[Git][security-tracker-team/security-tracker][master] set more unfixed qemu issues as <postponed>
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Mon Aug 21 14:56:32 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a0a6dc84 by Moritz Muehlenhoff at 2023-08-21T15:55:56+02:00
set more unfixed qemu issues as <postponed>
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5131,8 +5131,8 @@ CVE-2023-3023 (The WP EasyCart plugin for WordPress is vulnerable to time-based
NOT-FOR-US: WP EasyCart plugin for WordPress
CVE-2023-3019 (A DMA reentrancy issue leading to a use-after-free error was found in ...)
- qemu <unfixed> (bug #1041102)
- [bookworm] - qemu <no-dsa> (Minor issue)
- [bullseye] - qemu <no-dsa> (Minor issue)
+ [bookworm] - qemu <postponed> (Minor issue, revisit when fixed upstream)
+ [bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream)
[buster] - qemu <no-dsa> (Minor issue)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=59243
NOTE: Proposed upstream patch: https://lists.nongnu.org/archive/html/qemu-devel/2023-05/msg08310.html
@@ -21954,8 +21954,8 @@ CVE-2023-1387 (Grafana is an open-source platform for monitoring and observabili
- grafana <removed>
CVE-2023-1386 (A flaw was found in the 9p passthrough filesystem (9pfs) implementatio ...)
- qemu <unfixed>
- [bookworm] - qemu <no-dsa> (Minor issue)
- [bullseye] - qemu <no-dsa> (Minor issue)
+ [bookworm] - qemu <postponed> (Minor issue, revisit when fixed upstream)
+ [bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream)
[buster] - qemu <no-dsa> (Minor issue)
NOTE: https://github.com/v9fs/linux/issues/29
CVE-2023-1385 (Improper JPAKE implementation allows offline PIN brute-forcing due to ...)
@@ -142221,8 +142221,8 @@ CVE-2021-3739 (A NULL pointer dereference flaw was found in the btrfs_rm_device
NOTE: https://www.openwall.com/lists/oss-security/2021/08/25/3
CVE-2021-3735 (A deadlock issue was found in the AHCI controller device of QEMU. It o ...)
- qemu <unfixed> (bug #1014767)
- [bookworm] - qemu <no-dsa> (Minor issue)
- [bullseye] - qemu <no-dsa> (Minor issue)
+ [bookworm] - qemu <postponed> (Minor issue, revisit when fixed upstream)
+ [bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream)
[buster] - qemu <postponed> (Minor issue, waiting for patch)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1997184
NOTE: No upstream patch as of 2023-03-09
@@ -193689,8 +193689,8 @@ CVE-2021-20256 (A flaw was found in Red Hat Satellite. The BMC interface exposes
CVE-2021-20255 (A stack overflow via an infinite recursion vulnerability was found in ...)
{DLA-2623-1}
- qemu <unfixed> (bug #984451)
- [bookworm] - qemu <postponed> (Minor issue)
- [bullseye] - qemu <postponed> (Minor issue)
+ [bookworm] - qemu <postponed> (Minor issue, revisit when fixed upstream)
+ [bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream)
[buster] - qemu <postponed> (Minor issue, waiting for sanctioned patch, fixed in stretch-lts)
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html
NOTE: https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Feepro100_stackoverflow1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0a6dc849bc2a002acc192d78c7edf8fb77d3193
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0a6dc849bc2a002acc192d78c7edf8fb77d3193
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230821/0a0b8bd0/attachment.htm>
More information about the debian-security-tracker-commits
mailing list