> Anyways, given that the patch is quite large (though straightforward), that
> the subsystem doesn't seem to be very actively maintained and that the user
> base is quite small, it is maybe better to mark this no-dsa in stretch and
> jessie.
... but if we manage to trim down upstream's patch to j
Hi,
I had a look at CVE-2018-19665 regarding qemu in oldstable/stable.
summary: the bluetooth subsystem uses signed length variables at multiple
places. These length variables are used, among others, in memcpy calls. A
malicious guest VM could attempt to crash the host by passing negative len
val
Source: qemu
Version: 1:3.1+dfsg-1
Severity: important
Tags: security upstream
Forwarded: https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg03570.html
Hi,
The following vulnerability was published for qemu.
CVE-2018-19665[0]:
| The Bluetooth subsystem in QEMU mishandles negative values fo
3 matches
Mail list logo
