[Git][security-tracker-team/security-tracker][master] 3 commits: mark CVE-2020-25707 as postponed for Stretch

Thu Nov 26 15:05:56 GMT 2020


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fd13fe2b by Thorsten Alteholz at 2020-11-26T15:32:37+01:00
mark CVE-2020-25707 as postponed for Stretch

- - - - -
d852d1d0 by Thorsten Alteholz at 2020-11-26T15:48:08+01:00
add Fixed by: for CVE-2020-25624

- - - - -
d7a2bad3 by Thorsten Alteholz at 2020-11-26T16:05:35+01:00
add Fixed by: for CVE-2020-25085

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -10897,6 +10897,7 @@ CVE-2020-25707 [infinite loop in e1000e_write_packet_to_guest() in hw/net/e1000e
 	RESERVED
 	- qemu <unfixed> (bug #974687)
 	[buster] - qemu <postponed> (Fix along in future DSA)
+	[stretch] - qemu <postponed> (Minor issue; reconsider when fixed upstream)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1893895
 	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-11/msg03552.html
 CVE-2020-25706 (A cross-site scripting (XSS) vulnerability exists in templates_import. ...)
@@ -11243,6 +11244,7 @@ CVE-2020-25624 [hcd-ohci: out-of-bound access issue while processing transfer de
 	[buster] - qemu <postponed> (Can be fixed along in next qemu DSA)
 	[stretch] - qemu <postponed> (Fix along in future DLA)
 	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05492.html
+	NOTE: Fixed by: https://git.qemu.org/?p=qemu.git;a=commit;h=1328fe0c32d5474604105b8105310e944976b058
 CVE-2020-25623 (Erlang/OTP 22.3.x before 22.3.4.6 and 23.x before 23.1 allows Director ...)
 	- erlang 1:23.1+dfsg-1
 	[buster] - erlang <not-affected> (Vulnerable code introduced later)
@@ -12453,6 +12455,7 @@ CVE-2020-25085 (QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_con
 	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg00733.html
 	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg01439.html
 	NOTE: https://www.openwall.com/lists/oss-security/2020/09/16/6
+	NOTE: Fixed by: https://git.qemu.org/?p=qemu.git;a=patch;h=dfba99f17feb6d4a129da19d38df1bcd8579d1c3
 CVE-2020-25084 (QEMU 5.0.0 has a use-after-free in hw/usb/hcd-xhci.c because the usb_p ...)
 	- qemu <unfixed> (bug #970539)
 	[buster] - qemu <postponed> (Can be fixed along in next qemu DSA)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1e48691798d93298d2c20529d0618a74b1a1956f...d7a2bad31fae638f0a43dfd07460fdb1ba700511

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1e48691798d93298d2c20529d0618a74b1a1956f...d7a2bad31fae638f0a43dfd07460fdb1ba700511
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201126/a080e844/attachment-0001.html>
