[Git][security-tracker-team/security-tracker][master] CVE-2022-26354/qemu: triage buster as affected
Emilio Pozuelo Monfort (@pochu)
pochu at debian.org
Wed Mar 30 13:15:39 BST 2022
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker
Commits:
004ffbcb by Emilio Pozuelo Monfort at 2022-03-30T14:14:14+02:00
CVE-2022-26354/qemu: triage buster as affected
Mark it as no-dsa following the bullseye triage, and note where the
affected code is (prior to the vhost-vsock-common.c split).
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4825,9 +4825,10 @@ CVE-2022-26355 (Citrix Federated Authentication Service (FAS) 7.17 - 10.6 causes
CVE-2022-26354 (A flaw was found in the vhost-vsock device of QEMU. In case of error, ...)
- qemu <unfixed>
[bullseye] - qemu <no-dsa> (Minor issue)
- [buster] - qemu <not-affected> (Vulnerable code not present)
+ [buster] - qemu <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2063257
NOTE: https://gitlab.com/qemu-project/qemu/-/commit/8d1b247f3748ac4078524130c6d7ae42b6140aaf
+ NOTE: vulnerable code in buster in vhost_vsock_send_transport_reset
CVE-2022-26353 (A flaw was found in the virtio-net device of QEMU. This flaw was inadv ...)
- qemu <unfixed>
[bullseye] - qemu <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/004ffbcbf576587689dad55504befa41fdd13c40
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/004ffbcbf576587689dad55504befa41fdd13c40
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220330/883f91b1/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list