[Git][security-tracker-team/security-tracker][master] Ignore CVE-2023-1544/qemu in buster
Adrian Bunk (@bunk)
bunk at debian.org
Sat Mar 9 22:39:48 GMT 2024
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ab14a284 by Adrian Bunk at 2024-03-10T00:38:59+02:00
Ignore CVE-2023-1544/qemu in buster
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -58334,9 +58334,10 @@ CVE-2023-1544 (A flaw was found in the QEMU implementation of VMWare's paravirtu
- qemu 1:8.2.0+ds-1 (bug #1034179)
[bookworm] - qemu <no-dsa> (Minor issue)
[bullseye] - qemu <no-dsa> (Minor issue)
- [buster] - qemu <no-dsa> (Minor issue)
+ [buster] - qemu <ignored> (PVRDMA support not enabled in the binary packages)
NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2023-03/msg00206.html
NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/85fc35afa93c7320d1641d344d0c5dfbe341d087 (v8.2.0-rc0)
+ NOTE: PVRDMA support not enabled in the binary packages until 1:3.1+dfsg-3, disabled again in 1:3.1+dfsg-4 until 1:4.1-1
NOTE: Not fixed in 1:5.2+dfsg-11+deb11u3 as claimed in the changelog, contains the
NOTE: CVE-2022-1050 fix instead. In unstable 1:8.0.2+dfsg-1 disabled support for
NOTE: pvrdma (addressing/mitigating) CVE-2023-1544. Sourcewise fixed in v8.2.0
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab14a284e9645b99d81868a08256a5354f2240aa
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab14a284e9645b99d81868a08256a5354f2240aa
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240309/38285008/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list