[Secure-testing-team] Bug#847953: qemu: CVE-2016-9907: usb: redirector: memory leakage when destroying redirector
Salvatore Bonaccorso
carnil at debian.org
Mon Dec 12 15:37:55 UTC 2016
Source: qemu
Version: 1:2.7+dfsg-3
Severity: important
Tags: security upstream patch
Hi,
the following vulnerability was published for qemu.
CVE-2016-9907[0]:
usb: redirector: memory leakage when destroying redirector
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-9907
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9907
[1] https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg01379.html
Please adjust the affected versions in the BTS as needed. I think
jessie is affected as well, while the code is slight different, if I'm
now wrong, then the vm change state handler is as well freed in
usbredir_cleanup_device_queues. But please double check.
Regards,
Salvatore
More information about the Secure-testing-team
mailing list