[Git][security-tracker-team/security-tracker][master] automatic update

Sun Nov 29 20:10:41 GMT 2020


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7b4b63b3 by security tracker role at 2020-11-29T20:10:34+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7213,6 +7213,7 @@ CVE-2020-27618 [iconv when processing invalid multi-byte input sequences fails t
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=26224
 	NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=9a99c682144bdbd40792ebf822fe9264e0376fb5
 CVE-2020-27617 (eth_get_gso_type in net/eth.c in QEMU 4.2.1 allows guest OS users to t ...)
+	{DLA-2469-1}
 	- qemu <unfixed> (bug #973324)
 	[buster] - qemu <postponed> (Fix along in future DSA)
 	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg06023.html
@@ -11413,6 +11414,7 @@ CVE-2020-25724
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1899354 (lacks details ATM)
 CVE-2020-25723 [assertion failure through usb_packet_unmap() in hw/usb/hcd-ehci.c]
 	RESERVED
+	{DLA-2469-1}
 	- qemu <unfixed> (bug #975276)
 	[buster] - qemu <postponed> (Fix along in future DSA)
 	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=2fdb42d840400d58f2e706ecca82c142b97bcbd6
@@ -11791,6 +11793,7 @@ CVE-2020-25626 (A flaw was found in Django REST Framework versions before 3.12.0
 	NOTE: https://github.com/encode/django-rest-framework/commit/4121b01b912668c049b26194a9a107c27a332429
 	NOTE: Fixed upstream in 3.12.0 and 3.11.2
 CVE-2020-25625 (hw/usb/hcd-ohci.c in QEMU 5.0.0 has an infinite loop when a TD list ha ...)
+	{DLA-2469-1}
 	- qemu <unfixed> (bug #970542)
 	[buster] - qemu <postponed> (Can be fixed along in next qemu DSA)
 	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05905.html
@@ -11798,6 +11801,7 @@ CVE-2020-25625 (hw/usb/hcd-ohci.c in QEMU 5.0.0 has an infinite loop when a TD l
 	NOTE: Fixed by: https://git.qemu.org/?p=qemu.git;a=patch;h=1be90ebecc95b09a2ee5af3f60c412b45a766c4f (v5.2.0-rc0)
 CVE-2020-25624 [hcd-ohci: out-of-bound access issue while processing transfer descriptors]
 	RESERVED
+	{DLA-2469-1}
 	- qemu <unfixed> (bug #970541)
 	[buster] - qemu <postponed> (Can be fixed along in next qemu DSA)
 	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05492.html
@@ -13006,6 +13010,7 @@ CVE-2020-25087 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in
 CVE-2020-25086 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in applic ...)
 	NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap
 CVE-2020-25085 (QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_continue  ...)
+	{DLA-2469-1}
 	- qemu <unfixed> (bug #970540)
 	[buster] - qemu <postponed> (Can be fixed along in next qemu DSA)
 	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg00733.html



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b4b63b3e8e84be4291889830d3ae8395429a0ca

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b4b63b3e8e84be4291889830d3ae8395429a0ca
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201129/ed3137f7/attachment.html>
