[Git][security-tracker-team/security-tracker][master] 2 commits: Track fixed version for qemu via unstable
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sun Jul 18 15:44:59 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f9272d17 by Salvatore Bonaccorso at 2021-07-18T16:43:35+02:00
Track fixed version for qemu via unstable
- - - - -
9fbd296e by Salvatore Bonaccorso at 2021-07-18T16:44:25+02:00
Remove no-dsa tagged entries for which qemu got an update in upper suite
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4278,13 +4278,13 @@ CVE-2021-34827 (This vulnerability allows network-adjacent attackers to execute
NOT-FOR-US: D-Link
CVE-2021-3608 [pvrdma: uninitialized memory unmap in pvrdma_ring_init()]
RESERVED
- - qemu <unfixed> (bug #990563)
+ - qemu 1:5.2+dfsg-11 (bug #990563)
[buster] - qemu <no-dsa> (Minor issue)
[stretch] - qemu <not-affected> (Vulnerable code introduced later)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1973383
CVE-2021-3607 [pvrdma: unchecked malloc size due to integer overflow in init_dev_ring()]
RESERVED
- - qemu <unfixed> (bug #990564)
+ - qemu 1:5.2+dfsg-11 (bug #990564)
[buster] - qemu <no-dsa> (Minor issue)
[stretch] - qemu <not-affected> (Vulnerable code introduced later)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1973349
@@ -6341,7 +6341,7 @@ CVE-2021-3587 [nfc: fix NULL ptr dereference in llcp_sock_getname() after failed
NOTE: https://git.kernel.org/linus/4ac06a1e013cf5fdd963317ffd3b968560f33bba
CVE-2021-3582 [hw/rdma: Fix possible mremap overflow in the pvrdma device]
RESERVED
- - qemu <unfixed> (bug #990565)
+ - qemu 1:5.2+dfsg-11 (bug #990565)
[buster] - qemu <no-dsa> (Minor issue)
[stretch] - qemu <not-affected> (Vulnerable code introduced later)
NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-06/msg04148.html
@@ -11063,8 +11063,7 @@ CVE-2021-31922 (An HTTP Request Smuggling vulnerability in Pulse Secure Virtual
CVE-2021-3528 (A flaw was found in noobaa-operator in versions before 5.7.0, where in ...)
NOT-FOR-US: noobaa
CVE-2021-3527 (A flaw was found in the USB redirector device (usb-redir) of QEMU. Sma ...)
- - qemu <unfixed> (bug #988157)
- [bullseye] - qemu <no-dsa> (Minor issue)
+ - qemu 1:5.2+dfsg-11 (bug #988157)
[buster] - qemu <no-dsa> (Minor issue)
[stretch] - qemu <postponed> (Minor issue; can be fixed in next update)
NOTE: Initial patchset: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg00564.html
@@ -44846,8 +44845,7 @@ CVE-2020-29444 (Affected versions of Team Calendar in Confluence Server before 7
NOT-FOR-US: Atlassian
CVE-2020-29443 (ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of- ...)
{DLA-2560-1}
- - qemu <unfixed> (bug #983575)
- [bullseye] - qemu <postponed> (Fix along in future DSA)
+ - qemu 1:5.2+dfsg-11 (bug #983575)
[buster] - qemu <postponed> (Fix along in future DSA)
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-01/msg04255.html
NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=813212288970c39b1800f63e83ac6e96588095c6
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9fad303e5264297c8be9bfdef0a76d3d1f7aed97...9fbd296ef5c7e609b9e0167c7863ea83c6fb49c6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9fad303e5264297c8be9bfdef0a76d3d1f7aed97...9fbd296ef5c7e609b9e0167c7863ea83c6fb49c6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210718/0ccf0e1e/attachment.htm>
More information about the debian-security-tracker-commits
mailing list