[Git][security-tracker-team/security-tracker][master] Strip no-dsa, ignored, and postponed entries which will recieve an update

Sat Jul 25 18:53:14 BST 2020


Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker


Commits:
839690d0 by Utkarsh Gupta at 2020-07-25T23:22:51+05:30
Strip no-dsa, ignored, and postponed entries which will recieve an update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5613,7 +5613,6 @@ CVE-2019-20809 (The price oracle in PriceOracle.sol in Compound Finance Compound
 CVE-2020-13754 (hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of ...)
 	{DSA-4728-1}
 	- qemu 1:5.0-6
-	[stretch] - qemu <no-dsa> (Intrusive - causes regression)
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg03732.html
 CVE-2020-13702 (** DISPUTED ** The Rolling Proximity Identifier used in the Apple/Goog ...)
 	NOT-FOR-US: Apple/Google Exposure Notification API
@@ -5721,7 +5720,6 @@ CVE-2020-13660 (CMS Made Simple through 2.2.14 allows XSS via a crafted File Pic
 CVE-2020-13659 (address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer d ...)
 	{DSA-4728-1}
 	- qemu 1:5.0-6
-	[stretch] - qemu <postponed> (Minor issue)
 	NOTE: https://bugs.launchpad.net/qemu/+bug/1878259
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg07313.html
 	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=77f55eac6c433e23e82a1b88b2d74f385c4c7d82
@@ -14407,7 +14405,6 @@ CVE-2020-10756 (An out-of-bounds read vulnerability was found in the SLiRP netwo
 	{DSA-4728-1}
 	- libslirp 4.3.1-1
 	- qemu 1:4.1-2
-	[stretch] - qemu <postponed> (Minor issue)
 	- slirp4netns 1.0.1-1
 	[buster] - slirp4netns <no-dsa> (Minor issue)
 	NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed.
@@ -19626,7 +19623,6 @@ CVE-2020-8608 (In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snpr
 	{DSA-4733-1 DLA-2144-1 DLA-2142-1}
 	- libslirp 4.2.0-1
 	- qemu 1:4.1-2
-	[stretch] - qemu <postponed> (Minor issue)
 	- qemu-kvm <removed>
 	- slirp <unfixed>
 	[buster] - slirp <ignored> (Minor issue, too intrusive to backport)
@@ -22863,7 +22859,6 @@ CVE-2019-20383
 CVE-2019-20382 (QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle. ...)
 	{DSA-4665-1}
 	- qemu 1:4.2-1
-	[stretch] - qemu <postponed> (Minor, can be fixed along in future DSA)
 	[jessie] - qemu <postponed> (Minor, can be fixed along in future DLA)
 	- qemu-kvm <removed>
 	NOTE: https://www.openwall.com/lists/oss-security/2020/03/05/1
@@ -63894,7 +63889,6 @@ CVE-2019-12069
 CVE-2019-12068 (In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg ...)
 	{DSA-4665-1 DLA-1927-1}
 	- qemu 1:4.1-2 (low)
-	[stretch] - qemu <postponed> (Minor issue, can be fixed along in future update)
 	- qemu-kvm <removed>
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01518.html
 	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=de594e47659029316bbf9391efb79da0a1a08e08
@@ -175713,7 +175707,6 @@ CVE-2017-9504
 CVE-2017-9503 (QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2 Host B ...)
 	{DLA-1497-1}
 	- qemu 1:2.10.0-1 (low; bug #865754)
-	[stretch] - qemu <ignored> (Minor issue, too intrusive to backport)
 	[wheezy] - qemu <not-affected> (Vulnerable code not present)
 	- qemu-kvm <removed>
 	[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/839690d06bf0bae431aa7ea61df3e6287c81a35a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/839690d06bf0bae431aa7ea61df3e6287c81a35a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200725/f1b56020/attachment.html>
