[Git][security-tracker-team/security-tracker][master] automatic update

Sun, 29 Nov 2020 12:10:49 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
7b4b63b3 by security tracker role at 2020-11-29T20:10:34+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7213,6 +7213,7 @@ CVE-2020-27618 [iconv when processing invalid multi-byte 
input sequences fails t
        NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=26224
        NOTE: 
https://sourceware.org/git/?p=glibc.git;a=commit;h=9a99c682144bdbd40792ebf822fe9264e0376fb5
 CVE-2020-27617 (eth_get_gso_type in net/eth.c in QEMU 4.2.1 allows guest OS 
users to t ...)
+       {DLA-2469-1}
        - qemu <unfixed> (bug #973324)
        [buster] - qemu <postponed> (Fix along in future DSA)
        NOTE: 
https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg06023.html
@@ -11413,6 +11414,7 @@ CVE-2020-25724
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1899354 (lacks 
details ATM)
 CVE-2020-25723 [assertion failure through usb_packet_unmap() in 
hw/usb/hcd-ehci.c]
        RESERVED
+       {DLA-2469-1}
        - qemu <unfixed> (bug #975276)
        [buster] - qemu <postponed> (Fix along in future DSA)
        NOTE: 
https://git.qemu.org/?p=qemu.git;a=commit;h=2fdb42d840400d58f2e706ecca82c142b97bcbd6
@@ -11791,6 +11793,7 @@ CVE-2020-25626 (A flaw was found in Django REST 
Framework versions before 3.12.0
        NOTE: 
https://github.com/encode/django-rest-framework/commit/4121b01b912668c049b26194a9a107c27a332429
        NOTE: Fixed upstream in 3.12.0 and 3.11.2
 CVE-2020-25625 (hw/usb/hcd-ohci.c in QEMU 5.0.0 has an infinite loop when a TD 
list ha ...)
+       {DLA-2469-1}
        - qemu <unfixed> (bug #970542)
        [buster] - qemu <postponed> (Can be fixed along in next qemu DSA)
        NOTE: 
https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05905.html
@@ -11798,6 +11801,7 @@ CVE-2020-25625 (hw/usb/hcd-ohci.c in QEMU 5.0.0 has an 
infinite loop when a TD l
        NOTE: Fixed by: 
https://git.qemu.org/?p=qemu.git;a=patch;h=1be90ebecc95b09a2ee5af3f60c412b45a766c4f
 (v5.2.0-rc0)
 CVE-2020-25624 [hcd-ohci: out-of-bound access issue while processing transfer 
descriptors]
        RESERVED
+       {DLA-2469-1}
        - qemu <unfixed> (bug #970541)
        [buster] - qemu <postponed> (Can be fixed along in next qemu DSA)
        NOTE: 
https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05492.html
@@ -13006,6 +13010,7 @@ CVE-2020-25087 (Ecommerce-CodeIgniter-Bootstrap before 
2020-08-03 allows XSS in
 CVE-2020-25086 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS 
in applic ...)
        NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap
 CVE-2020-25085 (QEMU 5.0.0 has a heap-based Buffer Overflow in 
flatview_read_continue  ...)
+       {DLA-2469-1}
        - qemu <unfixed> (bug #970540)
        [buster] - qemu <postponed> (Can be fixed along in next qemu DSA)
        NOTE: 
https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg00733.html



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b4b63b3e8e84be4291889830d3ae8395429a0ca

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b4b63b3e8e84be4291889830d3ae8395429a0ca
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to