[Git][security-tracker-team/security-tracker][master] CVE-2021-3929/qemu: update triage and patch links

Sylvain Beucler (@beuc) beuc at debian.org
Sat Mar 11 20:46:34 GMT 2023



Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c10089ee by Sylvain Beucler at 2023-03-11T21:44:03+01:00
CVE-2021-3929/qemu: update triage and patch links

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -106761,11 +106761,13 @@ CVE-2021-3930 (An off-by-one error was found in the SCSI device emulation in QEM
 CVE-2021-3929 (A DMA reentrancy issue was found in the NVM Express Controller (NVME)  ...)
 	- qemu 1:7.0+dfsg-1
 	[bullseye] - qemu <no-dsa> (Minor issue; nvme support preliminary supported)
-	[buster] - qemu <no-dsa> (Minor issue; nvme support preliminary supported, possibly not-affected)
+	[buster] - qemu <not-affected> (nvme support preliminary supported; PoC doesn't trigger)
 	[stretch] - qemu <not-affected> (Vulnerable code introduced later)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2020298
-	NOTE: https://gitlab.com/qemu-project/qemu/-/issues/556
-	NOTE: Proposed patchset: https://lists.nongnu.org/archive/html/qemu-devel/2021-08/msg03692.html
+	NOTE: https://gitlab.com/qemu-project/qemu/-/issues/556 (generic)
+	NOTE: https://gitlab.com/qemu-project/qemu/-/issues/782 (specific)
+	NOTE: Proposed patchset (generic): https://lists.nongnu.org/archive/html/qemu-devel/2021-08/msg03692.html
+	NOTE: Proposed patchset (specific): https://lists.nongnu.org/archive/html/qemu-devel/2022-01/msg04577.html
 	NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/736b01642d85be832385063f278fe7cd4ffb5221 (v7.0.0-rc0)
 CVE-2021-43400 (An issue was discovered in gatt-database.c in BlueZ 5.61. A use-after- ...)
 	{DLA-3157-1}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c10089ee64ef1de78db3494bbd8966c57f18e047

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c10089ee64ef1de78db3494bbd8966c57f18e047
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230311/f56ec97c/attachment.htm>


More information about the debian-security-tracker-commits mailing list