[Git][security-tracker-team/security-tracker][master] Annotate some qemu upstream fixes with tag information upstream
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Apr 21 19:49:12 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
42ad7533 by Salvatore Bonaccorso at 2022-04-21T20:48:38+02:00
Annotate some qemu upstream fixes with tag information upstream
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -8706,7 +8706,7 @@ CVE-2022-26353 (A flaw was found in the virtio-net device of QEMU. This flaw was
[stretch] - qemu <not-affected> (Original upstream fix for CVE-2021-3748 not applied)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2063197
NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2022-03/msg02438.html
- NOTE: https://gitlab.com/qemu-project/qemu/-/commit/abe300d9d894f7138e1af7c8e9c88c04bfe98b37
+ NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/abe300d9d894f7138e1af7c8e9c88c04bfe98b37 (v7.0.0-rc0)
NOTE: Introduced by: https://gitlab.com/qemu-project/qemu/-/commit/bedd7e93d01961fcb16a97ae45d93acf357e11f6 (v6.2.0-rc0)
NOTE: Introduced by the original fix for CVE-2021-3748.
CVE-2022-0835 (AVEVA System Platform 2020 stores sensitive information in cleartext, ...)
@@ -18800,13 +18800,13 @@ CVE-2021-4207
- qemu 1:7.0+dfsg-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2036966
NOTE: https://starlabs.sg/advisories/22-4207/
- NOTE: https://gitlab.com/qemu-project/qemu/-/commit/9569f5cb
+ NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/9569f5cb5b4bffa9d3ebc8ba7da1e03830a9a895 (v7.0.0-rc4)
CVE-2021-4206
RESERVED
- qemu 1:7.0+dfsg-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2036998
NOTE: https://starlabs.sg/advisories/22-4206/
- NOTE: https://gitlab.com/qemu-project/qemu/-/commit/fa892e9a
+ NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/fa892e9abb728e76afcf27323ab29c57fb0fe7aa (v7.0.0-rc4)
CVE-2021-4205
RESERVED
CVE-2021-31567 (Authenticated (admin+) Arbitrary File Download vulnerability discovere ...)
@@ -32056,7 +32056,7 @@ CVE-2021-3929 [nvme: DMA reentrancy issue leads to use-after-free]
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2020298
NOTE: https://gitlab.com/qemu-project/qemu/-/issues/556
NOTE: Proposed patchset: https://lists.nongnu.org/archive/html/qemu-devel/2021-08/msg03692.html
- NOTE: https://gitlab.com/qemu-project/qemu/-/commit/736b01642d85be832385
+ NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/736b01642d85be832385063f278fe7cd4ffb5221 (v7.0.0-rc0)
CVE-2021-43400 (An issue was discovered in gatt-database.c in BlueZ 5.61. A use-after- ...)
- bluez 5.62-1 (bug #998626)
[bullseye] - bluez <no-dsa> (Minor issue; can be fixed in point release)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/42ad75337c96a385fbac62f5d7348d54086af68b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/42ad75337c96a385fbac62f5d7348d54086af68b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220421/4dd043cf/attachment.htm>
More information about the debian-security-tracker-commits
mailing list