[Git][security-tracker-team/security-tracker][master] Track fixes for qemu via unstable

Salvatore Bonaccorso carnil at debian.org
Fri Jul 3 20:32:15 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d4273206 by Salvatore Bonaccorso at 2020-07-03T21:31:43+02:00
Track fixes for qemu via unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4212,7 +4212,7 @@ CVE-2020-13964 (An issue was discovered in Roundcube Webmail before 1.3.12 and 1
 	NOTE: 1.4.x: https://github.com/roundcube/roundcubemail/commit/4beec65d40c5e5b1f2bace935c110baf05e10ae5
 	NOTE: 1.3.x: https://github.com/roundcube/roundcubemail/commit/37e2bc745723ef6322f0f785aefd0b9313a40f19
 CVE-2020-13800 (ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to tri ...)
-	- qemu <unfixed>
+	- qemu 1:5.0-6
 	[buster] - qemu <not-affected> (Vulnerable code introduced later)
 	[stretch] - qemu <not-affected> (Vulnerable code introduced later)
 	[jessie] - qemu <not-affected> (Vulnerable code introduced later)
@@ -4220,7 +4220,7 @@ CVE-2020-13800 (ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg00833.html
 	NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=a98610c429d52db0937c1e48659428929835c455
 CVE-2020-13791 (hw/pci/pci.c in QEMU 4.2.0 allows guest OS users to trigger an out-of- ...)
-	- qemu <unfixed>
+	- qemu 1:5.0-6
 	[buster] - qemu <not-affected> (Vulnerable code introduced later)
 	[stretch] - qemu <not-affected> (Vulnerable code introduced later)
 	[jessie] - qemu <not-affected> (Vulnerable code introduced later)
@@ -4445,7 +4445,7 @@ CVE-2020-13703
 CVE-2019-20809 (The price oracle in PriceOracle.sol in Compound Finance Compound Price ...)
 	NOT-FOR-US: Compound Finance Compound Price Oracle
 CVE-2020-13754 (hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of ...)
-	- qemu <unfixed>
+	- qemu 1:5.0-6
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg03732.html
 CVE-2020-13702 (** DISPUTED ** The Rolling Proximity Identifier used in the Apple/Goog ...)
 	NOT-FOR-US: Apple/Google Exposure Notification API
@@ -4551,7 +4551,7 @@ CVE-2020-13661
 CVE-2020-13660 (CMS Made Simple through 2.2.14 allows XSS via a crafted File Picker pr ...)
 	NOT-FOR-US: CMS Made Simple
 CVE-2020-13659 (address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer d ...)
-	- qemu <unfixed>
+	- qemu 1:5.0-6
 	[buster] - qemu <postponed> (Minor issue)
 	[stretch] - qemu <postponed> (Minor issue)
 	NOTE: https://bugs.launchpad.net/qemu/+bug/1878259
@@ -5228,11 +5228,11 @@ CVE-2020-13363
 	RESERVED
 CVE-2020-13362 (In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c h ...)
 	{DLA-2262-1}
-	- qemu <unfixed> (bug #961887)
+	- qemu 1:5.0-6 (bug #961887)
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg03463.html
 CVE-2020-13361 (In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c  ...)
 	{DLA-2262-1}
-	- qemu <unfixed> (bug #961888)
+	- qemu 1:5.0-6 (bug #961888)
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg07230.html
 CVE-2019-20806 (An issue was discovered in the Linux kernel before 5.2. There is a NUL ...)
 	{DSA-4698-1 DLA-2242-1}
@@ -5477,7 +5477,7 @@ CVE-2020-13254 (An issue was discovered in Django 2.2 before 2.2.13 and 3.0 befo
 	NOTE: https://github.com/django/django/commit/07e59caa02831c4569bbebb9eb773bdd9cb4b206 (2.2 branch)
 	NOTE: Regression https://code.djangoproject.com/ticket/31654
 CVE-2020-13253 (sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, wh ...)
-	- qemu <unfixed> (bug #961297)
+	- qemu 1:5.0-6 (bug #961297)
 	[buster] - qemu <postponed> (Minor issue, can be fixed along in next DSA)
 	[stretch] - qemu <postponed> (Minor issue, can be fixed along in next DSA)
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg05835.html
@@ -13169,7 +13169,7 @@ CVE-2020-10763
 CVE-2020-10762
 	RESERVED
 CVE-2020-10761 (An assertion failure issue was found in the Network Block Device(NBD)  ...)
-	- qemu <unfixed>
+	- qemu 1:5.0-6
 	[buster] - qemu <not-affected> (Vulnerable code introduced later)
 	[stretch] - qemu <not-affected> (Vulnerable code introduced later)
 	[jessie] - qemu <not-affected> (Vulnerable code introduced later)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d4273206f0c9354885125809687f54733c62897f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d4273206f0c9354885125809687f54733c62897f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200703/5652d696/attachment.html>

More information about the debian-security-tracker-commits mailing list