[Git][security-tracker-team/security-tracker][master] set more unfixed qemu issues as <postponed>

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Aug 21 14:56:32 BST 2023



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a0a6dc84 by Moritz Muehlenhoff at 2023-08-21T15:55:56+02:00
set more unfixed qemu issues as <postponed>

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5131,8 +5131,8 @@ CVE-2023-3023 (The WP EasyCart plugin for WordPress is vulnerable to time-based
 	NOT-FOR-US: WP EasyCart plugin for WordPress
 CVE-2023-3019 (A DMA reentrancy issue leading to a use-after-free error was found in  ...)
 	- qemu <unfixed> (bug #1041102)
-	[bookworm] - qemu <no-dsa> (Minor issue)
-	[bullseye] - qemu <no-dsa> (Minor issue)
+	[bookworm] - qemu <postponed> (Minor issue, revisit when fixed upstream)
+	[bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream)
 	[buster] - qemu <no-dsa> (Minor issue)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=59243
 	NOTE: Proposed upstream patch: https://lists.nongnu.org/archive/html/qemu-devel/2023-05/msg08310.html
@@ -21954,8 +21954,8 @@ CVE-2023-1387 (Grafana is an open-source platform for monitoring and observabili
 	- grafana <removed>
 CVE-2023-1386 (A flaw was found in the 9p passthrough filesystem (9pfs) implementatio ...)
 	- qemu <unfixed>
-	[bookworm] - qemu <no-dsa> (Minor issue)
-	[bullseye] - qemu <no-dsa> (Minor issue)
+	[bookworm] - qemu <postponed> (Minor issue, revisit when fixed upstream)
+	[bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream)
 	[buster] - qemu <no-dsa> (Minor issue)
 	NOTE: https://github.com/v9fs/linux/issues/29
 CVE-2023-1385 (Improper JPAKE implementation allows offline PIN brute-forcing due to  ...)
@@ -142221,8 +142221,8 @@ CVE-2021-3739 (A NULL pointer dereference flaw was found in the btrfs_rm_device
 	NOTE: https://www.openwall.com/lists/oss-security/2021/08/25/3
 CVE-2021-3735 (A deadlock issue was found in the AHCI controller device of QEMU. It o ...)
 	- qemu <unfixed> (bug #1014767)
-	[bookworm] - qemu <no-dsa> (Minor issue)
-	[bullseye] - qemu <no-dsa> (Minor issue)
+	[bookworm] - qemu <postponed> (Minor issue, revisit when fixed upstream)
+	[bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream)
 	[buster] - qemu <postponed> (Minor issue, waiting for patch)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1997184
 	NOTE: No upstream patch as of 2023-03-09
@@ -193689,8 +193689,8 @@ CVE-2021-20256 (A flaw was found in Red Hat Satellite. The BMC interface exposes
 CVE-2021-20255 (A stack overflow via an infinite recursion vulnerability was found in  ...)
 	{DLA-2623-1}
 	- qemu <unfixed> (bug #984451)
-	[bookworm] - qemu <postponed> (Minor issue)
-	[bullseye] - qemu <postponed> (Minor issue)
+	[bookworm] - qemu <postponed> (Minor issue, revisit when fixed upstream)
+	[bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream)
 	[buster] - qemu <postponed> (Minor issue, waiting for sanctioned patch, fixed in stretch-lts)
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html
 	NOTE: https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Feepro100_stackoverflow1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0a6dc849bc2a002acc192d78c7edf8fb77d3193

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0a6dc849bc2a002acc192d78c7edf8fb77d3193
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230821/0a0b8bd0/attachment.htm>


More information about the debian-security-tracker-commits mailing list