[Git][security-tracker-team/security-tracker][master] Triage CVE-2024-6519, CVE-2024-7730, CVE-2024-8354 & CVE-2024-8612 in qemu for bullseye LTS.
Chris Lamb (@lamby)
lamby at debian.org
Wed Apr 30 22:40:03 BST 2025
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
621b2395 by Chris Lamb at 2025-04-30T14:39:54-07:00
Triage CVE-2024-6519, CVE-2024-7730, CVE-2024-8354 & CVE-2024-8612 in qemu for bullseye LTS.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -63084,6 +63084,7 @@ CVE-2024-49193 (Zendesk before 2024-07-02 allows remote attackers to read ticket
CVE-2024-6519 (A use-after-free vulnerability was found in the QEMU LSI53C895A SCSI H ...)
- qemu <unfixed> (bug #1085299)
[bookworm] - qemu <no-dsa> (Minor issue)
+ [bullseye] - qemu <postponed> (Minor issue; can be fixed in next update)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2292089
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-24-1382/
CVE-2024-9860 (The Bridge Core plugin for WordPress is vulnerable to unauthorized mod ...)
@@ -67516,6 +67517,7 @@ CVE-2023-47480 (An issue in Pure Data 0.54-0 and fixed in 0.54-1 allows a local
CVE-2024-8612 (A flaw was found in QEMU, in the virtio-scsi, virtio-blk, and virtio-c ...)
- qemu <unfixed> (bug #1082406)
[bookworm] - qemu <no-dsa> (Minor issue)
+ [bullseye] - qemu <postponed> (Minor issue; can be fixed in next update)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2313760
NOTE: Mitigation addressing symptomps (but not root issue): https://gitlab.com/qemu-project/qemu/-/commit/637b0aa139565cb82a7b9269e62214f87082635c
NOTE: qemu/1:9.1.1+ds-1 upload only addresses the symtoms but not the root cause of the issue.
@@ -67566,6 +67568,7 @@ CVE-2024-8375 (There exists a use after free vulnerability in Reverb.Reverb supp
CVE-2024-8354 (A flaw was found in QEMU. An assertion failure was present in the usb_ ...)
- qemu <unfixed> (bug #1082377)
[bookworm] - qemu <no-dsa> (Minor issue)
+ [bullseye] - qemu <postponed> (Minor issue; can be fixed in next update)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2313497
NOTE: https://gitlab.com/qemu-project/qemu/-/issues/2548
CVE-2024-7785 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
@@ -76644,6 +76647,7 @@ CVE-2024-20082 (In Modem, there is a possible memory corruption due to a missing
CVE-2024-7730 (A heap buffer overflow was found in the virtio-snd device in QEMU. Whe ...)
- qemu 1:9.1.0+ds-1
[bookworm] - qemu <no-dsa> (Minor issue)
+ [bullseye] - qemu <postponed> (Minor issue; can be fixed in next update)
NOTE: https://lore.kernel.org/qemu-devel/virtio-snd-fuzz-2427-fix-v1-manos.pitsidianakis@linaro.org/
NOTE: https://gitlab.com/qemu-project/qemu/-/issues/2427
NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/98e77e3dd8dd6e7aa9a7dffa60f49c8c8a49d4e3 (v9.1.0-rc0)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/621b239577ad86e401bf9bdada50f5096e75e50d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/621b239577ad86e401bf9bdada50f5096e75e50d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250430/c26d1b20/attachment.htm>
More information about the debian-security-tracker-commits
mailing list