[Git][security-tracker-team/security-tracker][master] qemu bugs / postponed
Moritz Muehlenhoff
jmm at debian.org
Fri Sep 18 10:16:48 BST 2020
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6717fad5 by Moritz Muehlenhoff at 2020-09-18T11:16:18+02:00
qemu bugs / postponed
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -279,11 +279,14 @@ CVE-2020-25626
RESERVED
CVE-2020-25625 [usb: hcd-ohci: infinite loop issue while processing transfer descriptors]
RESERVED
- - qemu <unfixed>
+ - qemu <unfixed> (bug #970542)
+ [buster] - qemu <postponed> (Can be fixed along in next qemu DSA)
NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05905.html
+ NOTE: https://www.openwall.com/lists/oss-security/2020/09/17/1
CVE-2020-25624 [hcd-ohci: out-of-bound access issue while processing transfer descriptors]
RESERVED
- - qemu <unfixed>
+ - qemu <unfixed> (bug #970541)
+ [buster] - qemu <postponed> (Can be fixed along in next qemu DSA)
NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05492.html
CVE-2020-25623
RESERVED
@@ -1435,14 +1438,19 @@ CVE-2020-25086 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in
NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap
CVE-2020-25085 [sdhci: out-of-bounds access issue while doing multi block SDMA]
RESERVED
- - qemu <unfixed>
+ - qemu <unfixed> (bug #970540)
+ [buster] - qemu <postponed> (Can be fixed along in next qemu DSA)
NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg00733.html
NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg01439.html
+ NOTE: https://www.openwall.com/lists/oss-security/2020/09/16/6
CVE-2020-25084 [usb: use-after-free issue while setting up packet]
RESERVED
- - qemu <unfixed>
+ - qemu <unfixed> (bug #970539)
+ [buster] - qemu <postponed> (Can be fixed along in next qemu DSA)
NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-08/msg08050.html
NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-08/msg08043.html
+ NOTE: https://www.openwall.com/lists/oss-security/2020/09/16/5
+ NOTE: https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Fxhci_uaf_2
CVE-2020-25083
RESERVED
CVE-2020-25082
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6717fad55c4449722dae4546fcf8190c1f7d572f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6717fad55c4449722dae4546fcf8190c1f7d572f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200918/970f10ff/attachment.html>
More information about the debian-security-tracker-commits
mailing list