[Git][security-tracker-team/security-tracker][master] 2 commits: Mark CVE-2021-3748 and CVE-2021-3735 as postponed in Stretch

Wed Sep 1 22:56:22 BST 2021


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cd87b6ae by Markus Koschany at 2021-09-01T23:54:56+02:00
Mark CVE-2021-3748 and CVE-2021-3735 as postponed in Stretch

- - - - -
c45b2cca by Markus Koschany at 2021-09-01T23:56:09+02:00
Reserve DLA-2753-1 for qemu

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -163,6 +163,7 @@ CVE-2021-3749 (axios is vulnerable to Inefficient Regular Expression Complexity
 CVE-2021-3748 [virtio-net: heap use-after-free in virtio_net_receive_rcu]
 	RESERVED
 	- qemu <unfixed> (bug #993401)
+	[stretch] - qemu <postponed> (Fix along with a future DLA)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1998514
 CVE-2021-40319
 	RESERVED
@@ -704,6 +705,7 @@ CVE-2021-3739
 CVE-2021-3735 [ahci: deadlock issue leads to denial of service]
 	RESERVED
 	- qemu <unfixed>
+	[stretch] - qemu <postponed> (Fix along with a future DLA)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1997184
 CVE-2021-40083 (Knot Resolver before 5.3.2 is prone to an assertion failure, triggerab ...)
 	[experimental] - knot-resolver 5.4.1-1


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[01 Sep 2021] DLA-2753-1 qemu - security update
+	{CVE-2021-3527 CVE-2021-3592 CVE-2021-3594 CVE-2021-3595 CVE-2021-3682 CVE-2021-3713}
+	[stretch] - qemu 1:2.8+dfsg-6+deb9u15
 [31 Aug 2021] DLA-2752-1 squashfs-tools - security update
 	{CVE-2021-40153}
 	[stretch] - squashfs-tools 1:4.3-3+deb9u2


=====================================
data/dla-needed.txt
=====================================
@@ -73,8 +73,6 @@ python-babel
 --
 pywps (Abhijith PA)
 --
-qemu (Markus Koschany)
---
 qtbase-opensource-src (Utkarsh Gupta)
   NOTE: 20210830: needs further checking for vulnerability. (utkarsh)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b8f182bf08ce97032d7e505082065960e09092f5...c45b2cca0a3d905970070da714308b12967265ed

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b8f182bf08ce97032d7e505082065960e09092f5...c45b2cca0a3d905970070da714308b12967265ed
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210901/ce926f65/attachment-0001.htm>
