[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2020-17380,qemu: remove no-dsa tag. Fixed by new patch series for

Sat Apr 10 15:48:02 BST 2021


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d8047849 by Markus Koschany at 2021-04-10T16:44:43+02:00
CVE-2020-17380,qemu: remove no-dsa tag. Fixed by new patch series for

CVE-2021-3409

- - - - -
93fc07ba by Markus Koschany at 2021-04-10T16:47:51+02:00
Reserve DLA-2623-1 for qemu

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -58359,7 +58359,6 @@ CVE-2020-17381 (An issue was discovered in Ghisler Total Commander 9.51. Due to
 CVE-2020-17380 (A heap-based buffer overflow was found in QEMU through 5.0.0 in the SD ...)
 	- qemu <unfixed> (bug #970937)
 	[buster] - qemu <postponed> (Minor issue, fix along in future DSA)
-	[stretch] - qemu <postponed> (Minor issue, fix along in future DLA)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1862167
 	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg01175.html
 	NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=dfba99f17feb6d4a129da19d38df1bcd8579d1c3


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[10 Apr 2021] DLA-2623-1 qemu - security update
+	{CVE-2020-17380 CVE-2021-3392 CVE-2021-3409 CVE-2021-3416 CVE-2021-20203 CVE-2021-20255 CVE-2021-20257}
+	[stretch] - qemu 1:2.8+dfsg-6+deb9u14
 [09 Apr 2021] DLA-2622-1 python-django - security update
 	{CVE-2021-28658}
 	[stretch] - python-django 1:1.10.7-2+deb9u12


=====================================
data/dla-needed.txt
=====================================
@@ -88,8 +88,6 @@ python2.7 (Anton Gladky)
   NOTE: 20210320: https://salsa.debian.org/lts-team/packages/python2.7 (gladk)
   NOTE: 20210404: WIP (gladk)
 --
-qemu (Markus Koschany)
---
 ruby-actionpack-page-caching
   NOTE: 20200819: Upstream's patch on does not apply due to subsequent
   NOTE: 20200819: refactoring. However, a quick look at the private



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/8585f04d6a8637ec9f1a06559232aa1d6ea65a9d...93fc07ba0af2fa224bb0a8107217a5c23a75119d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/8585f04d6a8637ec9f1a06559232aa1d6ea65a9d...93fc07ba0af2fa224bb0a8107217a5c23a75119d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210410/db16d55f/attachment.htm>
