Thorsten Alteholz pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
60995be5 by Thorsten Alteholz at 2020-09-29T11:08:19+02:00
as fixes for most qemu CVEs are still being discussed and not yet fixed
upstream, mark them as postponed
- - - - -
aaf6b51f by Thorsten Alteholz at 2020-09-29T11:08:59+02:00
nothing todo for qemu now
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -866,16 +866,19 @@ CVE-2020-25743 [ide: null pointer dereference while
cancelling i/o operation]
RESERVED
- qemu <unfixed> (bug #970940)
[buster] - qemu <postponed> (Fix along in next qemu DSA)
+ [stretch] - qemu <postponed> (Fix along in future DLA)
NOTE:
https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg01568.html
NOTE:
https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Fide_nullptr1
CVE-2020-25742 [scsi: lsi: null pointer dereference during memory move]
RESERVED
- qemu <unfixed>
+ [stretch] - qemu <postponed> (Fix along in future DLA)
NOTE:
https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05294.html
NOTE:
https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Flsi_nullptr1
CVE-2020-25741 [fdc: null pointer dereference during r/w data transfer]
RESERVED
- qemu <unfixed> (bug #970939)
+ [stretch] - qemu <postponed> (Fix along in future DLA)
[buster] - qemu <postponed> (Fix along in next qemu DSA)
NOTE:
https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg07779.html
NOTE:
https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Ffdc_nullptr1
@@ -1132,12 +1135,14 @@ CVE-2020-25626
CVE-2020-25625 (hw/usb/hcd-ohci.c in QEMU 5.0.0 has an infinite loop when a TD
list ha ...)
- qemu <unfixed> (bug #970542)
[buster] - qemu <postponed> (Can be fixed along in next qemu DSA)
+ [stretch] - qemu <postponed> (Fix along in future DLA)
NOTE:
https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05905.html
NOTE: https://www.openwall.com/lists/oss-security/2020/09/17/1
CVE-2020-25624 [hcd-ohci: out-of-bound access issue while processing transfer
descriptors]
RESERVED
- qemu <unfixed> (bug #970541)
[buster] - qemu <postponed> (Can be fixed along in next qemu DSA)
+ [stretch] - qemu <postponed> (Fix along in future DLA)
NOTE:
https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05492.html
CVE-2020-25623
RESERVED
@@ -2321,12 +2326,14 @@ CVE-2020-25086 (Ecommerce-CodeIgniter-Bootstrap before
2020-08-03 allows XSS in
CVE-2020-25085 (QEMU 5.0.0 has a heap-based Buffer Overflow in
flatview_read_continue ...)
- qemu <unfixed> (bug #970540)
[buster] - qemu <postponed> (Can be fixed along in next qemu DSA)
+ [stretch] - qemu <postponed> (Fix along in future DLA)
NOTE:
https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg00733.html
NOTE:
https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg01439.html
NOTE: https://www.openwall.com/lists/oss-security/2020/09/16/6
CVE-2020-25084 (QEMU 5.0.0 has a use-after-free in hw/usb/hcd-xhci.c because
the usb_p ...)
- qemu <unfixed> (bug #970539)
[buster] - qemu <postponed> (Can be fixed along in next qemu DSA)
+ [stretch] - qemu <postponed> (Fix along in future DLA)
NOTE:
https://lists.nongnu.org/archive/html/qemu-devel/2020-08/msg08050.html
NOTE:
https://lists.nongnu.org/archive/html/qemu-devel/2020-08/msg08043.html
NOTE: https://www.openwall.com/lists/oss-security/2020/09/16/5
=====================================
data/dla-needed.txt
=====================================
@@ -121,8 +121,6 @@ puma
--
python3.5 (Thorsten Alteholz)
--
-qemu (Thorsten Alteholz)
---
rails
--
reel
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/8333c7194ef13a4ceea7cc2fced4d96eac3fc8d3...aaf6b51fa98b0592c0aef96f978d43eaa22fe374
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/8333c7194ef13a4ceea7cc2fced4d96eac3fc8d3...aaf6b51fa98b0592c0aef96f978d43eaa22fe374
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
