CVE-2018-19665/qemu: use canonical URL + bluetooth subsystem removed

author: Sylvain Beucler <beuc@beuc.net> 2020-08-25 17:01:32 +0200
committer: Sylvain Beucler <beuc@beuc.net> 2020-08-25 17:17:03 +0200
commit: 3f79b9a7c7b9c78574b016f2668eb922e190e29a (patch)
tree: 88de7abc07567f0dd67cc5ffbe494ddd17b6947b /data/CVE/2018.list
parent: aa3f4ff8534c327d70f136cf5cc7017732d4c5db (diff)
1 files changed, 3 insertions, 3 deletions
diff --git a/data/CVE/2018.list b/data/CVE/2018.list
index a20df17e4c..6ce455e61d 100644
--- a/data/CVE/2018.list
+++ b/data/CVE/2018.list
@@ -4650,9 +4650,9 @@ CVE-2018-19665 (The Bluetooth subsystem in QEMU mishandles negative values for l
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg03822.html
 	NOTE: second patch never accepted, no activity as of 20190909
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg03570.html
-	NOTE: https://lists.debian.org/debian-lts/2019/01/msg00073.html
-	NOTE: 3.1 marked bluetooth subsystem deprecated
-	NOTE: https://github.com/qemu/qemu/commit/c0188e69d
+	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2019-01/msg07426.html
+	NOTE: https://github.com/qemu/qemu/commit/c0188e69d (bluetooth subsystem deprecated in 3.1)
+	NOTE: https://github.com/qemu/qemu/commit/1d4ffe8dc (bluetooth subsystem removed in 5.0)
 CVE-2018-19664 (libjpeg-turbo 2.0.1 has a heap-based buffer over-read in the put_pixel ...)
 	- libjpeg-turbo <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/305
author	Sylvain Beucler <beuc@beuc.net>	2020-08-25 17:01:32 +0200
committer	Sylvain Beucler <beuc@beuc.net>	2020-08-25 17:17:03 +0200
commit	3f79b9a7c7b9c78574b016f2668eb922e190e29a (patch)
tree	88de7abc07567f0dd67cc5ffbe494ddd17b6947b /data/CVE/2018.list
parent	aa3f4ff8534c327d70f136cf5cc7017732d4c5db (diff)