[Git][security-tracker-team/security-tracker][master] 2 commits: qemu: quick recheck for old pending patches
Sylvain Beucler (@beuc)
beuc at debian.org
Thu Mar 9 15:55:37 GMT 2023
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1a29c3f3 by Sylvain Beucler at 2023-03-09T16:55:53+01:00
qemu: quick recheck for old pending patches
- - - - -
07076ab5 by Sylvain Beucler at 2023-03-09T16:55:55+01:00
CVE-2022-1050/qemu: referenced merged patch
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -78376,9 +78376,8 @@ CVE-2022-1051 (The WPQA Builder Plugin WordPress plugin before 5.2, used as a co
CVE-2022-1050 (A flaw was found in the QEMU implementation of VMWare's paravirtual RD ...)
- qemu 1:7.1+dfsg-2 (bug #1014589)
[bullseye] - qemu <no-dsa> (Minor issue)
- [buster] - qemu <postponed> (Minor issue, waiting for sanctioned patch, patch included in unstable)
[stretch] - qemu <not-affected> (rdma devices introduced in v2.12)
- NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2022-04/msg00273.html
+ NOTE: https://gitlab.com/qemu-project/qemu/-/commit/31c4b6fb0293e359f9ef8a61892667e76eea4c99 (master, after v7.2.0)
CVE-2022-1049 (A flaw was found in the Pacemaker configuration tool (pcs). The pcs da ...)
{DSA-5226-1 DLA-3108-1}
- pcs 0.11.3-1
@@ -117160,7 +117159,7 @@ CVE-2021-3735 (A deadlock issue was found in the AHCI controller device of QEMU.
[bullseye] - qemu <no-dsa> (Minor issue)
[buster] - qemu <postponed> (Minor issue, waiting for patch)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1997184
- NOTE: No upstream patch as of 2022-11-08
+ NOTE: No upstream patch as of 2023-03-09
CVE-2021-40083 (Knot Resolver before 5.3.2 is prone to an assertion failure, triggerab ...)
[experimental] - knot-resolver 5.4.1-1
- knot-resolver 5.4.1-2 (bug #991463)
@@ -168425,7 +168424,7 @@ CVE-2021-20255 (A stack overflow via an infinite recursion vulnerability was fou
[buster] - qemu <postponed> (Minor issue, waiting for sanctioned patch, fixed in stretch-lts)
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html
NOTE: https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Feepro100_stackoverflow1
- NOTE: No sanctioned upstream patch as of 2022-11-08
+ NOTE: No sanctioned upstream patch as of 2023-03-09
CVE-2021-20254 (A flaw was found in samba. The Samba smbd file server must map Windows ...)
{DLA-2668-1}
- samba 2:4.13.5+dfsg-2 (bug #987811)
@@ -169278,7 +169277,7 @@ CVE-2020-35503 (A NULL pointer dereference flaw was found in the megasas-gen2 SC
[buster] - qemu <postponed> (Minor issue, waiting for sanctioned patch)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1910346
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-12/msg06065.html
- NOTE: No sanctioned upstream patch as of 2022-11-08
+ NOTE: No sanctioned upstream patch as of 2023-03-09
CVE-2020-35502 (A flaw was found in Privoxy in versions before 3.0.29. Memory leaks wh ...)
{DLA-2548-1}
- privoxy 3.0.29-1
@@ -185305,7 +185304,7 @@ CVE-2020-25743 (hw/ide/pci.c in QEMU before 5.1.1 can trigger a NULL pointer der
[buster] - qemu <postponed> (Minor issue, waiting for sanctioned patch)
NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg01568.html
NOTE: https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Fide_nullptr1
- NOTE: No sanctioned upstream patch as of 2022-11-08
+ NOTE: No sanctioned upstream patch as of 2023-03-09
CVE-2020-25742 (pci_change_irq_level in hw/pci/pci.c in QEMU before 5.1.1 has a NULL p ...)
- qemu <unfixed> (bug #971390)
[bookworm] - qemu <postponed> (Minor issue, revisit when fixed upstream)
@@ -185313,7 +185312,7 @@ CVE-2020-25742 (pci_change_irq_level in hw/pci/pci.c in QEMU before 5.1.1 has a
[buster] - qemu <postponed> (Minor issue, waiting for sanctioned patch)
NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05294.html
NOTE: https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Flsi_nullptr1
- NOTE: No sanctioned upstream patch as of 2022-11-08
+ NOTE: No sanctioned upstream patch as of 2023-03-09
CVE-2020-25741 (fdctrl_write_data in hw/block/fdc.c in QEMU 5.0.0 has a NULL pointer d ...)
- qemu <unfixed> (bug #970939)
[bookworm] - qemu <postponed> (Minor issue, revisit when fixed upstream)
@@ -185321,7 +185320,7 @@ CVE-2020-25741 (fdctrl_write_data in hw/block/fdc.c in QEMU 5.0.0 has a NULL poi
[buster] - qemu <postponed> (Minor issue, waiting for sanctioned patch)
NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg07779.html
NOTE: https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Ffdc_nullptr1
- NOTE: No sanctioned upstream patch as of 2022-11-08
+ NOTE: No sanctioned upstream patch as of 2023-03-09
CVE-2020-25740
RESERVED
CVE-2020-25739 (An issue was discovered in the gon gem before gon-6.4.0 for Ruby. Mult ...)
@@ -272938,7 +272937,7 @@ CVE-2019-12067 (The ahci_commit_buf function in ide/ahci.c in QEMU allows attack
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01358.html
NOTE: patched function introduced in 2014/2.1.50 but affected code pre-existed
NOTE: https://github.com/qemu/qemu/commit/659142ecf71a0da240ab0ff7cf929ee25c32b9bc
- NOTE: No sanctioned upstream patch as of 2022-11-08
+ NOTE: No sanctioned upstream patch as of 2023-03-08
CVE-2019-12066
RESERVED
CVE-2019-12065
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e8636ece86cad8f4007a6de747253f2e44c25f71...07076ab574954b2156c253b9c0fdca150aecfc1d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e8636ece86cad8f4007a6de747253f2e44c25f71...07076ab574954b2156c253b9c0fdca150aecfc1d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230309/07943e47/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list