[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2020-24352/qemu

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Aug 11 18:30:26 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7e2feeeb by Salvatore Bonaccorso at 2025-08-11T19:28:30+02:00
Track fixed version for CVE-2020-24352/qemu

This is not fully correct, the patch does not fix all cases according to
the upstream comment. Though the maintainer who is as well upstream
consideres it enough to fix the CVE. Follow suit in this case and track
the fix with upstream's ca1f9cbfdce4 ("ati: check x y display parameter
values").

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -409515,11 +409515,12 @@ CVE-2020-24354 (Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and p
 CVE-2020-24353 (Pega Platform before 8.4.0 has a XSS issue via stream rule parameters  ...)
 	NOT-FOR-US: Pega Platform
 CVE-2020-24352 (An issue was discovered in QEMU through 5.1.0. An out-of-bounds memory ...)
-	- qemu <unfixed> (unimportant; bug #968820)
+	- qemu 1:5.2+dfsg-1 (unimportant; bug #968820)
 	[buster] - qemu <not-affected> (Vulnerable code introduced in ATI VGA device emulation added later)
 	[stretch] - qemu <not-affected> (Vulnerable code introduced later)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1847584
 	NOTE: Feature isn't production-ready/experimental: https://lists.gnu.org/archive/html/qemu-devel/2020-08/msg05528.html
+	NOTE: https://gitlab.com/qemu-project/qemu/-/commit/ca1f9cbfdce4d63b10d57de80fef89a89d92a540 (v5.2.0-rc1)
 CVE-2020-24351
 	RESERVED
 CVE-2020-24350



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e2feeeb3917d87fc7934c7b50c083034cc4b4e3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e2feeeb3917d87fc7934c7b50c083034cc4b4e3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250811/333eafb2/attachment.htm>

More information about the debian-security-tracker-commits mailing list