[Git][security-tracker-team/security-tracker][master] qemu triage

Mon Aug 21 10:18:54 BST 2023


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
36065a98 by Moritz Muehlenhoff at 2023-08-21T11:18:26+02:00
qemu triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -51714,8 +51714,8 @@ CVE-2022-3873 (Cross-site Scripting (XSS) - DOM in GitHub repository jgraph/draw
 	NOT-FOR-US: jgraph/drawio
 CVE-2022-3872 (An off-by-one read/write issue was found in the SDHCI device of QEMU.  ...)
 	- qemu <unfixed> (bug #1024022)
-	[bookworm] - qemu <no-dsa> (Minor issue)
-	[bullseye] - qemu <no-dsa> (Minor issue)
+	[bookworm] - qemu <postponed> (Minor issue, revisit when fixed upstream)
+	[bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream)
 	[buster] - qemu <postponed> (Minor issue, DoS, waiting for sanctioned patch)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2140567
 	NOTE: patch proposal 1: https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg01068.html
@@ -194495,7 +194495,7 @@ CVE-2020-35507 (There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in b
 CVE-2020-35506 (A use-after-free vulnerability was found in the am53c974 SCSI host bus ...)
 	[experimental] - qemu 1:6.0+dfsg-1~exp0
 	- qemu 1:6.0+dfsg-3 (bug #984454)
-	[bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream)
+	[bullseye] - qemu <ignored> (Minor issue)
 	[buster] - qemu <not-affected> (Vulnerable code not present, FIFO support added later)
 	[stretch] - qemu <not-affected> (Vulnerable code not present, FIFO support added later)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1909996
@@ -194504,7 +194504,7 @@ CVE-2020-35505 (A NULL pointer dereference flaw was found in the am53c974 SCSI h
 	{DLA-3099-1}
 	[experimental] - qemu 1:6.0+dfsg-1~exp0
 	- qemu 1:6.0+dfsg-3 (bug #984455)
-	[bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream)
+	[bullseye] - qemu <ignored> (Minor issue)
 	[stretch] - qemu <postponed> (Fix along in future DLA)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1909769
 	NOTE: https://bugs.launchpad.net/qemu/+bug/1910723 (reproducer)
@@ -194523,7 +194523,7 @@ CVE-2020-35504 (A NULL pointer dereference flaw was found in the SCSI emulation
 	{DLA-3099-1}
 	[experimental] - qemu 1:6.0+dfsg-1~exp0
 	- qemu 1:6.0+dfsg-3 (bug #979679)
-	[bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream)
+	[bullseye] - qemu <ignored> (Minor issue)
 	[stretch] - qemu <postponed> (Fix along in future DLA)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1909766
 	NOTE: https://bugs.launchpad.net/qemu/+bug/1910723 (reproducer)
@@ -194541,8 +194541,8 @@ CVE-2020-35504 (A NULL pointer dereference flaw was found in the SCSI emulation
 	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=607206948cacda4a80be5b976dba
 CVE-2020-35503 (A NULL pointer dereference flaw was found in the megasas-gen2 SCSI hos ...)
 	- qemu <unfixed> (bug #979678)
-	[bookworm] - qemu <postponed> (Minor issue)
-	[bullseye] - qemu <postponed> (Minor issue)
+	[bookworm] - qemu <postponed> (Minor issue, revisit when fixed upstream)
+	[bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream)
 	[buster] - qemu <postponed> (Minor issue, waiting for sanctioned patch)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1910346
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-12/msg06065.html



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/36065a9875367eac37f1c5ed34ff342e9a14599d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/36065a9875367eac37f1c5ed34ff342e9a14599d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230821/0a2d71a7/attachment.htm>
