Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2a489e86 by Moritz Muehlenhoff at 2023-08-22T15:27:34+02:00
qemu/bullseye triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7198,7 +7198,7 @@ CVE-2023-2996 (The Jetpack WordPress plugin before 12.1.1
does not validate uplo
CVE-2023-2861 [9pfs: prevent opening special files]
- qemu 1:8.0.3+dfsg-1
[bookworm] - qemu 1:7.2+dfsg-7+deb12u1
- [bullseye] - qemu <no-dsa> (Minor issue)
+ [bullseye] - qemu <ignored> (Minor issue)
[buster] - qemu <no-dsa> (Minor issue)
NOTE:
https://gitlab.com/qemu-project/qemu/-/commit/f6b0de53fb87ddefed348a39284c8e2f28dc4eda
CVE-2023-2860 (An out-of-bounds read vulnerability was found in the SR-IPv6
implement ...)
@@ -49002,7 +49002,7 @@ CVE-2022-45898
RESERVED
CVE-2022-4144 (An out-of-bounds read flaw was found in the QXL display device
emulati ...)
- qemu 1:7.2+dfsg-1
- [bullseye] - qemu <no-dsa> (Minor issue)
+ [bullseye] - qemu <ignored> (Minor issue)
[buster] - qemu <postponed> (Minor issue, DoS)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2148506
NOTE:
https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg04143.html
@@ -71707,11 +71707,12 @@ CVE-2022-2963 (A vulnerability found in jasper. This
security vulnerability happ
NOTE: memory leak on invalid command line options before exit()
CVE-2022-2962 (A DMA reentrancy issue was found in the Tulip device emulation
in QEMU ...)
- qemu 1:7.1+dfsg-2 (bug #1018055)
- [bullseye] - qemu <no-dsa> (Minor issue)
+ [bullseye] - qemu <not-affected> (Vulnerable code not present)
[buster] - qemu <not-affected> (Vulnerable code/Tulip NIC emulator
added later)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2120631
NOTE: https://gitlab.com/qemu-project/qemu/-/issues/1171
NOTE:
https://gitlab.com/qemu-project/qemu/-/commit/36a894aeb64a2e02871016da1c37d4a4ca109182
+ NOTE: Introduced by
https://gitlab.com/qemu-project/qemu/-/commit/398f9a84ac7132e38caf7b066273734b3bf619ff
(v7.0.0-rc0)
CVE-2022-2961 (A use-after-free flaw was found in the Linux kernel\u2019s PLP
Rose fu ...)
- linux <unfixed> (unimportant)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2120595
@@ -141691,7 +141692,7 @@ CVE-2021-40320
RESERVED
CVE-2021-3750 (A DMA reentrancy issue was found in the USB EHCI controller
emulation ...)
- qemu 1:7.0+dfsg-1
- [bullseye] - qemu <no-dsa> (Minor issue)
+ [bullseye] - qemu <ignored> (Minor issue)
[buster] - qemu <postponed> (Minor issue, follow bullseye updates)
[stretch] - qemu <postponed> (Minor issue, follow bullseye updates)
NOTE: https://gitlab.com/qemu-project/qemu/-/issues/541
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a489e867ff000bac5417f08d207a88ab2e315d8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a489e867ff000bac5417f08d207a88ab2e315d8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
