[Git][security-tracker-team/security-tracker][master] 3 commits: Add usbredir to dla-needed.txt

Sun Mar 20 13:55:20 GMT 2022


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b9cb1e0d by Markus Koschany at 2022-03-20T14:48:13+01:00
Add usbredir to dla-needed.txt

- - - - -
ce5d0a85 by Markus Koschany at 2022-03-20T14:51:25+01:00
CVE-2022-26353,qemu: Stretch/not-affected

- - - - -
abcfb479 by Markus Koschany at 2022-03-20T14:54:52+01:00
Add qemu to dla-needed.txt

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -2461,6 +2461,7 @@ CVE-2022-26354 (A flaw was found in the vhost-vsock device of QEMU. In case of e
 CVE-2022-26353 (A flaw was found in the virtio-net device of QEMU. This flaw was inadv ...)
 	- qemu <unfixed>
 	[buster] - qemu <not-affected> (Original upstream fix for CVE-2021-3748 not applied)
+	[stretch] - qemu <not-affected> (Original upstream fix for CVE-2021-3748 not applied)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2063197
 	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2022-03/msg02438.html
 	NOTE: Introduced by: https://gitlab.com/qemu-project/qemu/-/commit/bedd7e93d01961fcb16a97ae45d93acf357e11f6 (v6.2.0-rc0)


=====================================
data/dla-needed.txt
=====================================
@@ -80,6 +80,10 @@ pjproject (Abhijith PA)
   NOTE: 20220302: uploading asterisk, ring and pjproject in one go (abhijith)
   NOTE: 20220314: https://people.debian.org/~abhijith/upload/vda/pjproject_2.5.5~dfsg-6+deb9u3.dsc
 --
+qemu
+  NOTE: 20220320: Vulnerable function appears to be vhost_vsock_send_transport_reset.
+  NOTE: 20220320: Consider looking into postponed issues (apo)
+--
 ring (Abhijith PA)
  NOTE: 20220314: https://people.debian.org/~abhijith/upload/vda/ring_20161221.2.7bd7d91~dfsg1-1+deb9u2.dsc
 --
@@ -105,6 +109,8 @@ tzdata (Emilio)
 unzip
  NOTE: 20220319: no patches yet but reproducible (apo)
 --
+usbredir
+--
 wireshark (Markus Koschany)
 --
 wordpress (Utkarsh)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f1858fc71917810f512e6a5095339e173f798ffe...abcfb4799d68ed227a3e84e6479d65785ea4fa40

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f1858fc71917810f512e6a5095339e173f798ffe...abcfb4799d68ed227a3e84e6479d65785ea4fa40
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220320/621a0bf5/attachment-0001.htm>
