[Git][security-tracker-team/security-tracker][master] two qemu issues fixed, mark one of them as a non issue

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Sep 12 10:36:28 BST 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a0c87c12 by Moritz Muehlenhoff at 2022-09-12T11:35:58+02:00
two qemu issues fixed, mark one of them as a non issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -12916,11 +12916,11 @@ CVE-2022-35415
 	RESERVED
 CVE-2022-35414 (** DISPUTED ** softmmu/physmem.c in QEMU through 7.0.0 can perform an  ...)
 	{DLA-3099-1}
-	- qemu <unfixed> (bug #1014958)
-	[bullseye] - qemu <no-dsa> (Minor issue)
+	- qemu 1:7.1+dfsg-1 (unimportant; bug #1014958)
 	NOTE: https://gitlab.com/qemu-project/qemu/-/issues/1065
 	NOTE: https://github.com/qemu/qemu/commit/418ade7849ce7641c0f7333718caf5091a02fd4c
 	NOTE: https://sick.codes/sick-2022-113
+	NOTE: Not deemed a security issue per https://www.qemu.org/docs/master/system/security.html#security-requirements
 CVE-2022-2366 (Incorrect default configuration for trusted IP header in Mattermost ve ...)
 	- mattermost-server <itp> (bug #823556)
 CVE-2022-2365 (Cross-site Scripting (XSS) - Stored in GitHub repository zadam/trilium ...)
@@ -48988,7 +48988,7 @@ CVE-2022-0219 (Improper Restriction of XML External Entity Reference in GitHub r
 CVE-2022-0218 (The WP HTML Mail WordPress plugin is vulnerable to unauthorized access ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-0216 (A use-after-free vulnerability was found in the LSI53C895A SCSI Host B ...)
-	- qemu <unfixed> (bug #1014590)
+	- qemu 1:7.1+dfsg-1 (bug #1014590)
 	[bullseye] - qemu <no-dsa> (Minor issue)
 	[buster] - qemu <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2036953



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0c87c12cee120d3fd0af0e97fd60a6b9f4eed4a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0c87c12cee120d3fd0af0e97fd60a6b9f4eed4a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220912/f1de993b/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list