[Git][security-tracker-team/security-tracker][master] qemu, newlib bugs

Wed Mar 3 19:30:02 GMT 2021


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
29c963f2 by Moritz Mühlenhoff at 2021-03-03T20:29:32+01:00
qemu, newlib bugs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,6 +1,6 @@
 CVE-2021-3420
 	RESERVED
-	- newlib <unfixed>
+	- newlib <unfixed> (bug #984446)
 	[buster] - newlib <no-dsa> (Minor issue)
 	- picolibc 1.5-1
 	- libnewlib-nano <unfixed> (bug #984424)
@@ -93,7 +93,8 @@ CVE-2021-27876 (An issue was discovered in Veritas Backup Exec before 21.2. The
 	NOT-FOR-US: Veritas
 CVE-2021-3419 [net: rtl8139: stack-based buffer overflow induced by infinite recursion issue]
 	RESERVED
-	- qemu <unfixed>
+	- qemu <unfixed> (bug #984447)
+	[buster] - qemu <postponed> (Minor issue)
 	NOTE: https://bugs.launchpad.net/qemu/+bug/1910826
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-03/msg00010.html
 CVE-2021-3418
@@ -390,7 +391,8 @@ CVE-2021-3417
 	RESERVED
 CVE-2021-3416 [net: infinite loop in loopback mode may lead to stack overflow]
 	RESERVED
-	- qemu <unfixed>
+	- qemu <unfixed> (bug #984448)
+	[buster] - qemu <postponed> (Minor issue)
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg07431.html
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg07484.html
 CVE-2021-27736
@@ -2925,7 +2927,8 @@ CVE-2021-3393 [postgres: information leak in error message]
 	NOTE: https://www.postgresql.org/about/news/postgresql-132-126-1111-1016-9621-and-9525-released-2165/
 CVE-2021-3392 [scsi: mptsas: use-after-free while processing io requests]
 	RESERVED
-	- qemu <unfixed>
+	- qemu <unfixed> (bug #984449)
+	[buster] - qemu <postponed> (Minor issue)
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg00488.html
 	NOTE: https://bugs.launchpad.net/qemu/+bug/1914236
 CVE-2021-26597
@@ -18465,13 +18468,15 @@ CVE-2021-20258
 	RESERVED
 CVE-2021-20257 [net: e1000: infinite loop while processing transmit descriptors]
 	RESERVED
-	- qemu <unfixed>
+	- qemu <unfixed> (bug #984450)
+	[buster] - qemu <postponed> (Minor issue)
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg03595.html
 CVE-2021-20256 (A flaw was found in Red Hat Satellite. The BMC interface exposes the p ...)
 	NOT-FOR-US: Red Hat Satellite
 CVE-2021-20255 [net: eepro100: stack overflow via infinite recursion]
 	RESERVED
-	- qemu <unfixed>
+	- qemu <unfixed> (bug #984451)
+	[buster] - qemu <postponed> (Minor issue)
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html
 	NOTE: https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Feepro100_stackoverflow1
 CVE-2021-20254
@@ -18635,6 +18640,7 @@ CVE-2021-20221 [GIC: out-of-bound heap buffer access via an interrupt ID field]
 	RESERVED
 	{DLA-2560-1}
 	- qemu 1:5.2+dfsg-4
+	[buster] - qemu <postponed> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/02/05/1
 	NOTE: https://gitlab.com/qemu-project/qemu/-/commit/edfe2eb4360cde4ed5d95bda7777edcb3510f76a
 CVE-2021-20220 (A flaw was found in Undertow. A regression in the fix for CVE-2020-106 ...)
@@ -18726,7 +18732,8 @@ CVE-2021-20205
 CVE-2021-20204
 	RESERVED
 CVE-2021-20203 (An integer overflow issue was found in the vmxnet3 NIC emulator of the ...)
-	- qemu <unfixed>
+	- qemu <unfixed> (bug #984452)
+	[buster] - qemu <postponed> (Minor issue)
 	NOTE: https://bugs.launchpad.net/qemu/+bug/1913873
 	NOTE: https://bugs.launchpad.net/qemu/+bug/1890152
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-01/msg07935.html
@@ -18766,7 +18773,7 @@ CVE-2021-20197
 	NOTE: binutils not covered by security support
 CVE-2021-20196 [block: fdc: null pointer dereference may lead to guest crash]
 	RESERVED
-	- qemu <unfixed>
+	- qemu <unfixed> (bug #984453)
 	[buster] - qemu <postponed> (Fix along in future DSA)
 	[stretch] - qemu <postponed> (Fix along in future DLA)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1919210
@@ -18827,6 +18834,7 @@ CVE-2021-20181 [9pfs: Fully restart unreclaim loop]
 	RESERVED
 	{DLA-2560-1}
 	- qemu 1:5.2+dfsg-4
+	[buster] - qemu <postponed> (Minor issue)
 	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=89fbea8737e8f7b954745a1ffc4238d377055305
 CVE-2021-20180
 	RESERVED
@@ -19213,7 +19221,7 @@ CVE-2020-35507 (There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in b
 	NOTE: binutils not covered by security support
 CVE-2020-35506 [use after free vulnerability in esp_do_dma() in hw/scsi/esp.c]
 	RESERVED
-	- qemu <unfixed>
+	- qemu <unfixed> (bug #984454)
 	[bullseye] - qemu <postponed> (Minor issue)
 	[buster] - qemu <postponed> (Fix along in future DSA)
 	[stretch] - qemu <postponed> (Fix along in future DLA)
@@ -19221,7 +19229,7 @@ CVE-2020-35506 [use after free vulnerability in esp_do_dma() in hw/scsi/esp.c]
 	NOTE: https://bugs.launchpad.net/qemu/+bug/1909247
 CVE-2020-35505 [NULL pointer dereference in do_busid_cmd() in hw/scsi/esp.c]
 	RESERVED
-	- qemu <unfixed>
+	- qemu <unfixed> (bug #984455)
 	[bullseye] - qemu <postponed> (Minor issue)
 	[buster] - qemu <postponed> (Fix along in future DSA)
 	[stretch] - qemu <postponed> (Fix along in future DLA)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/29c963f2eecaace0b2b12f9d265425f7d7449149

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/29c963f2eecaace0b2b12f9d265425f7d7449149
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210303/6aa93319/attachment-0001.htm>
