[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Sep 5 09:10:26 BST 2022



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b20351cc by security tracker role at 2022-09-05T08:10:15+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,73 @@
+CVE-2022-39843 (123elf Lotus 1-2-3 before 1.0.0rc3 for Linux, and Lotus 1-2-3 R3 for U ...)
+	TODO: check
+CVE-2022-39842 (An issue was discovered in the Linux kernel before 5.19. In pxa3xx_gcu ...)
+	TODO: check
+CVE-2022-39841
+	RESERVED
+CVE-2022-39840 (Cotonti Siena 0.9.20 allows admins to conduct stored XSS attacks via a ...)
+	TODO: check
+CVE-2022-39839 (Cotonti Siena 0.9.20 allows admins to conduct stored XSS attacks via a ...)
+	TODO: check
+CVE-2022-39838
+	RESERVED
+CVE-2022-39837
+	RESERVED
+CVE-2022-39836
+	RESERVED
+CVE-2022-39835
+	RESERVED
+CVE-2022-39834
+	RESERVED
+CVE-2022-39833
+	RESERVED
+CVE-2022-39832 (An issue was discovered in PSPP 1.6.2. There is a heap-based buffer ov ...)
+	TODO: check
+CVE-2022-39831 (An issue was discovered in PSPP 1.6.2. There is a heap-based buffer ov ...)
+	TODO: check
+CVE-2022-39830 (sign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on th ...)
+	TODO: check
+CVE-2022-39829 (There is a NULL pointer dereference in aes256_encrypt in Samsung mTowe ...)
+	TODO: check
+CVE-2022-39828 (sign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on th ...)
+	TODO: check
+CVE-2022-39827
+	RESERVED
+CVE-2022-39826
+	RESERVED
+CVE-2022-39825
+	RESERVED
+CVE-2022-39824 (Server-side JavaScript injection in Appsmith through 1.7.14 allows rem ...)
+	TODO: check
+CVE-2022-39823
+	RESERVED
+CVE-2022-39822
+	RESERVED
+CVE-2022-39821
+	RESERVED
+CVE-2022-39820
+	RESERVED
+CVE-2022-39819
+	RESERVED
+CVE-2022-39818
+	RESERVED
+CVE-2022-39817
+	RESERVED
+CVE-2022-39816
+	RESERVED
+CVE-2022-39815
+	RESERVED
+CVE-2022-39814
+	RESERVED
+CVE-2022-39813
+	RESERVED
+CVE-2022-39812
+	RESERVED
+CVE-2022-39811
+	RESERVED
+CVE-2022-39810
+	RESERVED
+CVE-2022-39809
+	RESERVED
 CVE-2022-38701
 	RESERVED
 CVE-2022-38700
@@ -1289,8 +1359,8 @@ CVE-2022-3094
 	RESERVED
 CVE-2022-39197
 	RESERVED
-CVE-2022-39196
-	RESERVED
+CVE-2022-39196 (Blackboard Learn 1.10.1 allows remote authenticated users to read unin ...)
+	TODO: check
 CVE-2022-39195
 	RESERVED
 CVE-2022-39194 (An issue was discovered in the MediaWiki through 1.38.2. The community ...)
@@ -3273,7 +3343,7 @@ CVE-2022-38479
 	RESERVED
 CVE-2022-38478
 	RESERVED
-	{DSA-5221-1 DSA-5217-1 DLA-3080-1}
+	{DSA-5221-1 DSA-5217-1 DLA-3097-1 DLA-3080-1}
 	- firefox 104.0-1
 	- firefox-esr 102.2.0esr-1
 	- thunderbird 1:102.2.0-1
@@ -3314,7 +3384,7 @@ CVE-2022-38474
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-33/#CVE-2022-38474
 CVE-2022-38473
 	RESERVED
-	{DSA-5221-1 DSA-5217-1 DLA-3080-1}
+	{DSA-5221-1 DSA-5217-1 DLA-3097-1 DLA-3080-1}
 	- firefox 104.0-1
 	- firefox-esr 102.2.0esr-1
 	- thunderbird 1:102.2.0-1
@@ -3325,7 +3395,7 @@ CVE-2022-38473
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-37/#CVE-2022-38473
 CVE-2022-38472
 	RESERVED
-	{DSA-5221-1 DSA-5217-1 DLA-3080-1}
+	{DSA-5221-1 DSA-5217-1 DLA-3097-1 DLA-3080-1}
 	- firefox 104.0-1
 	- firefox-esr 102.2.0esr-1
 	- thunderbird 1:102.2.0-1
@@ -11331,6 +11401,7 @@ CVE-2022-35416 (H3C SSL VPN through 2022-07-10 allows wnm/login/login.json svpnl
 CVE-2022-35415
 	RESERVED
 CVE-2022-35414 (softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized r ...)
+	{DLA-3099-1}
 	- qemu <unfixed> (bug #1014958)
 	[bullseye] - qemu <no-dsa> (Minor issue)
 	NOTE: https://gitlab.com/qemu-project/qemu/-/issues/1065
@@ -36967,7 +37038,7 @@ CVE-2022-26356 (Racy interactions between dirty vram tracking and paging log dir
 CVE-2022-26355 (Citrix Federated Authentication Service (FAS) 7.17 - 10.6 causes deplo ...)
 	NOT-FOR-US: Citrix
 CVE-2022-26354 (A flaw was found in the vhost-vsock device of QEMU. In case of error,  ...)
-	{DSA-5133-1 DLA-2970-1}
+	{DSA-5133-1 DLA-3099-1 DLA-2970-1}
 	- qemu 1:7.0+dfsg-1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2063257
 	NOTE: https://gitlab.com/qemu-project/qemu/-/commit/8d1b247f3748ac4078524130c6d7ae42b6140aaf
@@ -44510,6 +44581,7 @@ CVE-2022-0368 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. ...
 	NOTE: https://huntr.dev/bounties/bca9ce1f-400a-4bf9-9207-3f3187cb3fa9/
 	NOTE: https://github.com/vim/vim/commit/8d02ce1ed75d008c34a5c9aaa51b67cbb9d33baa (v8.2.4217)
 CVE-2022-0367 (A heap-based buffer overflow flaw was found in libmodbus in function m ...)
+	{DLA-3098-1}
 	- libmodbus <unfixed>
 	[bullseye] - libmodbus <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2045571
@@ -47363,13 +47435,13 @@ CVE-2021-44777 (Cross-Site Request Forgery (CSRF) vulnerabilities leading to sin
 CVE-2021-44760 (Authenticated Reflected Cross-Site Scripting (XSS) vulnerability disco ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-4207 (A flaw was found in the QXL display device emulation in QEMU. A double ...)
-	{DSA-5133-1}
+	{DSA-5133-1 DLA-3099-1}
 	- qemu 1:7.0+dfsg-1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2036966
 	NOTE: https://starlabs.sg/advisories/22-4207/
 	NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/9569f5cb5b4bffa9d3ebc8ba7da1e03830a9a895 (v7.0.0-rc4)
 CVE-2021-4206 (A flaw was found in the QXL display device emulation in QEMU. An integ ...)
-	{DSA-5133-1}
+	{DSA-5133-1 DLA-3099-1}
 	- qemu 1:7.0+dfsg-1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2036998
 	NOTE: https://starlabs.sg/advisories/22-4206/
@@ -60926,7 +60998,7 @@ CVE-2021-43401
 CVE-2021-3931 (snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) ...)
 	- snipe-it <itp> (bug #1005172)
 CVE-2021-3930 (An off-by-one error was found in the SCSI device emulation in QEMU. It ...)
-	{DLA-2970-1}
+	{DLA-3099-1 DLA-2970-1}
 	- qemu 1:6.2+dfsg-1
 	[bullseye] - qemu <postponed> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2020588
@@ -71216,7 +71288,7 @@ CVE-2021-3749 (axios is vulnerable to Inefficient Regular Expression Complexity
 	NOTE: https://github.com/axios/axios/commit/5b457116e31db0e88fede6c428e969e87f290929
 	NOTE: https://github.com/axios/axios/pull/3980
 CVE-2021-3748 (A use-after-free vulnerability was found in the virtio-net device of Q ...)
-	{DSA-4980-1 DLA-2970-1}
+	{DSA-4980-1 DLA-3099-1 DLA-2970-1}
 	- qemu 1:6.1+dfsg-6 (bug #993401)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1998514
 	NOTE: When fixing this issue make sure to not open CVE-2022-26353
@@ -73894,7 +73966,7 @@ CVE-2021-39232 (In Apache Ozone versions prior to 1.2.0, certain admin related S
 CVE-2021-39231 (In Apache Ozone versions prior to 1.2.0, Various internal server-to-se ...)
 	NOT-FOR-US: Apache Ozone
 CVE-2021-3713 (An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) d ...)
-	{DSA-4980-1 DLA-2753-1}
+	{DSA-4980-1 DLA-3099-1 DLA-2753-1}
 	- qemu 1:6.1+dfsg-2 (bug #992727)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1994640
 	NOTE: https://gitlab.com/qemu-project/qemu/-/commit/13b250b12ad3c59114a6a17d59caf073ce45b33a
@@ -76802,7 +76874,7 @@ CVE-2021-38090 (Integer Overflow vulnerability in function filter16_roberts in l
 CVE-2021-38089
 	REJECTED
 CVE-2021-3682 (A flaw was found in the USB redirector device emulation of QEMU in ver ...)
-	{DSA-4980-1 DLA-2753-1}
+	{DSA-4980-1 DLA-3099-1 DLA-2753-1}
 	- qemu 1:6.0+dfsg-3 (bug #991911)
 	NOTE: https://gitlab.com/qemu-project/qemu/-/issues/491
 	NOTE: Introduced by: https://gitlab.com/qemu-project/qemu/-/commit/b2d1fe67d09d2b6c7da647fbcea6ca0148c206d3 (v1.4.0-rc0)
@@ -84732,11 +84804,13 @@ CVE-2021-34828 (This vulnerability allows network-adjacent attackers to execute
 CVE-2021-34827 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
 	NOT-FOR-US: D-Link
 CVE-2021-3608 (A flaw was found in the QEMU implementation of VMWare's paravirtual RD ...)
+	{DLA-3099-1}
 	- qemu 1:5.2+dfsg-11 (bug #990563)
 	[stretch] - qemu <not-affected> (Vulnerable code introduced later)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1973383
 	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=66ae37d8cc313f89272e711174a846a229bcdbd3
 CVE-2021-3607 (An integer overflow was found in the QEMU implementation of VMWare's p ...)
+	{DLA-3099-1}
 	- qemu 1:5.2+dfsg-11 (bug #990564)
 	[stretch] - qemu <not-affected> (Vulnerable code introduced later)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1973349
@@ -86887,6 +86961,7 @@ CVE-2018-25015 (An issue was discovered in the Linux kernel before 4.14.16. Ther
 CVE-2021-3587
 	REJECTED
 CVE-2021-3582 (A flaw was found in the QEMU implementation of VMWare's paravirtual RD ...)
+	{DLA-3099-1}
 	- qemu 1:5.2+dfsg-11 (bug #990565)
 	[stretch] - qemu <not-affected> (Vulnerable code introduced later)
 	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-06/msg04148.html
@@ -92130,7 +92205,7 @@ CVE-2021-31922 (An HTTP Request Smuggling vulnerability in Pulse Secure Virtual
 CVE-2021-3528 (A flaw was found in noobaa-operator in versions before 5.7.0, where in ...)
 	NOT-FOR-US: noobaa
 CVE-2021-3527 (A flaw was found in the USB redirector device (usb-redir) of QEMU. Sma ...)
-	{DLA-2753-1}
+	{DLA-3099-1 DLA-2753-1}
 	- qemu 1:5.2+dfsg-11 (bug #988157)
 	NOTE: Initial patchset: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg00564.html
 	NOTE: Revisited: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01372.html
@@ -93330,6 +93405,7 @@ CVE-2021-3508 (A flaw was found in PDFResurrect in version 0.22b. There is an in
 	NOTE: https://github.com/enferex/pdfresurrect/commit/7e35d1806e111fd28610ccc86bb33f54792ac370
 	NOTE: Hang in CLI tool, no security impact
 CVE-2021-3507 (A heap buffer overflow was found in the floppy disk emulator of QEMU u ...)
+	{DLA-3099-1}
 	- qemu <unfixed> (bug #987410)
 	[bullseye] - qemu <no-dsa> (Minor issue)
 	[stretch] - qemu <no-dsa> (Minor issue)
@@ -103189,7 +103265,7 @@ CVE-2021-27803 (A vulnerability was discovered in how p2p/p2p_pd.c in wpa_suppli
 CVE-2021-3417 (An internal product security audit of LXCO, prior to version 1.2.2, di ...)
 	NOT-FOR-US: Lenovo
 CVE-2021-3416 (A potential stack overflow via infinite loop issue was found in variou ...)
-	{DLA-2623-1}
+	{DLA-3099-1 DLA-2623-1}
 	- qemu 1:5.2+dfsg-9 (bug #984448)
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg07431.html
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg07484.html
@@ -105870,7 +105946,7 @@ CVE-2021-3393 (An information leak was discovered in postgresql in versions befo
 	[buster] - postgresql-11 11.11-0+deb10u1
 	NOTE: https://www.postgresql.org/about/news/postgresql-132-126-1111-1016-9621-and-9525-released-2165/
 CVE-2021-3392 (A use-after-free flaw was found in the MegaRAID emulator of QEMU. This ...)
-	{DLA-2623-1}
+	{DLA-3099-1 DLA-2623-1}
 	- qemu 1:5.2+dfsg-10 (bug #984449)
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg00488.html
 	NOTE: https://bugs.launchpad.net/qemu/+bug/1914236
@@ -122904,7 +122980,7 @@ CVE-2021-20259 (A flaw was found in the Foreman project. The Proxmox compute res
 CVE-2021-20258
 	REJECTED
 CVE-2021-20257 (An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. ...)
-	{DLA-2623-1}
+	{DLA-3099-1 DLA-2623-1}
 	- qemu 1:5.2+dfsg-9 (bug #984450)
 	[bullseye] - qemu <postponed> (Minor issue)
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg03595.html
@@ -123099,7 +123175,7 @@ CVE-2021-20223 (An issue was found in fts5UnicodeTokenize() in ext/fts5/fts5_tok
 CVE-2021-20222 (A flaw was found in keycloak. The new account console in keycloak can  ...)
 	NOT-FOR-US: Keycloak
 CVE-2021-20221 (An out-of-bounds heap buffer access issue was found in the ARM Generic ...)
-	{DLA-2560-1}
+	{DLA-3099-1 DLA-2560-1}
 	- qemu 1:5.2+dfsg-4
 	NOTE: https://www.openwall.com/lists/oss-security/2021/02/05/1
 	NOTE: https://gitlab.com/qemu-project/qemu/-/commit/edfe2eb4360cde4ed5d95bda7777edcb3510f76a (v6.0.0-rc0)
@@ -123196,7 +123272,7 @@ CVE-2021-20204 (A heap memory corruption problem (use after free) can be trigger
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/libgetdata/+bug/1912050
 	NOTE: Debian patch applied causes functional regressions: https://bugs.debian.org/992437
 CVE-2021-20203 (An integer overflow issue was found in the vmxnet3 NIC emulator of the ...)
-	{DLA-2623-1}
+	{DLA-3099-1 DLA-2623-1}
 	- qemu 1:6.2+dfsg-1 (bug #984452)
 	[bullseye] - qemu <postponed> (Minor issue)
 	NOTE: https://bugs.launchpad.net/qemu/+bug/1913873
@@ -123236,7 +123312,7 @@ CVE-2021-20197 (There is an open race window when writing output in the followin
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=365f5fb6d0f0da83817431a275e99e6f6babbe04
 	NOTE: binutils not covered by security support
 CVE-2021-20196 (A NULL pointer dereference flaw was found in the floppy disk emulator  ...)
-	{DLA-2970-1}
+	{DLA-3099-1 DLA-2970-1}
 	- qemu 1:6.2+dfsg-1 (bug #984453)
 	[bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1919210
@@ -123296,7 +123372,7 @@ CVE-2021-20183 (It was found in Moodle before version 3.10.1 that some search in
 CVE-2021-20182 (A privilege escalation flaw was found in openshift4/ose-docker-builder ...)
 	NOT-FOR-US: OpenShift
 CVE-2021-20181 (A race condition flaw was found in the 9pfs server implementation of Q ...)
-	{DLA-2560-1}
+	{DLA-3099-1 DLA-2560-1}
 	- qemu 1:5.2+dfsg-4
 	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=89fbea8737e8f7b954745a1ffc4238d377055305
 CVE-2021-20180 (A flaw was found in ansible module where credentials are disclosed in  ...)
@@ -123715,6 +123791,7 @@ CVE-2020-35506 (A use-after-free vulnerability was found in the am53c974 SCSI ho
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1909996
 	NOTE: https://bugs.launchpad.net/qemu/+bug/1909247
 CVE-2020-35505 (A NULL pointer dereference flaw was found in the am53c974 SCSI host bu ...)
+	{DLA-3099-1}
 	[experimental] - qemu 1:6.0+dfsg-1~exp0
 	- qemu 1:6.0+dfsg-3 (bug #984455)
 	[bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream)
@@ -123733,6 +123810,7 @@ CVE-2020-35505 (A NULL pointer dereference flaw was found in the am53c974 SCSI h
 	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=324c8809897c8c53ad05c3a7147d272f1711cd5e
 	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=607206948cacda4a80be5b976dba490970a18a76
 CVE-2020-35504 (A NULL pointer dereference flaw was found in the SCSI emulation suppor ...)
+	{DLA-3099-1}
 	[experimental] - qemu 1:6.0+dfsg-1~exp0
 	- qemu 1:6.0+dfsg-3 (bug #979679)
 	[bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream)
@@ -127296,7 +127374,7 @@ CVE-2020-29445 (Affected versions of Confluence Server before 7.4.8, and version
 CVE-2020-29444 (Affected versions of Team Calendar in Confluence Server before 7.11.0  ...)
 	NOT-FOR-US: Atlassian
 CVE-2020-29443 (ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of- ...)
-	{DLA-2560-1}
+	{DLA-3099-1 DLA-2560-1}
 	- qemu 1:5.2+dfsg-11 (bug #983575)
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-01/msg04255.html
 	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=813212288970c39b1800f63e83ac6e96588095c6
@@ -127994,6 +128072,7 @@ CVE-2020-29130 (slirp.c in libslirp through 4.3.1 has a buffer over-read because
 	NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed.
 	NOTE: https://github.com/rootless-containers/slirp4netns/security/advisories/GHSA-2j37-w439-87q3
 CVE-2020-29129 (ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tri ...)
+	{DLA-3099-1}
 	- libslirp 4.4.0-1
 	- qemu 1:4.1-2
 	[stretch] - qemu <not-affected> (Vulnerable code introduced later)
@@ -128536,7 +128615,7 @@ CVE-2020-28918 (DualShield 5.9.8.0821 allows username enumeration on its login f
 CVE-2020-28917 (An issue was discovered in the view_statistics (aka View frontend stat ...)
 	NOT-FOR-US: TYPO3 extension
 CVE-2020-28916 (hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX desc ...)
-	{DLA-2560-1}
+	{DLA-3099-1 DLA-2560-1}
 	- qemu 1:5.2+dfsg-1 (bug #976388; bug #974687)
 	NOTE: https://www.openwall.com/lists/oss-security/2020/12/01/2
 	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-11/msg03185.html
@@ -134181,6 +134260,7 @@ CVE-2020-27823 (A flaw was found in OpenJPEG’s encoder. This flaw allows a
 CVE-2020-27822 (A flaw was found in Wildfly affecting versions 19.0.0.Final, 19.1.0.Fi ...)
 	- wildfly <itp> (bug #752018)
 CVE-2020-27821 (A flaw was found in the memory management API of QEMU during the initi ...)
+	{DLA-3099-1}
 	- qemu 1:5.2+dfsg-3 (bug #977616)
 	[stretch] - qemu <not-affected> (Vulnerable code introduced later)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1902651
@@ -135339,7 +135419,7 @@ CVE-2020-27618 (The iconv function in the GNU C Library (aka glibc or libc6) 2.3
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=26224
 	NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=9a99c682144bdbd40792ebf822fe9264e0376fb5
 CVE-2020-27617 (eth_get_gso_type in net/eth.c in QEMU 4.2.1 allows guest OS users to t ...)
-	{DLA-2469-1}
+	{DLA-3099-1 DLA-2469-1}
 	- qemu 1:5.2+dfsg-1 (bug #973324)
 	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg06023.html
 	NOTE: Fixed by: https://git.qemu.org/?p=qemu.git;a=commit;h=7564bf7701f00214cdc8a678a9f7df765244def1 (v5.2.0-rc2)
@@ -139800,7 +139880,7 @@ CVE-2020-25724 (A flaw was found in RESTEasy, where an incorrect response to an
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1899354 (lacks details ATM)
 	NOTE: https://security.snyk.io/vuln/SNYK-JAVA-IOQUARKUS-1300848
 CVE-2020-25723 (A reachable assertion issue was found in the USB EHCI emulation code o ...)
-	{DLA-2469-1}
+	{DLA-3099-1 DLA-2469-1}
 	- qemu 1:5.2+dfsg-1 (bug #975276)
 	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=2fdb42d840400d58f2e706ecca82c142b97bcbd6 (v5.2.0-rc0)
 CVE-2020-25722 (Multiple flaws were found in the way samba AD DC implemented access an ...)
@@ -140274,13 +140354,13 @@ CVE-2020-25626 (A flaw was found in Django REST Framework versions before 3.12.0
 	NOTE: https://github.com/encode/django-rest-framework/commit/ae649336b110afe21b9429f2554052f31a9dfaf9
 	NOTE: Fixed upstream in 3.12.0 and 3.11.2
 CVE-2020-25625 (hw/usb/hcd-ohci.c in QEMU 5.0.0 has an infinite loop when a TD list ha ...)
-	{DLA-2469-1}
+	{DLA-3099-1 DLA-2469-1}
 	- qemu 1:5.2+dfsg-1 (bug #970542)
 	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05905.html
 	NOTE: https://www.openwall.com/lists/oss-security/2020/09/17/1
 	NOTE: Fixed by: https://git.qemu.org/?p=qemu.git;a=commit;h=1be90ebecc95b09a2ee5af3f60c412b45a766c4f (v5.2.0-rc0)
 CVE-2020-25624 (hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via ...)
-	{DLA-2469-1}
+	{DLA-3099-1 DLA-2469-1}
 	- qemu 1:5.2+dfsg-1 (bug #970541)
 	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05492.html
 	NOTE: Fixed by: https://git.qemu.org/?p=qemu.git;a=commit;h=1328fe0c32d5474604105b8105310e944976b058 (v5.2.0-rc0)
@@ -141526,7 +141606,7 @@ CVE-2021-3409 (The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineff
 	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=5cd7aa3451b76bb19c0f6adc2b931f091e5d7fcd
 	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=cffb446e8fd19a14e1634c7a3a8b07be3f01d5c9
 CVE-2020-25085 (QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_continue  ...)
-	{DLA-2469-1}
+	{DLA-3099-1 DLA-2469-1}
 	- qemu 1:5.2+dfsg-1 (bug #970540)
 	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg00733.html
 	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg01439.html
@@ -141537,7 +141617,7 @@ CVE-2020-25085 (QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_con
 	NOTE: fix and relates to the CVE-2020-17380 assignment.
 	NOTE: Fixed by: https://git.qemu.org/?p=qemu.git;a=commit;h=dfba99f17feb6d4a129da19d38df1bcd8579d1c3 (v5.2.0-rc0)
 CVE-2020-25084 (QEMU 5.0.0 has a use-after-free in hw/usb/hcd-xhci.c because the usb_p ...)
-	{DLA-2560-1}
+	{DLA-3099-1 DLA-2560-1}
 	- qemu 1:5.2+dfsg-1 (bug #970539)
 	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-08/msg08050.html
 	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-08/msg08043.html
@@ -161642,7 +161722,7 @@ CVE-2020-15861 (Net-SNMP through 5.7.3 allows Escalation of Privileges because o
 CVE-2020-15860 (Parallels Remote Application Server (RAS) 17.1.1 has a Business Logic  ...)
 	NOT-FOR-US: Parallels
 CVE-2020-15859 (QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a gues ...)
-	{DLA-2560-1}
+	{DLA-3099-1 DLA-2560-1}
 	- qemu 1:5.2+dfsg-1 (bug #965978)
 	NOTE: Proposed patch: https://lists.gnu.org/archive/html/qemu-devel/2020-07/msg05895.html
 	NOTE: https://bugs.launchpad.net/qemu/+bug/1886362
@@ -162761,7 +162841,7 @@ CVE-2020-15471 (In nDPI through 3.2, the packet parsing code is vulnerable to a
 CVE-2020-15470 (ffjpeg through 2020-02-24 has a heap-based buffer overflow in jfif_dec ...)
 	NOT-FOR-US: ffjpeg
 CVE-2020-15469 (In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback m ...)
-	{DLA-2560-1}
+	{DLA-3099-1 DLA-2560-1}
 	- qemu 1:6.0+dfsg-3 (low; bug #970253)
 	[bullseye] - qemu <ignored> (Minor issue, too intrusive to backport)
 	NOTE: https://www.openwall.com/lists/oss-security/2020/07/02/1
@@ -168948,7 +169028,7 @@ CVE-2020-13254 (An issue was discovered in Django 2.2 before 2.2.13 and 3.0 befo
 	NOTE: https://github.com/django/django/commit/07e59caa02831c4569bbebb9eb773bdd9cb4b206 (2.2 branch)
 	NOTE: Regression https://code.djangoproject.com/ticket/31654
 CVE-2020-13253 (sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, wh ...)
-	{DLA-2373-1}
+	{DLA-3099-1 DLA-2373-1}
 	- qemu 1:5.0-8 (bug #961297)
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg05835.html
 	NOTE: https://www.openwall.com/lists/oss-security/2020/05/27/2



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b20351cc83c1cab293234a30b22470f6e013056c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b20351cc83c1cab293234a30b22470f6e013056c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220905/ab36e287/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list