[Git][security-tracker-team/security-tracker][master] qemu/bullseye triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Tue Aug 22 14:28:05 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2a489e86 by Moritz Muehlenhoff at 2023-08-22T15:27:34+02:00
qemu/bullseye triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7198,7 +7198,7 @@ CVE-2023-2996 (The Jetpack WordPress plugin before 12.1.1 does not validate uplo
CVE-2023-2861 [9pfs: prevent opening special files]
- qemu 1:8.0.3+dfsg-1
[bookworm] - qemu 1:7.2+dfsg-7+deb12u1
- [bullseye] - qemu <no-dsa> (Minor issue)
+ [bullseye] - qemu <ignored> (Minor issue)
[buster] - qemu <no-dsa> (Minor issue)
NOTE: https://gitlab.com/qemu-project/qemu/-/commit/f6b0de53fb87ddefed348a39284c8e2f28dc4eda
CVE-2023-2860 (An out-of-bounds read vulnerability was found in the SR-IPv6 implement ...)
@@ -49002,7 +49002,7 @@ CVE-2022-45898
RESERVED
CVE-2022-4144 (An out-of-bounds read flaw was found in the QXL display device emulati ...)
- qemu 1:7.2+dfsg-1
- [bullseye] - qemu <no-dsa> (Minor issue)
+ [bullseye] - qemu <ignored> (Minor issue)
[buster] - qemu <postponed> (Minor issue, DoS)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2148506
NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg04143.html
@@ -71707,11 +71707,12 @@ CVE-2022-2963 (A vulnerability found in jasper. This security vulnerability happ
NOTE: memory leak on invalid command line options before exit()
CVE-2022-2962 (A DMA reentrancy issue was found in the Tulip device emulation in QEMU ...)
- qemu 1:7.1+dfsg-2 (bug #1018055)
- [bullseye] - qemu <no-dsa> (Minor issue)
+ [bullseye] - qemu <not-affected> (Vulnerable code not present)
[buster] - qemu <not-affected> (Vulnerable code/Tulip NIC emulator added later)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2120631
NOTE: https://gitlab.com/qemu-project/qemu/-/issues/1171
NOTE: https://gitlab.com/qemu-project/qemu/-/commit/36a894aeb64a2e02871016da1c37d4a4ca109182
+ NOTE: Introduced by https://gitlab.com/qemu-project/qemu/-/commit/398f9a84ac7132e38caf7b066273734b3bf619ff (v7.0.0-rc0)
CVE-2022-2961 (A use-after-free flaw was found in the Linux kernel\u2019s PLP Rose fu ...)
- linux <unfixed> (unimportant)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2120595
@@ -141691,7 +141692,7 @@ CVE-2021-40320
RESERVED
CVE-2021-3750 (A DMA reentrancy issue was found in the USB EHCI controller emulation ...)
- qemu 1:7.0+dfsg-1
- [bullseye] - qemu <no-dsa> (Minor issue)
+ [bullseye] - qemu <ignored> (Minor issue)
[buster] - qemu <postponed> (Minor issue, follow bullseye updates)
[stretch] - qemu <postponed> (Minor issue, follow bullseye updates)
NOTE: https://gitlab.com/qemu-project/qemu/-/issues/541
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a489e867ff000bac5417f08d207a88ab2e315d8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a489e867ff000bac5417f08d207a88ab2e315d8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230822/5f7d2a79/attachment.htm>
More information about the debian-security-tracker-commits
mailing list