[Git][security-tracker-team/security-tracker][master] 3 commits: Triage busybox for stretch

Emilio Pozuelo Monfort (@pochu) pochu at debian.org
Thu Nov 11 15:23:41 GMT 2021



Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cd76f85f by Emilio Pozuelo Monfort at 2021-11-11T16:02:12+01:00
Triage busybox for stretch

- - - - -
77f86c48 by Emilio Pozuelo Monfort at 2021-11-11T16:02:14+01:00
Add fixing commit for CVE-2021-3930/qemu

- - - - -
9d422299 by Emilio Pozuelo Monfort at 2021-11-11T16:02:15+01:00
CVE-2021-3930/qemu postponed in stretch

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -398,8 +398,10 @@ CVE-2021-3931
 CVE-2021-3930 [off-by-one error in mode_sense_page() in hw/scsi/scsi-disk.c]
 	RESERVED
 	- qemu <unfixed>
+	[stretch] - qemu <postponed> (Fix along with a future DLA)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2020588
 	NOTE: https://gitlab.com/qemu-project/qemu/-/issues/546
+	NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/b3af7fdf9cc537f8f0dd3e2423d83f5c99a457e8
 CVE-2021-3929
 	RESERVED
 CVE-2021-43400 (An issue was discovered in gatt-database.c in BlueZ 5.61. A use-after- ...)


=====================================
data/dla-needed.txt
=====================================
@@ -18,6 +18,11 @@ ansible
   NOTE: 20210411: after that LTS. (apo)
   NOTE: 20210426: https://people.debian.org/~apo/lts/ansible/
 --
+busybox
+  NOTE: 20211111: dos issues are low impact and could be ignored, awk issues seem
+  NOTE: 20211111: only serious if executing untrusted code, so perhaps postpone,
+  NOTE: 20211111: but double-check (pochu)
+--
 debian-archive-keyring
   NOTE: https://lists.debian.org/debian-lts/2021/08/msg00037.html
   NOTE: 20210920: Raphael answered. will backport today. (utkarsh)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/280f8ff9be2b846ae7195870f4ff14558621c74c...9d422299537b023590ee3903b014ef1fefad0b61

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/280f8ff9be2b846ae7195870f4ff14558621c74c...9d422299537b023590ee3903b014ef1fefad0b61
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211111/352664a0/attachment.htm>


More information about the debian-security-tracker-commits mailing list