1
PublicDateAtUSN: 2014-05-15
2
Candidate: CVE-2014-3461
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3461
6
http://article.gmane.org/gmane.comp.emulators.qemu/272322
7
https://usn.ubuntu.com/usn/usn-2342-1
9
hw/usb/bus.c in QEMU 1.6.2 allows remote attackers to execute arbitrary
10
code via crafted savevm data, which triggers a heap-based buffer overflow,
11
related to "USB post load checks."
15
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739589
17
Discovered-by: Michael S. Tsirkin, Anthony Liguori and Michael Roth
21
upstream_qemu-kvm: needed
22
lucid_qemu-kvm: not-affected (code not present)
23
precise_qemu-kvm: released (1.0+noroms-0ubuntu14.17)
24
quantal_qemu-kvm: ignored (reached end-of-life)
30
upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=719ffe1f5f72b1c7ace4afe9ba2815bcb53a829e
35
saucy_qemu: ignored (reached end-of-life)
36
trusty_qemu: released (2.0.0+dfsg-2ubuntu1.3)
37
devel_qemu: not-affected (2.1+dfsg-2ubuntu1)