← Back to branch summary

~ubuntu-security/ubuntu-cve-tracker/master 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179

PublicDateAtUSN: 2008-05-12
PublicDate: 2008-05-12
Candidate: CVE-2008-2004
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2004
 http://www.ubuntu.com/usn/usn-776-1
Description:
 The drive_init function in QEMU 0.9.1 determines the format of a raw disk
 image based on the header, which allows local guest users to read arbitrary
 files on the host by modifying the header to identify a different format,
 which is used when the guest is restarted.
Ubuntu-Description:
Notes:
 kees> xen-utils-3.x is in universe
 mdeslaur> xen-qemu-block-no-auto-format.patch in RHEL5
Bugs:
Priority: medium
Discovered-by:
Assigned-to:

Patches_qemu:
 vendor: http://patch-tracking.debian.net/patch/series/view/qemu/0.9.1-6/94_security.patch
upstream_qemu: needs-triage
dapper_qemu: ignored (reached end-of-life)
feisty_qemu: needed (reached end-of-life)
gutsy_qemu: needed (reached end-of-life)
hardy_qemu: ignored (reached end-of-life)
intrepid_qemu: not-affected
jaunty_qemu: not-affected
karmic_qemu: DNE
lucid_qemu: DNE
maverick_qemu: DNE
natty_qemu: DNE
oneiric_qemu: DNE
precise_qemu: DNE
quantal_qemu: DNE
raring_qemu: not-affected
saucy_qemu: not-affected
trusty_qemu: not-affected
utopic_qemu: not-affected
vivid_qemu: not-affected
devel_qemu: not-affected

Patches_xen-3.0:
upstream_xen-3.0: needs-triage
dapper_xen-3.0: DNE
feisty_xen-3.0: needs-triage (reached end-of-life)
gutsy_xen-3.0: DNE
hardy_xen-3.0: DNE
intrepid_xen-3.0: DNE
jaunty_xen-3.0: DNE
karmic_xen-3.0: DNE
lucid_xen-3.0: DNE
maverick_xen-3.0: DNE
natty_xen-3.0: DNE
oneiric_xen-3.0: DNE
precise_xen-3.0: DNE
quantal_xen-3.0: DNE
raring_xen-3.0: DNE
saucy_xen-3.0: DNE
trusty_xen-3.0: DNE
utopic_xen-3.0: DNE
vivid_xen-3.0: DNE
devel_xen-3.0: DNE

Patches_xen-3.1:
 vendor: http://people.ubuntu.com/~kees/qemu/xen-qemu-block-no-auto-format-CVE-2008-2004.patch
Tags_xen-3.1: universe-binary
upstream_xen-3.1: needs-triage
dapper_xen-3.1: DNE
feisty_xen-3.1: DNE
gutsy_xen-3.1: needed (reached end-of-life)
hardy_xen-3.1: ignored (reached end-of-life)
intrepid_xen-3.1: needed (reached end-of-life)
jaunty_xen-3.1: DNE
karmic_xen-3.1: DNE
lucid_xen-3.1: DNE
maverick_xen-3.1: DNE
natty_xen-3.1: DNE
oneiric_xen-3.1: DNE
precise_xen-3.1: DNE
quantal_xen-3.1: DNE
raring_xen-3.1: DNE
saucy_xen-3.1: DNE
trusty_xen-3.1: DNE
utopic_xen-3.1: DNE
vivid_xen-3.1: DNE
devel_xen-3.1: DNE

Patches_xen-3.2:
 vendor: http://people.ubuntu.com/~kees/qemu/xen-qemu-block-no-auto-format-CVE-2008-2004.patch
Tags_xen-3.2: universe-binary
upstream_xen-3.2: needed
dapper_xen-3.2: DNE
feisty_xen-3.2: DNE
gutsy_xen-3.2: DNE
hardy_xen-3.2: ignored (reached end-of-life)
intrepid_xen-3.2: DNE
jaunty_xen-3.2: DNE
karmic_xen-3.2: DNE
lucid_xen-3.2: DNE
maverick_xen-3.2: DNE
natty_xen-3.2: DNE
oneiric_xen-3.2: DNE
precise_xen-3.2: DNE
quantal_xen-3.2: DNE
raring_xen-3.2: DNE
saucy_xen-3.2: DNE
trusty_xen-3.2: DNE
utopic_xen-3.2: DNE
vivid_xen-3.2: DNE
devel_xen-3.2: DNE

Patches_xen-3.3:
 vendor: http://people.ubuntu.com/~kees/qemu/xen-qemu-block-no-auto-format-CVE-2008-2004.patch
Tags_xen-3.3: universe-binary
upstream_xen-3.3: needed
dapper_xen-3.3: DNE
feisty_xen-3.3: DNE
gutsy_xen-3.3: DNE
hardy_xen-3.3: DNE
intrepid_xen-3.3: needed (reached end-of-life)
jaunty_xen-3.3: ignored (reached end-of-life)
karmic_xen-3.3: ignored (reached end-of-life)
lucid_xen-3.3: ignored (reached end-of-life)
maverick_xen-3.3: ignored (reached end-of-life)
natty_xen-3.3: ignored (reached end-of-life)
oneiric_xen-3.3: DNE
precise_xen-3.3: DNE
quantal_xen-3.3: DNE
raring_xen-3.3: DNE
saucy_xen-3.3: DNE
trusty_xen-3.3: DNE
utopic_xen-3.3: DNE
vivid_xen-3.3: DNE
devel_xen-3.3: DNE

Patches_kvm:
upstream_kvm: released (0.72)
dapper_kvm: DNE
feisty_kvm: needed (reached end-of-life)
gutsy_kvm: needed (reached end-of-life)
hardy_kvm: released (1:62+dfsg-0ubuntu8.1)
intrepid_kvm: not-affected
jaunty_kvm: not-affected
karmic_kvm: DNE
lucid_kvm: DNE
maverick_kvm: DNE
natty_kvm: DNE
oneiric_kvm: DNE
precise_kvm: DNE
quantal_kvm: DNE
raring_kvm: DNE
saucy_kvm: DNE
trusty_kvm: DNE
utopic_kvm: DNE
vivid_kvm: DNE
devel_kvm: DNE

Patches_qemu-kvm:
upstream_qemu-kvm: needs-triage
dapper_qemu-kvm: DNE
hardy_qemu-kvm: DNE
intrepid_qemu-kvm: DNE
jaunty_qemu-kvm: DNE
karmic_qemu-kvm: not-affected
lucid_qemu-kvm: not-affected
maverick_qemu-kvm: not-affected
natty_qemu-kvm: not-affected
oneiric_qemu-kvm: not-affected
precise_qemu-kvm: not-affected
quantal_qemu-kvm: not-affected
raring_qemu-kvm: DNE
saucy_qemu-kvm: DNE
trusty_qemu-kvm: DNE
utopic_qemu-kvm: DNE
vivid_qemu-kvm: DNE
devel_qemu-kvm: DNE