[Git][security-tracker-team/security-tracker][master] qemu DSA

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon May 9 21:52:22 BST 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cee0f0a1 by Moritz Mühlenhoff at 2022-05-09T22:52:09+02:00
qemu DSA

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -11585,14 +11585,12 @@ CVE-2022-26355 (Citrix Federated Authentication Service (FAS) 7.17 - 10.6 causes
 CVE-2022-26354 (A flaw was found in the vhost-vsock device of QEMU. In case of error,  ...)
 	{DLA-2970-1}
 	- qemu 1:7.0+dfsg-1
-	[bullseye] - qemu <no-dsa> (Minor issue)
 	[buster] - qemu <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2063257
 	NOTE: https://gitlab.com/qemu-project/qemu/-/commit/8d1b247f3748ac4078524130c6d7ae42b6140aaf
 	NOTE: vulnerable code in buster in vhost_vsock_send_transport_reset
 CVE-2022-26353 (A flaw was found in the virtio-net device of QEMU. This flaw was inadv ...)
 	- qemu 1:7.0+dfsg-1
-	[bullseye] - qemu <no-dsa> (Minor issue)
 	[buster] - qemu <not-affected> (Original upstream fix for CVE-2021-3748 not applied)
 	[stretch] - qemu <not-affected> (Original upstream fix for CVE-2021-3748 not applied)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2063197


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,6 @@
+[09 May 2022] DSA-5133-1 qemu - security update
+	{CVE-2022-26353 CVE-2022-26354 CVE-2021-4206 CVE-2021-4207 CVE-2022-0358}
+	[bullseye] - qemu 1:5.2+dfsg-11+deb11u2
 [08 May 2022] DSA-5132-1 ecdsautils - security update
 	{CVE-2022-24884}
 	[buster] - ecdsautils 0.3.2+git20151018-2+deb10u1


=====================================
data/dsa-needed.txt
=====================================
@@ -35,9 +35,6 @@ nodejs (jmm)
 --
 puma
 --
-qemu/stable (jmm)
-  Maintainer is proposing update for some CVEs, need review
---
 rpki-client/stable
   new 7.6 release required libretls, which isn't in Bullseye
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cee0f0a1ee6199609350c4dcc08652df86e402f7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cee0f0a1ee6199609350c4dcc08652df86e402f7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220509/29753835/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list