[Git][security-tracker-team/security-tracker][master] qemu fixed in sid
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Thu Apr 25 13:35:46 BST 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d66e81d2 by Moritz Muehlenhoff at 2024-04-25T14:35:15+02:00
qemu fixed in sid
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3855,12 +3855,14 @@ CVE-2024-3569 (A Denial of Service (DoS) vulnerability exists in the mintplex-la
CVE-2024-3568 (The huggingface/transformers library is vulnerable to arbitrary code e ...)
NOT-FOR-US: huggingface/transformers
CVE-2024-3567 (A flaw was found in QEMU. An assertion failure was present in the upda ...)
- - qemu <unfixed> (bug #1068822)
+ - qemu 1:8.2.3+ds-1 (bug #1068822)
[bookworm] - qemu <no-dsa> (Minor issue)
[bullseye] - qemu <no-dsa> (Minor issue)
[buster] - qemu <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2274339
NOTE: https://gitlab.com/qemu-project/qemu/-/issues/2273
+ NOTE: https://gitlab.com/qemu-project/qemu/-/commit/83ddb3dbba2ee0f1767442ae6ee665058aeb1093 (v9.0.0-rc3)
+ NOTE: https://gitlab.com/qemu-project/qemu/-/commit/1cfe45956e03070f894e91b304e233b4d5b99719 (v8.2.3)
CVE-2024-3566 (A command inject vulnerability allows an attacker to perform command i ...)
- nodejs <not-affected> (Only affects Windows)
CVE-2024-3516 (Heap buffer overflow in ANGLE in Google Chrome prior to 123.0.6312.122 ...)
@@ -4279,13 +4281,15 @@ CVE-2024-26815 (In the Linux kernel, the following vulnerability has been resolv
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/343041b59b7810f9cdca371f445dd43b35c740b1 (6.9-rc1)
CVE-2024-3447
- - qemu <unfixed> (bug #1068821)
+ - qemu 1:8.2.3+ds-1 (bug #1068821)
[bookworm] - qemu <no-dsa> (Minor issue)
[bullseye] - qemu <no-dsa> (Minor issue)
[buster] - qemu <no-dsa> (Minor issue)
NOTE: https://patchew.org/QEMU/20240404085549.16987-1-philmd@linaro.org/
NOTE: https://patchew.org/QEMU/20240409145524.27913-1-philmd@linaro.org/
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=58813
+ NOTE: https://gitlab.com/qemu-project/qemu/-/commit/9e4b27ca6bf4974f169bbca7f3dca117b1208b6f (v9.0.0-rc3)
+ NOTE: https://gitlab.com/qemu-project/qemu/-/commit/35a67d2aa8caf8eb0bee7d38515924c95417047e (v8.2.3)
CVE-2024-2905
NOT-FOR-US: rpm-ostree
CVE-2024-2243 (A vulnerability was found in csmock where a regular user of the OSH se ...)
@@ -4447,12 +4451,18 @@ CVE-2024-3514
CVE-2024-3512 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPre ...)
NOT-FOR-US: WordPress plugin
CVE-2024-3446 (A double free vulnerability was found in QEMU virtio devices (virtio-g ...)
- - qemu <unfixed> (bug #1068820)
+ - qemu 1:8.2.3+ds-1 (bug #1068820)
[bookworm] - qemu <no-dsa> (Minor issue)
[bullseye] - qemu <no-dsa> (Minor issue)
[buster] - qemu <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2274211
NOTE: https://patchew.org/QEMU/20240409105537.18308-1-philmd@linaro.org/
+ NOTE: https://gitlab.com/qemu-project/qemu/-/commit/f4729ec39ad97a42ceaa7b5697f84f440ea6e5dc (v9.0.0-rc3)
+ NOTE: https://gitlab.com/qemu-project/qemu/-/commit/b4295bff25f7b50de1d9cc94a9c6effd40056bca (v9.0.0-rc3)
+ NOTE: https://gitlab.com/qemu-project/qemu/-/commit/ba28e0ff4d95b56dc334aac2730ab3651ffc3132 (v9.0.0-rc3)
+ NOTE: https://gitlab.com/qemu-project/qemu/-/commit/4f01537ced3e787bd985b8f8de5869b92657160a (v8.2.3)
+ NOTE: https://gitlab.com/qemu-project/qemu/-/commit/fbeb0a160cbcc067c0e1f0d380cea4a31de213e3 (v8.2.3)
+ NOTE: https://gitlab.com/qemu-project/qemu/-/commit/1b2a52712b249e14d246cd9c7db126088e6e64db (v8.2.3)
CVE-2024-3281 (A vulnerability was discovered in the firmware builds after 8.0.2.3267 ...)
NOT-FOR-US: HP
CVE-2024-3267 (The Bold Page Builder plugin for WordPress is vulnerable to Stored Cro ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d66e81d2f69e126c4e75d7f96a0f6a616663412a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d66e81d2f69e126c4e75d7f96a0f6a616663412a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240425/0464bddc/attachment.htm>
More information about the debian-security-tracker-commits
mailing list