[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2020-13253/qemu: reference reproducer

Tue Aug 25 17:15:04 BST 2020


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8094f409 by Sylvain Beucler at 2020-08-25T18:12:34+02:00
CVE-2020-13253/qemu: reference reproducer

- - - - -
cec91fb9 by Sylvain Beucler at 2020-08-25T18:13:11+02:00
CVE-2020-13754/qemu: reference patch and regression fixes

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -23423,7 +23423,10 @@ CVE-2019-20809 (The price oracle in PriceOracle.sol in Compound Finance Compound
 CVE-2020-13754 (hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of ...)
 	{DSA-4728-1 DLA-2288-1}
 	- qemu 1:5.0-6
-	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg03732.html
+	NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=5d971f9e672507210e77d020d89e0e89165c8fc9 (fix)
+	NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=dba04c3488c4699f5afe96f66e448b1d447cf3fb (regression fix)
+	NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=8e67fda2dd6202ccec093fda561107ba14830a17 (regression fix)
+	NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=70b78d4e71494c90d2ccb40381336bc9b9a22f79 (regression fix)
 CVE-2020-13702 (** DISPUTED ** The Rolling Proximity Identifier used in the Apple/Goog ...)
 	NOT-FOR-US: Apple/Google Exposure Notification API
 CVE-2020-13701
@@ -24498,7 +24501,7 @@ CVE-2020-13253 (sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated addre
 	[stretch] - qemu <postponed> (Minor issue, can be fixed along in next DSA)
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg05835.html
 	NOTE: https://www.openwall.com/lists/oss-security/2020/05/27/2
-	NOTE: https://bugs.launchpad.net/qemu/+bug/1880822
+	NOTE: https://bugs.launchpad.net/qemu/+bug/1880822 (reproducer)
 	NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=790762e5487114341cccc5bffcec4cb3c022c3cd (5.1)
 CVE-2020-13252 (Centreon before 19.04.15 allows remote attackers to execute arbitrary  ...)
 	- centreon-web <itp> (bug #913903)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0ea9ecf30187258cb75ca7f0098ef641027fc1d8...cec91fb9ed5d17181cb6598c3440ce84c25f9655

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0ea9ecf30187258cb75ca7f0098ef641027fc1d8...cec91fb9ed5d17181cb6598c3440ce84c25f9655
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200825/456ad98a/attachment.html>
