Thanks for the hint.
> 
> By the way, could you explain me why this CVE is still labeled RESERVED,
> although a public fix explaining the security issue has been released ?

MITRE has assigned the CVE here:
https://marc.info/?l=oss-security&m=147259351226835&w=2 . Basically that
it is still RESERVED mean, that MITRE has not yet updated the
corresponding description entry in their database, at some point then
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7116 will
contain the MITRE provided description.

Regards,
Salvatore

Reply to:

References:
- qemu: CVE-2016-7116
  - From: Hugo Lefeuvre <hle@debian.org>
- Re: qemu: CVE-2016-7116
  - From: Guido Günther <agx@sigxcpu.org>
- Re: qemu: CVE-2016-7116
  - From: Hugo Lefeuvre <hle@debian.org>

Prev by Date: Re: qemu: CVE-2016-7116
Next by Date: Wheezy update of jsch?
Previous by thread: Re: qemu: CVE-2016-7116
Next by thread: Re: qemu: CVE-2016-7116
Index(es):
- Date
- Thread