[Git][security-tracker-team/security-tracker][master] qemu DSA
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Aug 22 19:39:23 BST 2025
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2b1dd1c9 by Moritz Mühlenhoff at 2025-08-22T20:38:49+02:00
qemu DSA
- - - - -
3 changed files:
- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,7 @@
CVE-2025-XXXX [qemu: top using C (Credentials) flag for binfmt_misc registration]
- qemu 1:10.0.3+ds-3
+ [trixie] - qemu 1:10.0.2+ds-2+deb13u1
+ [bookworm] - qemu 1:7.2+dfsg-7+deb12u15
CVE-2025-38675 [xfrm: state: initialize state_ptrs earlier in xfrm_state_find]
- linux <unfixed>
[trixie] - linux 6.12.41-1
@@ -8543,7 +8545,7 @@ CVE-2015-10143 (The Platform theme for WordPress is vulnerable to unauthorized m
CVE-2025-54567 (hw/pci/pcie_sriov.c in QEMU through 10.0.3 mishandles the VF Enable bi ...)
[experimental] - qemu 1:10.1.0~rc1+ds-2
- qemu 1:10.0.3+ds-1 (bug #1109989)
- [trixie] - qemu <no-dsa> (Minor issue)
+ [trixie] - qemu 1:10.0.2+ds-2+deb13u1
[bookworm] - qemu <not-affected> (Vulnerable code not present)
[bullseye] - qemu <not-affected> (Vulnerable code not present)
NOTE: https://lore.kernel.org/qemu-devel/20250713-wmask-v1-1-4c744cdb32c0@rsg.ci.i.u-tokyo.ac.jp/
@@ -8552,7 +8554,7 @@ CVE-2025-54567 (hw/pci/pcie_sriov.c in QEMU through 10.0.3 mishandles the VF Ena
CVE-2025-54566 (hw/pci/pcie_sriov.c in QEMU through 10.0.3 has a migration state incon ...)
[experimental] - qemu 1:10.1.0~rc1+ds-2
- qemu 1:10.0.3+ds-1 (bug #1109989)
- [trixie] - qemu <no-dsa> (Minor issue)
+ [trixie] - qemu 1:10.0.2+ds-2+deb13u1
[bookworm] - qemu <not-affected> (Vulnerable code not present)
[bullseye] - qemu <not-affected> (Vulnerable code not present)
NOTE: https://lore.kernel.org/qemu-devel/20250713-wmask-v1-1-4c744cdb32c0@rsg.ci.i.u-tokyo.ac.jp/
=====================================
data/DSA/list
=====================================
@@ -1,3 +1,6 @@
+[22 Aug 2025] DSA-5983-1 qemu - security update
+ [bookworm] - qemu 1:7.2+dfsg-7+deb12u15
+ [trixie] - qemu 1:10.0.2+ds-2+deb13u1
[21 Aug 2025] DSA-5982-1 squid - security update
{CVE-2023-5824 CVE-2025-54574}
[bookworm] - squid 5.7-2+deb12u3
=====================================
data/dsa-needed.txt
=====================================
@@ -68,8 +68,6 @@ php-laravel-framework/oldstable
python-django/oldstable
Chris is working on it
--
-qemu (jmm)
---
ruby-rack/oldstable
--
ruby-saml/oldstable
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b1dd1c9a524a03830b64fa4314ae4b40299a23b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b1dd1c9a524a03830b64fa4314ae4b40299a23b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250822/4d096b21/attachment.htm>
More information about the debian-security-tracker-commits
mailing list