[Git][security-tracker-team/security-tracker][master] qemu triage

Moritz Muehlenhoff jmm at debian.org
Fri Mar 5 08:59:38 GMT 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ff97b009 by Moritz Muehlenhoff at 2021-03-05T09:59:21+01:00
qemu triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -19354,7 +19354,7 @@ CVE-2020-35507 (There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in b
 CVE-2020-35506 [use after free vulnerability in esp_do_dma() in hw/scsi/esp.c]
 	RESERVED
 	- qemu <unfixed> (bug #984454)
-	[bullseye] - qemu <postponed> (Minor issue)
+	[bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream)
 	[buster] - qemu <postponed> (Fix along in future DSA)
 	[stretch] - qemu <postponed> (Fix along in future DLA)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1909996
@@ -19362,7 +19362,7 @@ CVE-2020-35506 [use after free vulnerability in esp_do_dma() in hw/scsi/esp.c]
 CVE-2020-35505 [NULL pointer dereference in do_busid_cmd() in hw/scsi/esp.c]
 	RESERVED
 	- qemu <unfixed> (bug #984455)
-	[bullseye] - qemu <postponed> (Minor issue)
+	[bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream)
 	[buster] - qemu <postponed> (Fix along in future DSA)
 	[stretch] - qemu <postponed> (Fix along in future DLA)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1909769
@@ -19370,11 +19370,12 @@ CVE-2020-35505 [NULL pointer dereference in do_busid_cmd() in hw/scsi/esp.c]
 CVE-2020-35504 [NULL pointer dereference in scsi_req_continue() in hw/scsi/scsi-bus.c]
 	RESERVED
 	- qemu <unfixed> (bug #979679)
-	[bullseye] - qemu <postponed> (Minor issue)
+	[bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream)
 	[buster] - qemu <postponed> (Fix along in future DSA)
 	[stretch] - qemu <postponed> (Fix along in future DLA)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1909766
 	NOTE: https://bugs.launchpad.net/qemu/+bug/1910723 (reproducer)
+	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-12/msg06065.html
 CVE-2020-35503 [QEMU: NULL pointer dereference issue in megasas-gen2 host bus adapter]
 	RESERVED
 	- qemu <unfixed> (bug #979678)
@@ -34654,18 +34655,21 @@ CVE-2020-25744 (SaferVPN before 5.0.3.3 on Windows could allow low-privileged us
 	NOT-FOR-US: SaferVPN
 CVE-2020-25743 (hw/ide/pci.c in QEMU before 5.1.1 can trigger a NULL pointer dereferen ...)
 	- qemu <unfixed> (bug #970940)
+	[bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream)
 	[buster] - qemu <postponed> (Fix along in next qemu DSA)
 	[stretch] - qemu <postponed> (Fix along in future DLA)
 	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg01568.html
 	NOTE: https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Fide_nullptr1
 CVE-2020-25742 (pci_change_irq_level in hw/pci/pci.c in QEMU before 5.1.1 has a NULL p ...)
 	- qemu <unfixed> (bug #971390)
+	[bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream)
 	[buster] - qemu <postponed> (Fix along in next qemu DSA)
 	[stretch] - qemu <postponed> (Fix along in future DLA)
 	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05294.html
 	NOTE: https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Flsi_nullptr1
 CVE-2020-25741 (fdctrl_write_data in hw/block/fdc.c in QEMU 5.0.0 has a NULL pointer d ...)
 	- qemu <unfixed> (bug #970939)
+	[bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream)
 	[buster] - qemu <postponed> (Fix along in next qemu DSA)
 	[stretch] - qemu <postponed> (Fix along in future DLA)
 	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg07779.html
@@ -121023,6 +121027,7 @@ CVE-2019-12068 (In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.
 CVE-2019-12067 [ide: ahci: add check to avoid null dereference]
 	RESERVED
 	- qemu <unfixed> (low; bug #972099)
+	[bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream)
 	[buster] - qemu <postponed> (Minor issue, revisit when fixed upstream)
 	[stretch] - qemu <postponed> (Minor issue, can be fixed along in future update)
 	[jessie] - qemu <postponed> (Minor issue, can be fixed along in future update)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ff97b009b5e533b589454c97253ad6048e1335f6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ff97b009b5e533b589454c97253ad6048e1335f6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210305/c3625a19/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list