[Git][security-tracker-team/security-tracker][master] qemu: Reference some final commits relenvant for four CVEs

Wed, 09 Dec 2020 00:19:14 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
3588e273 by Salvatore Bonaccorso at 2020-12-09T09:18:21+01:00
qemu: Reference some final commits relenvant for four CVEs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7541,6 +7541,7 @@ CVE-2020-27821 (A flaw was found in the memory management 
API of QEMU during the
        - qemu 1:5.2+dfsg-1
        [stretch] - qemu <postponed> (Fix along in future DLA)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1902651
+       NOTE: 
https://git.qemu.org/?p=qemu.git;a=commit;h=1370d61ae3c9934861d2349349447605202f04e9
 CVE-2020-27820 [use-after-free in nouveau kernel module]
        RESERVED
        - linux <unfixed>
@@ -12814,6 +12815,7 @@ CVE-2020-25707 [infinite loop in 
e1000e_write_packet_to_guest() in hw/net/e1000e
        [stretch] - qemu <postponed> (Minor issue; reconsider when fixed 
upstream)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1893895
        NOTE: 
https://lists.nongnu.org/archive/html/qemu-devel/2020-11/msg03552.html
+       NOTE: 
https://git.qemu.org/?p=qemu.git;a=commit;h=c2cb511634012344e3d0fe49a037a33b12d8a98a
 CVE-2020-25706 (A cross-site scripting (XSS) vulnerability exists in 
templates_import. ...)
        - cacti 1.2.14+ds1-1
        [buster] - cacti <no-dsa> (Minor issue)
@@ -14385,6 +14387,7 @@ CVE-2020-25084 (QEMU 5.0.0 has a use-after-free in 
hw/usb/hcd-xhci.c because the
        NOTE: 
https://lists.nongnu.org/archive/html/qemu-devel/2020-08/msg08043.html
        NOTE: https://www.openwall.com/lists/oss-security/2020/09/16/5
        NOTE: 
https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Fxhci_uaf_2
+       NOTE: 
https://git.qemu.org/?p=qemu.git;a=commit;h=21bc31524e8ca487e976f713b878d7338ee00df2
 CVE-2020-25083
        RESERVED
 CVE-2020-25082
@@ -33446,6 +33449,7 @@ CVE-2020-15859 (QEMU 4.2.0 has a use-after-free in 
hw/net/e1000e_core.c because
        [stretch] - qemu <postponed> (Minor issue, can be fixed along in next 
DLA)
        NOTE: Proposed patch: 
https://lists.gnu.org/archive/html/qemu-devel/2020-07/msg05895.html
        NOTE: https://bugs.launchpad.net/qemu/+bug/1886362
+       NOTE: 
https://git.qemu.org/?p=qemu.git;a=commit;h=22dc8663d9fc7baa22100544c600b6285a63c7a3
 CVE-2020-15858 (Some devices of Thales DIS (formerly Gemalto, formerly 
Cinterion) allo ...)
        NOT-FOR-US: Thales DIS
 CVE-2020-15857



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3588e273164e5b6e8fe34874d16cc5e5a8bfd887

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3588e273164e5b6e8fe34874d16cc5e5a8bfd887
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to