[Git][security-tracker-team/security-tracker][master] 2 commits: ATI VGA emulation introduced in...

Abhijith PA abhijith at debian.org
Mon Aug 24 08:11:29 BST 2020 


Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7fdf456c by Abhijith PA at 2020-08-24T12:40:02+05:30
ATI VGA emulation introduced in https://github.com/qemu/qemu/commit/862b4a291dcf143fdb227e97feb7fd45e6466aca

- - - - -
9e8b9b4d by Abhijith PA at 2020-08-24T12:41:11+05:30
Update note in dla-needed.txt

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -515,6 +515,7 @@ CVE-2020-24352
 	RESERVED
 	- qemu <unfixed> (bug #968820)
 	[buster] - qemu <not-affected> (Vulnerable code introduced in ATI VGA device emulation added later)
+	[stretch] - qemu <not-affected> (Vulnerable code introduced later)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1847584
 CVE-2020-24351
 	RESERVED


=====================================
data/dla-needed.txt
=====================================
@@ -28,6 +28,7 @@ apache2
 ark (Abhijith PA)
   NOTE: 20200731: given PoC not working as intended. (abhijith)
   NOTE: 20200801: though testing with other PoC's available over internet seems exploitable (abhijith)
+  NOTE: 20200820: pinged upstream for help (abhijith)
 --
 asyncpg (Utkarsh Gupta)
   NOTE: 20200815: Minor issue, but easy to fix. (sunweaver)
@@ -139,6 +140,7 @@ puma
   NOTE: 20200708: Vulnerable to (at least) CVE-2020-11076. (lamby)
 --
 qemu (Abhijith PA)
+  NOTE: 20200824: currently all are minor issues. Reduce frequent upload (abhijith)
 --
 qt4-x11 (Adrian Bunk)
   NOTE: 20200815: Minor issue, but easy to fix (CVE-2020-17507). Low prio.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0d4e1a3fd84a5ed7bcbd5583ef50425d971ff84a...9e8b9b4d0b910a6995a6997f731492e98359134c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0d4e1a3fd84a5ed7bcbd5583ef50425d971ff84a...9e8b9b4d0b910a6995a6997f731492e98359134c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200824/1837a9bc/attachment.html>

More information about the debian-security-tracker-commits mailing list