[Git][security-tracker-team/security-tracker][master] 3 commits: dla: add firefox-esr

Wed Mar 25 08:07:38 GMT 2026


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7ae8d1e9 by Sylvain Beucler at 2026-03-25T09:07:17+01:00
dla: add firefox-esr

- - - - -
ca88167a by Sylvain Beucler at 2026-03-25T09:07:20+01:00
CVE-2021-20255/qemu: fix released

- - - - -
3b878aa9 by Sylvain Beucler at 2026-03-25T09:07:23+01:00
CVE-2026-3196/qemu: bullseye postponed

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -197290,6 +197290,7 @@ CVE-2026-3196
 	- qemu 1:10.2.2+ds-1 (bug #1129605)
 	[trixie] - qemu <no-dsa> (Minor issue)
 	[bookworm] - qemu <no-dsa> (Minor issue)
+	[bullseye] - qemu <postponed> (Minor issue, DoS)
 	NOTE: https://lore.kernel.org/qemu-devel/20260220-virtio-snd-series-v1-0-207c4f7200a2@linaro.org/
 	NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/61679d7dcfa2dffc8fb115aa19b09e0e7cf5ea5c (v11.0.0-rc0)
 	NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/6d84fbf241d0322f19adfbe466c60bed5f50de262 (v10.2.2)
@@ -478754,9 +478755,9 @@ CVE-2021-20256 (A flaw was found in Red Hat Satellite. The BMC interface exposes
 CVE-2021-20255 (A stack overflow via an infinite recursion vulnerability was found in  ...)
 	{DLA-2623-1}
 	- qemu 1:8.1.0+ds-1 (bug #984451)
-	[bookworm] - qemu <postponed> (Minor issue, revisit when fixed upstream)
-	[bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream)
-	[buster] - qemu <postponed> (Minor issue, waiting for sanctioned patch, fixed in stretch-lts)
+	[bookworm] - qemu <postponed> (Minor issue)
+	[bullseye] - qemu <postponed> (Minor issue)
+	[buster] - qemu <postponed> (Minor issue, fixed in stretch-lts)
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html
 	NOTE: https://patchew.org/QEMU/20210218140629.373646-1-ppandit@redhat.com/
 	NOTE: https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Feepro100_stackoverflow1


=====================================
data/dla-needed.txt
=====================================
@@ -94,6 +94,9 @@ epiphany-browser (abhijith)
 erlang (kanashiro)
   NOTE: 20260222: Added by Front-Desk (rouca)
 --
+firefox-esr
+  NOTE: 20260325: Added by Front-Desk (Beuc)
+--
 firmware-nonfree
   NOTE: 20251130: Added by Front-Desk. Moreover, take care of postponed issue (rouca)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1c8d8722ec1a0bb769c728def786d207646e9ae8...3b878aa9f819a0092bb0039c62a69b45d76e0125

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1c8d8722ec1a0bb769c728def786d207646e9ae8...3b878aa9f819a0092bb0039c62a69b45d76e0125
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260325/4e4476c1/attachment-0001.htm>
