CVE-2014-3672

Note

as of 2017-08-01, no equivalent fix in qemu tree. Unlikely to
be fixed in qemu. As such, marking as ignored in qemu.

the libvirt fix changes behaviour, we are not going to backport
the new log location to trusty.

Package	Release	Status
libvirt Launchpad, Ubuntu, Debian	artful	Not vulnerable
	precise	Ignored (end of life)
	trusty	Ignored
	upstream	Released (1.3.0)
	wily	Ignored (end of life)
	xenial	Not vulnerable (1.3.1-1ubuntu10)
	yakkety	Not vulnerable
	zesty	Not vulnerable
	Patches: upstream: https://libvirt.org/git/?p=libvirt.git;a=commit;h=0d968ad715475a1660779bcdd2c5b38ad63db4cf
qemu Launchpad, Ubuntu, Debian	artful	Ignored
	precise	Does not exist
	trusty	Ignored
	upstream	Needs triage
	wily	Ignored (end of life)
	xenial	Ignored
	yakkety	Ignored (end of life)
	zesty	Ignored
qemu-kvm Launchpad, Ubuntu, Debian	artful	Does not exist
	precise	Ignored (end of life)
	trusty	Does not exist
	upstream	Needs triage
	wily	Does not exist
	xenial	Does not exist
	yakkety	Does not exist
	zesty	Does not exist
xen Launchpad, Ubuntu, Debian	artful	Not vulnerable (code not compiled)
	precise	Released (4.1.6.1-0ubuntu0.12.04.11)
	trusty	Released (4.4.2-0ubuntu0.14.04.6)
	upstream	Needs triage
	wily	Not vulnerable (code not compiled)
	xenial	Not vulnerable (code not compiled)
	yakkety	Not vulnerable (code not compiled)
	zesty	Not vulnerable (code not compiled)
	Binaries built from this source package are in Universe and so are supported by the community.

Notes