[Git][security-tracker-team/security-tracker][master] qemu, libopenmpt DSAs

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
94e5d7c9 by Moritz Muehlenhoff at 2020-07-19T19:45:47+02:00
qemu, libopenmpt DSAs

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -5396,7 +5396,6 @@ CVE-2020-13660 (CMS Made Simple through 2.2.14 allows XSS via a crafted File Pic
 	NOT-FOR-US: CMS Made Simple
 CVE-2020-13659 (address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer d ...)
 	- qemu 1:5.0-6
-	[buster] - qemu <postponed> (Minor issue)
 	[stretch] - qemu <postponed> (Minor issue)
 	NOTE: https://bugs.launchpad.net/qemu/+bug/1878259
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg07313.html
@@ -14066,7 +14065,6 @@ CVE-2020-10757 (A flaw was found in the Linux Kernel in versions after 4.5-rc1 i
 CVE-2020-10756 (An out-of-bounds read vulnerability was found in the SLiRP networking  ...)
 	- libslirp 4.3.1-1
 	- qemu 1:4.1-2
-	[buster] - qemu <postponed> (Minor issue)
 	[stretch] - qemu <postponed> (Minor issue)
 	- slirp4netns 1.0.1-1
 	[buster] - slirp4netns <no-dsa> (Minor issue)


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,9 @@
+[19 Jul 2020] DSA-4729-1 libopenmpt - security update
+	{CVE-2019-14380 CVE-2019-17113}
+	[buster] - libopenmpt 0.4.3-1+deb10u1
+[19 Jul 2020] DSA-4728-1 qemu - security update
+	{CVE-2020-10756 CVE-2020-13361 CVE-2020-13362 CVE-2020-13659 CVE-2020-13754}
+	[buster] - qemu 1:3.1+dfsg-8+deb10u6
 [17 Jul 2020] DSA-4727-1 tomcat9 - security update
 	{CVE-2020-9484 CVE-2020-11996 CVE-2020-13934 CVE-2020-13935}
 	[buster] - tomcat9 9.0.31-1~deb10u2


=====================================
data/dsa-needed.txt
=====================================
@@ -16,8 +16,6 @@ chromium
 --
 curl (ghedo)
 --
-libopenmpt
---
 knot-resolver
   Santiago Ruano Rincón proposed a debdiff for review
 --
@@ -30,10 +28,7 @@ openjdk-11 (jmm)
 --
 poppler (jmm)
 --
-qemu (jmm)
-  Maintainer proposing a debdiff fixing several CVEs for review
---
-rails
+rails (jmm)
   Sylvain Beucler proposed to help for the update, remaining CVEs to be done
 --
 redis



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/94e5d7c9f71c2a218fe5f7557004f37b2698ff86

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/94e5d7c9f71c2a218fe5f7557004f37b2698ff86
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200719/82b5520c/attachment-0001.html>