[Git][security-tracker-team/security-tracker][master] 2 commits: some qemue CVEs have been fixed with recent upload

Sun Nov 29 15:55:26 GMT 2020


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
74183236 by Thorsten Alteholz at 2020-11-29T16:54:22+01:00
some qemue CVEs have been fixed with recent upload

- - - - -
f80f946b by Thorsten Alteholz at 2020-11-29T16:55:16+01:00
Reserve DLA-2469-1 for qemu

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -7213,7 +7213,6 @@ CVE-2020-27618 [iconv when processing invalid multi-byte input sequences fails t
 CVE-2020-27617 (eth_get_gso_type in net/eth.c in QEMU 4.2.1 allows guest OS users to t ...)
 	- qemu <unfixed> (bug #973324)
 	[buster] - qemu <postponed> (Fix along in future DSA)
-	[stretch] - qemu <postponed> (Minor issue, fix along in future DLA)
 	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg06023.html
 	NOTE: Fixed by: https://git.qemu.org/?p=qemu.git;a=commit;h=7564bf7701f00214cdc8a678a9f7df765244def1 (v5.2.0-rc2)
 CVE-2020-27616 (ati_2d_blt in hw/display/ati_2d.c in QEMU 4.2.1 can encounter an outsi ...)
@@ -11792,7 +11791,6 @@ CVE-2020-25626 (A flaw was found in Django REST Framework versions before 3.12.0
 CVE-2020-25625 (hw/usb/hcd-ohci.c in QEMU 5.0.0 has an infinite loop when a TD list ha ...)
 	- qemu <unfixed> (bug #970542)
 	[buster] - qemu <postponed> (Can be fixed along in next qemu DSA)
-	[stretch] - qemu <postponed> (Fix along in future DLA)
 	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05905.html
 	NOTE: https://www.openwall.com/lists/oss-security/2020/09/17/1
 	NOTE: Fixed by: https://git.qemu.org/?p=qemu.git;a=patch;h=1be90ebecc95b09a2ee5af3f60c412b45a766c4f (v5.2.0-rc0)
@@ -11800,7 +11798,6 @@ CVE-2020-25624 [hcd-ohci: out-of-bound access issue while processing transfer de
 	RESERVED
 	- qemu <unfixed> (bug #970541)
 	[buster] - qemu <postponed> (Can be fixed along in next qemu DSA)
-	[stretch] - qemu <postponed> (Fix along in future DLA)
 	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05492.html
 	NOTE: Fixed by: https://git.qemu.org/?p=qemu.git;a=commit;h=1328fe0c32d5474604105b8105310e944976b058
 CVE-2020-25623 (Erlang/OTP 22.3.x before 22.3.4.6 and 23.x before 23.1 allows Director ...)
@@ -13009,7 +13006,6 @@ CVE-2020-25086 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in
 CVE-2020-25085 (QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_continue  ...)
 	- qemu <unfixed> (bug #970540)
 	[buster] - qemu <postponed> (Can be fixed along in next qemu DSA)
-	[stretch] - qemu <postponed> (Fix along in future DLA)
 	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg00733.html
 	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg01439.html
 	NOTE: https://www.openwall.com/lists/oss-security/2020/09/16/6


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[29 Nov 2020] DLA-2469-1 qemu - security update
+	{CVE-2020-25085 CVE-2020-25624 CVE-2020-25625 CVE-2020-25723 CVE-2020-27617}
+	[stretch] - qemu 1:2.8+dfsg-6+deb9u12
 [29 Nov 2020] DLA-2468-1 tcpflow - security update
 	{CVE-2018-14938}
 	[stretch] - tcpflow 1.4.4+repack1-3+deb8u1


=====================================
data/dla-needed.txt
=====================================
@@ -118,8 +118,6 @@ php-horde-trean
 pluxml
   NOTE: 20201011: issue is still open upstream. Also low priority for us (abhijith)
 --
-qemu (Thorsten Alteholz)
---
 reel
   NOTE: 20200909: it is now unmaintained. last commit was in Aug 2018. (utkarsh)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/62508e85cf655b514165d8711da225a74aed564d...f80f946be508e5938b45b977beb8469e76e74d43

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/62508e85cf655b514165d8711da225a74aed564d...f80f946be508e5938b45b977beb8469e76e74d43
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201129/cd7c234b/attachment.html>
