[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2018-19665/qemu: use canonical URL + bluetooth subsystem removed
Sylvain Beucler
beuc at debian.org
Tue Aug 25 16:17:40 BST 2020
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits:
37e996ef by Sylvain Beucler at 2020-08-25T17:17:03+02:00
CVE-2018-19665/qemu: use canonical URL + bluetooth subsystem removed
- - - - -
0ea9ecf3 by Sylvain Beucler at 2020-08-25T17:17:03+02:00
CVE-2020-13253/qemu: reference upstream patch
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -24499,6 +24499,7 @@ CVE-2020-13253 (sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated addre
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg05835.html
NOTE: https://www.openwall.com/lists/oss-security/2020/05/27/2
NOTE: https://bugs.launchpad.net/qemu/+bug/1880822
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=790762e5487114341cccc5bffcec4cb3c022c3cd (5.1)
CVE-2020-13252 (Centreon before 19.04.15 allows remote attackers to execute arbitrary ...)
- centreon-web <itp> (bug #913903)
CVE-2020-13251
@@ -112906,9 +112907,9 @@ CVE-2018-19665 (The Bluetooth subsystem in QEMU mishandles negative values for l
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg03822.html
NOTE: second patch never accepted, no activity as of 20190909
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg03570.html
- NOTE: https://lists.debian.org/debian-lts/2019/01/msg00073.html
- NOTE: 3.1 marked bluetooth subsystem deprecated
- NOTE: https://github.com/qemu/qemu/commit/c0188e69d
+ NOTE: https://lists.gnu.org/archive/html/qemu-devel/2019-01/msg07426.html
+ NOTE: https://github.com/qemu/qemu/commit/c0188e69d (bluetooth subsystem deprecated in 3.1)
+ NOTE: https://github.com/qemu/qemu/commit/1d4ffe8dc (bluetooth subsystem removed in 5.0)
CVE-2018-19664 (libjpeg-turbo 2.0.1 has a heap-based buffer over-read in the put_pixel ...)
- libjpeg-turbo <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/305
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/589e92ef50fc5d208a5c4ee89a4db30a35eb9726...0ea9ecf30187258cb75ca7f0098ef641027fc1d8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/589e92ef50fc5d208a5c4ee89a4db30a35eb9726...0ea9ecf30187258cb75ca7f0098ef641027fc1d8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200825/67ca4040/attachment.html>
More information about the debian-security-tracker-commits
mailing list