[Git][security-tracker-team/security-tracker][master] qemu: Reference some final commits relenvant for four CVEs

Wed Dec 9 08:19:03 GMT 2020


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3588e273 by Salvatore Bonaccorso at 2020-12-09T09:18:21+01:00
qemu: Reference some final commits relenvant for four CVEs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7541,6 +7541,7 @@ CVE-2020-27821 (A flaw was found in the memory management API of QEMU during the
 	- qemu 1:5.2+dfsg-1
 	[stretch] - qemu <postponed> (Fix along in future DLA)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1902651
+	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=1370d61ae3c9934861d2349349447605202f04e9
 CVE-2020-27820 [use-after-free in nouveau kernel module]
 	RESERVED
 	- linux <unfixed>
@@ -12814,6 +12815,7 @@ CVE-2020-25707 [infinite loop in e1000e_write_packet_to_guest() in hw/net/e1000e
 	[stretch] - qemu <postponed> (Minor issue; reconsider when fixed upstream)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1893895
 	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-11/msg03552.html
+	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=c2cb511634012344e3d0fe49a037a33b12d8a98a
 CVE-2020-25706 (A cross-site scripting (XSS) vulnerability exists in templates_import. ...)
 	- cacti 1.2.14+ds1-1
 	[buster] - cacti <no-dsa> (Minor issue)
@@ -14385,6 +14387,7 @@ CVE-2020-25084 (QEMU 5.0.0 has a use-after-free in hw/usb/hcd-xhci.c because the
 	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-08/msg08043.html
 	NOTE: https://www.openwall.com/lists/oss-security/2020/09/16/5
 	NOTE: https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Fxhci_uaf_2
+	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=21bc31524e8ca487e976f713b878d7338ee00df2
 CVE-2020-25083
 	RESERVED
 CVE-2020-25082
@@ -33446,6 +33449,7 @@ CVE-2020-15859 (QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because
 	[stretch] - qemu <postponed> (Minor issue, can be fixed along in next DLA)
 	NOTE: Proposed patch: https://lists.gnu.org/archive/html/qemu-devel/2020-07/msg05895.html
 	NOTE: https://bugs.launchpad.net/qemu/+bug/1886362
+	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=22dc8663d9fc7baa22100544c600b6285a63c7a3
 CVE-2020-15858 (Some devices of Thales DIS (formerly Gemalto, formerly Cinterion) allo ...)
 	NOT-FOR-US: Thales DIS
 CVE-2020-15857



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3588e273164e5b6e8fe34874d16cc5e5a8bfd887

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3588e273164e5b6e8fe34874d16cc5e5a8bfd887
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201209/866eaa82/attachment.html>
