[Git][security-tracker-team/security-tracker][master] qemu: update buster triage 2019-2020 for LTS
Sylvain Beucler (@beuc)
beuc at debian.org
Tue Nov 8 16:58:38 GMT 2022
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7563bbe4 by Sylvain Beucler at 2022-11-08T17:57:30+01:00
qemu: update buster triage 2019-2020 for LTS
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -140657,10 +140657,10 @@ CVE-2020-35504 (A NULL pointer dereference flaw was found in the SCSI emulation
CVE-2020-35503 (A NULL pointer dereference flaw was found in the megasas-gen2 SCSI hos ...)
- qemu <unfixed> (bug #979678)
[bullseye] - qemu <postponed> (Minor issue)
- [buster] - qemu <postponed> (Fix along in future DSA)
- [stretch] - qemu <postponed> (Fix along in future DLA)
+ [buster] - qemu <postponed> (Minor issue, waiting for sanctioned patch)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1910346
- NOTE: No upstream patch as of 2022-04-21
+ NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-12/msg06065.html
+ NOTE: No sanctioned upstream patch as of 2022-11-08
CVE-2020-35502 (A flaw was found in Privoxy in versions before 3.0.29. Memory leaks wh ...)
{DLA-2548-1}
- privoxy 3.0.29-1
@@ -144896,7 +144896,7 @@ CVE-2020-29130 (slirp.c in libslirp through 4.3.1 has a buffer over-read because
{DLA-2560-1}
- libslirp 4.4.0-1
- qemu 1:4.1-2
- [buster] - qemu <postponed> (Fix along in future DSA)
+ [buster] - qemu <postponed> (Fix along with next DLA, fixed in stretch-lts)
NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/2e1dcbc0c2af64fcb17009eaf2ceedd81be2b27f (v4.4.0)
NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed.
NOTE: https://github.com/rootless-containers/slirp4netns/security/advisories/GHSA-2j37-w439-87q3
@@ -156645,27 +156645,24 @@ CVE-2020-25744 (SaferVPN before 5.0.3.3 on Windows could allow low-privileged us
CVE-2020-25743 (hw/ide/pci.c in QEMU before 5.1.1 can trigger a NULL pointer dereferen ...)
- qemu <unfixed> (bug #970940)
[bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream)
- [buster] - qemu <postponed> (Fix along in next qemu DSA)
- [stretch] - qemu <postponed> (Fix along in future DLA)
+ [buster] - qemu <postponed> (Minor issue, waiting for sanctioned patch)
NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg01568.html
NOTE: https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Fide_nullptr1
- NOTE: No upstream patch as of 2022-04-21
+ NOTE: No sanctioned upstream patch as of 2022-11-08
CVE-2020-25742 (pci_change_irq_level in hw/pci/pci.c in QEMU before 5.1.1 has a NULL p ...)
- qemu <unfixed> (bug #971390)
[bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream)
- [buster] - qemu <postponed> (Fix along in next qemu DSA)
- [stretch] - qemu <postponed> (Fix along in future DLA)
+ [buster] - qemu <postponed> (Minor issue, waiting for sanctioned patch)
NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05294.html
NOTE: https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Flsi_nullptr1
- NOTE: No upstream patch as of 2022-04-21
+ NOTE: No sanctioned upstream patch as of 2022-11-08
CVE-2020-25741 (fdctrl_write_data in hw/block/fdc.c in QEMU 5.0.0 has a NULL pointer d ...)
- qemu <unfixed> (bug #970939)
[bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream)
- [buster] - qemu <postponed> (Fix along in next qemu DSA)
- [stretch] - qemu <postponed> (Fix along in future DLA)
+ [buster] - qemu <postponed> (Minor issue, waiting for sanctioned patch)
NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg07779.html
NOTE: https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Ffdc_nullptr1
- NOTE: No upstream patch as of 2022-04-21
+ NOTE: No sanctioned upstream patch as of 2022-11-08
CVE-2020-25740
RESERVED
CVE-2020-25739 (An issue was discovered in the gon gem before gon-6.4.0 for Ruby. Mult ...)
@@ -158425,7 +158422,7 @@ CVE-2020-25086 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in
CVE-2021-3409 (The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffectiv ...)
{DLA-2623-1}
- qemu 1:5.2+dfsg-10 (bug #986795)
- [buster] - qemu <not-affected> (CVE-2020-17380/CVE-2020-25085 weren't backported to Buster)
+ [buster] - qemu <not-affected> (CVE-2020-17380 wasn't backported to Buster)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1928146
NOTE: https://www.openwall.com/lists/oss-security/2021/03/09/1
NOTE: New patch series: https://lists.nongnu.org/archive/html/qemu-devel/2021-03/msg00949.html
@@ -158434,6 +158431,7 @@ CVE-2021-3409 (The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineff
NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=bc6f28995ff88f5d82c38afcfd65406f0ae375aa
NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=5cd7aa3451b76bb19c0f6adc2b931f091e5d7fcd
NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=cffb446e8fd19a14e1634c7a3a8b07be3f01d5c9
+ NOTE: This is a re-submission of CVE-2020-17380 following its confusion with CVE-2020-25085 at a point, see RH bug
CVE-2020-25085 (QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_continue ...)
{DLA-3099-1 DLA-2469-1}
- qemu 1:5.2+dfsg-1 (bug #970540)
@@ -175031,11 +175029,11 @@ CVE-2020-17381 (An issue was discovered in Ghisler Total Commander 9.51. Due to
CVE-2020-17380 (A heap-based buffer overflow was found in QEMU through 5.0.0 in the SD ...)
{DLA-2623-1}
- qemu 1:5.2+dfsg-10 (bug #970937)
- [buster] - qemu <postponed> (Minor issue, fix along in future DSA)
+ [buster] - qemu <postponed> (Minor issue, fix along with next DLA, fixed in stretch-lts)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1862167
NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg01175.html
NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=dfba99f17feb6d4a129da19d38df1bcd8579d1c3
- NOTE: possible duplicate of CVE-2020-25085, see RH bug
+ NOTE: confusion with CVE-2020-25085, see RH bug; re-submitted as CVE-2021-3409
CVE-2020-17379
RESERVED
CVE-2020-17378
@@ -182585,8 +182583,7 @@ CVE-2020-14395
CVE-2020-14394 (An infinite loop flaw was found in the USB xHCI controller emulation o ...)
- qemu 1:7.1+dfsg-1 (bug #979677)
[bullseye] - qemu <postponed> (Minor issue)
- [buster] - qemu <postponed> (Minor issue)
- [stretch] - qemu <postponed> (Minor issue, privileged local DoS, low CVSS, no patch)
+ [buster] - qemu <postponed> (Minor issue, privileged local DoS, low CVSS, fix along with next DLA)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1908004
NOTE: https://gitlab.com/qemu-project/qemu/-/issues/646
NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/effaf5a240e03020f4ae953e10b764622c3e87cc (v7.1.0-rc3)
@@ -244286,15 +244283,12 @@ CVE-2019-12068 (In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.
CVE-2019-12067 (The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to ...)
- qemu <unfixed> (low; bug #972099)
[bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream)
- [buster] - qemu <postponed> (Minor issue, revisit when fixed upstream)
- [stretch] - qemu <postponed> (Minor issue, can be fixed along in future update)
- [jessie] - qemu <postponed> (Minor issue, can be fixed along in future update)
+ [buster] - qemu <postponed> (Minor issue, waiting for sanctioned patch)
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01358.html
- NOTE: patch not sanctioned as of 20210202
NOTE: patched function introduced in 2014/2.1.50 but affected code pre-existed
NOTE: https://github.com/qemu/qemu/commit/659142ecf71a0da240ab0ff7cf929ee25c32b9bc
- NOTE: No upstream patch as of 2022-04-21
+ NOTE: No sanctioned upstream patch as of 2022-11-08
CVE-2019-12066
RESERVED
CVE-2019-12065
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7563bbe476c271d2079d1fe4459da124aaa5c370
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7563bbe476c271d2079d1fe4459da124aaa5c370
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221108/ec14644f/attachment.htm>
More information about the debian-security-tracker-commits
mailing list