[Git][security-tracker-team/security-tracker][master] qemu DSA

Moritz Muehlenhoff (@jmm) Mon, 09 May 2022 13:52:31 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
cee0f0a1 by Moritz Mühlenhoff at 2022-05-09T22:52:09+02:00
qemu DSA

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -11585,14 +11585,12 @@ CVE-2022-26355 (Citrix Federated Authentication 
Service (FAS) 7.17 - 10.6 causes
 CVE-2022-26354 (A flaw was found in the vhost-vsock device of QEMU. In case of 
error,  ...)
        {DLA-2970-1}
        - qemu 1:7.0+dfsg-1
-       [bullseye] - qemu <no-dsa> (Minor issue)
        [buster] - qemu <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2063257
        NOTE: 
https://gitlab.com/qemu-project/qemu/-/commit/8d1b247f3748ac4078524130c6d7ae42b6140aaf
        NOTE: vulnerable code in buster in vhost_vsock_send_transport_reset
 CVE-2022-26353 (A flaw was found in the virtio-net device of QEMU. This flaw 
was inadv ...)
        - qemu 1:7.0+dfsg-1
-       [bullseye] - qemu <no-dsa> (Minor issue)
        [buster] - qemu <not-affected> (Original upstream fix for CVE-2021-3748 
not applied)
        [stretch] - qemu <not-affected> (Original upstream fix for 
CVE-2021-3748 not applied)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2063197


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,6 @@
+[09 May 2022] DSA-5133-1 qemu - security update
+       {CVE-2022-26353 CVE-2022-26354 CVE-2021-4206 CVE-2021-4207 
CVE-2022-0358}
+       [bullseye] - qemu 1:5.2+dfsg-11+deb11u2
 [08 May 2022] DSA-5132-1 ecdsautils - security update
        {CVE-2022-24884}
        [buster] - ecdsautils 0.3.2+git20151018-2+deb10u1


=====================================
data/dsa-needed.txt
=====================================
@@ -35,9 +35,6 @@ nodejs (jmm)
 --
 puma
 --
-qemu/stable (jmm)
-  Maintainer is proposing update for some CVEs, need review
---
 rpki-client/stable
   new 7.6 release required libretls, which isn't in Bullseye
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cee0f0a1ee6199609350c4dcc08652df86e402f7

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cee0f0a1ee6199609350c4dcc08652df86e402f7
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] qemu DSA

Reply via email to