[Git][security-tracker-team/security-tracker][master] 2 commits: qemu DSA

Sun Sep 6 18:46:20 BST 2020


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c7f1c5bd by Moritz Muehlenhoff at 2020-09-06T19:43:49+02:00
qemu DSA

- - - - -
01503b3b by Moritz Muehlenhoff at 2020-09-06T19:45:38+02:00
drop one ID; already fixed

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -18518,7 +18518,6 @@ CVE-2020-16093
 	RESERVED
 CVE-2020-16092 (In QEMU through 5.0.0, an assertion failure can occur in the network p ...)
 	- qemu 1:5.1+dfsg-1
-	[buster] - qemu <postponed> (Minor issue, fix along in future DSA)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1860283
 	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=035e69b063835a5fd23cacabd63690a3d84532a8
 CVE-2020-16091
@@ -19038,7 +19037,6 @@ CVE-2020-15864
 CVE-2020-15863 (hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2 ...)
 	{DLA-2288-1}
 	- qemu 1:5.0-12
-	[buster] - qemu <postponed> (Minor issue, can be fixed along in next DSA)
 	NOTE: https://www.openwall.com/lists/oss-security/2020/07/22/1
 	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=5519724a13664b43e225ca05351c60b4468e4555
 CVE-2020-15861 (Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX ...)
@@ -26932,7 +26930,6 @@ CVE-2020-12830
 	RESERVED
 CVE-2020-12829 (In QEMU through 5.0.0, an integer overflow was found in the SM501 disp ...)
 	- qemu 1:5.0-12 (low; bug #961451)
-	[buster] - qemu <no-dsa> (Minor issue)
 	[stretch] - qemu <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1808510
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1786026


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,6 @@
+[06 Sep 2020] DSA-4760-1 qemu - security update
+	{CVE-2020-12829 CVE-2020-14364 CVE-2020-15863 CVE-2020-16092}
+	[buster] - qemu 1:3.1+dfsg-8+deb10u8
 [04 Sep 2020] DSA-4759-1 ark - security update
 	{CVE-2020-24654}
 	[buster] - ark 4:18.08.3-1+deb10u2


=====================================
data/dsa-needed.txt
=====================================
@@ -22,8 +22,6 @@ knot-resolver
 linux (carnil)
   Wait until more issues have piled up
 --
-qemu (jmm)
---
 rails (jmm)
   Sylvain Beucler proposed to help for the update, remaining CVEs to be done
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/850bba5284d066dfd1b06cba61cc666df1ce4800...01503b3b7129958abcc6a0ac09d555f24c3ef688

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/850bba5284d066dfd1b06cba61cc666df1ce4800...01503b3b7129958abcc6a0ac09d555f24c3ef688
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200906/95fa40bb/attachment.html>
