qemu CVE-2019-6501: not-affected in Jessie and Stretch?

To: team@security.debian.org
Cc: debian-lts@lists.debian.org
Subject: qemu CVE-2019-6501: not-affected in Jessie and Stretch?
From: Hugo Lefeuvre <hle@debian.org>
Date: Wed, 27 Feb 2019 08:24:18 +0100
Message-id: <[🔎] 20190227072418.GA1625@behemoth.owl.eu.com.local>

Hi,

It looks very much like the vulnerability was introduced in
a71c775b24ebc664129eb1d9b4c360590353efd5[0] which is not present prior
2.12.50.

I'd appreciate if a second pair of eyes could double check before I
update the tracker for Jessie and Stretch.

(scsi_handle_inquiry_reply was introduced in
0a96ca2437646bad197b0108c5f4a93e7ead05a9[1].

thanks!

cheers,
 Hugo

[0] https://git.qemu.org/?p=qemu.git;a=commit;h=a71c775b24ebc664129eb1d9b4c360590353efd5
[1] https://git.qemu.org/?p=qemu.git;a=commit;h=0a96ca2437646bad197b0108c5f4a93e7ead05a9

-- 
                Hugo Lefeuvre (hle)    |    www.owl.eu.com
RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD
ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C

Attachment: signature.asc
Description: PGP signature

Reply to:

Prev by Date: Re: Bug#914632: RFC: proposed fix for CVE-2018-19518 in uw-imap
Next by Date: Re: phpmyadmin: CVE-2019-6799: PMASA-2019-1
Previous by thread: Experimenting with phpmyadmin's testsuite
Next by thread: Re: phpmyadmin: CVE-2019-6799: PMASA-2019-1
Index(es):
- Date
- Thread