[Git][security-tracker-team/security-tracker][master] qemu 1:5.2+dfsg-11+deb11u3 fixed CVE-2022-1051, not CVE-2023-1546

[Adrian Bunk (@bunk)]

Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ab9d53cc by Adrian Bunk at 2024-03-09T21:46:01+02:00
qemu 1:5.2+dfsg-11+deb11u3 fixed CVE-2022-1051, not CVE-2023-1546

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -58309,12 +58309,13 @@ CVE-2023-1546 (The MyCryptoCheckout WordPress plugin before 2.124 does not escap
 CVE-2023-1545 (SQL Injection in GitHub repository nilsteampassnet/teampass prior to 3 ...)
 	- teampass <itp> (bug #730180)
 CVE-2023-1544 (A flaw was found in the QEMU implementation of VMWare's paravirtual RD ...)
-	- qemu 1:8.0.2+dfsg-1 (bug #1034179)
+	- qemu 1:8.2.0+ds-1 (bug #1034179)
 	[bookworm] - qemu <no-dsa> (Minor issue)
-	[bullseye] - qemu 1:5.2+dfsg-11+deb11u3
+	[bullseye] - qemu <no-dsa> (Minor issue)
 	[buster] - qemu <no-dsa> (Minor issue)
 	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2023-03/msg00206.html
-	NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/31c4b6fb0293e359f9ef8a61892667e76eea4c99 (v8.0.0-rc0)
+	NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/85fc35afa93c7320d1641d344d0c5dfbe341d087 (v8.2.0-rc0)
+	NOTE: Not fixed in 1:5.2+dfsg-11+deb11u3 as claimed in the changelog, contains the CVE-2022-1050 fix instead.
 CVE-2023-28686 (Dino before 0.2.3, 0.3.x before 0.3.2, and 0.4.x before 0.4.2 allows a ...)
 	{DSA-5379-1}
 	- dino-im 0.4.2-1 (bug #1033370)
@@ -141328,10 +141329,11 @@ CVE-2022-1051 (The WPQA Builder Plugin WordPress plugin before 5.2, used as a co
 CVE-2022-1050 (A flaw was found in the QEMU implementation of VMWare's paravirtual RD ...)
 	{DLA-3362-1}
 	- qemu 1:7.1+dfsg-2 (bug #1014589)
-	[bullseye] - qemu <no-dsa> (Minor issue)
+	[bullseye] - qemu 1:5.2+dfsg-11+deb11u3
 	[stretch] - qemu <not-affected> (rdma devices introduced in v2.12)
 	NOTE: https://gitlab.com/qemu-project/qemu/-/commit/31c4b6fb0293e359f9ef8a61892667e76eea4c99 (master, after v7.2.0)
 	NOTE: PVRDMA support not enabled in the binary packages until 1:3.1+dfsg-3, disabled again in 1:3.1+dfsg-4 until 1:4.1-1
+	NOTE: 1:5.2+dfsg-11+deb11u3 changelog incorrectly lists CVE-2023-1544 as fixed instead of CVE-2022-1050.
 CVE-2022-1049 (A flaw was found in the Pacemaker configuration tool (pcs). The pcs da ...)
 	{DSA-5226-1 DLA-3108-1}
 	- pcs 0.11.3-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab9d53cc222dc0179d5f98c3f1a7c0eb8660a55f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab9d53cc222dc0179d5f98c3f1a7c0eb8660a55f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240309/73f06baa/attachment.htm>