[Git][security-tracker-team/security-tracker][master] 3 commits: CVE-2026-3842/qemu: bullseye not-affected

Wed Mar 25 08:29:04 GMT 2026


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
da26c29f by Sylvain Beucler at 2026-03-25T09:28:44+01:00
CVE-2026-3842/qemu: bullseye not-affected

- - - - -
e41230bb by Sylvain Beucler at 2026-03-25T09:28:47+01:00
CVE-2026-3196/qemu: fix commit link

- - - - -
5496473c by Sylvain Beucler at 2026-03-25T09:28:49+01:00
CVE-2026-3196/qemu: bullseye not-affected

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2986,6 +2986,7 @@ CVE-2026-XXXX [OSSA-2026-004: Server-Side Request Forgery (SSRF) vulnerabilities
 	NOTE: https://www.openwall.com/lists/oss-security/2026/03/19/3
 CVE-2026-3842
 	- qemu 1:10.2.2+ds-1
+	[bullseye] - qemu <not-affected> (Synthetic Debugging introduced in v7.1.0)
 	NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/85af4e937016ed2f20122eb116597d1abb30c5c0 (v10.2.2)
 CVE-2026-4427 (A flaw was found in pgproto3. A malicious or compromised PostgreSQL se ...)
 	- golang-github-jackc-pgproto3 2.3.3-2 (bug #1131327)
@@ -197538,10 +197539,10 @@ CVE-2026-3196
 	- qemu 1:10.2.2+ds-1 (bug #1129605)
 	[trixie] - qemu <no-dsa> (Minor issue)
 	[bookworm] - qemu <no-dsa> (Minor issue)
-	[bullseye] - qemu <postponed> (Minor issue, DoS)
+	[bullseye] - qemu <not-affected> (VirtIO sound device introduced in v8.2.0)
 	NOTE: https://lore.kernel.org/qemu-devel/20260220-virtio-snd-series-v1-0-207c4f7200a2@linaro.org/
 	NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/61679d7dcfa2dffc8fb115aa19b09e0e7cf5ea5c (v11.0.0-rc0)
-	NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/6d84fbf241d0322f19adfbe466c60bed5f50de262 (v10.2.2)
+	NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/d84fbf241d0322f19adfbe466c60bed5f50de262 (v10.2.2)
 CVE-2026-3195
 	- qemu 1:10.2.2+ds-1 (bug #1129604)
 	[trixie] - qemu <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/7d7566b31b37b4cf0d43853d1875fc315d6f894d...5496473c9bce3309eb10db4612af6668e9f45d28

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/7d7566b31b37b4cf0d43853d1875fc315d6f894d...5496473c9bce3309eb10db4612af6668e9f45d28
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260325/93751364/attachment.htm>
