[Git][security-tracker-team/security-tracker][master] CVE-2021-3929/qemu: update triage and patch links
Sylvain Beucler (@beuc)
beuc at debian.org
Sat Mar 11 20:46:34 GMT 2023
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c10089ee by Sylvain Beucler at 2023-03-11T21:44:03+01:00
CVE-2021-3929/qemu: update triage and patch links
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -106761,11 +106761,13 @@ CVE-2021-3930 (An off-by-one error was found in the SCSI device emulation in QEM
CVE-2021-3929 (A DMA reentrancy issue was found in the NVM Express Controller (NVME) ...)
- qemu 1:7.0+dfsg-1
[bullseye] - qemu <no-dsa> (Minor issue; nvme support preliminary supported)
- [buster] - qemu <no-dsa> (Minor issue; nvme support preliminary supported, possibly not-affected)
+ [buster] - qemu <not-affected> (nvme support preliminary supported; PoC doesn't trigger)
[stretch] - qemu <not-affected> (Vulnerable code introduced later)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2020298
- NOTE: https://gitlab.com/qemu-project/qemu/-/issues/556
- NOTE: Proposed patchset: https://lists.nongnu.org/archive/html/qemu-devel/2021-08/msg03692.html
+ NOTE: https://gitlab.com/qemu-project/qemu/-/issues/556 (generic)
+ NOTE: https://gitlab.com/qemu-project/qemu/-/issues/782 (specific)
+ NOTE: Proposed patchset (generic): https://lists.nongnu.org/archive/html/qemu-devel/2021-08/msg03692.html
+ NOTE: Proposed patchset (specific): https://lists.nongnu.org/archive/html/qemu-devel/2022-01/msg04577.html
NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/736b01642d85be832385063f278fe7cd4ffb5221 (v7.0.0-rc0)
CVE-2021-43400 (An issue was discovered in gatt-database.c in BlueZ 5.61. A use-after- ...)
{DLA-3157-1}
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c10089ee64ef1de78db3494bbd8966c57f18e047
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c10089ee64ef1de78db3494bbd8966c57f18e047
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230311/f56ec97c/attachment.htm>
More information about the debian-security-tracker-commits
mailing list