Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d5e8c318 by Sylvain Beucler at 2024-08-06T20:26:55+02:00
qemu: make a pass at issues waiting for upstream patch + add links to
patchew.org threads to ease future passes
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -135944,8 +135944,10 @@ CVE-2022-3872 (An off-by-one read/write issue was
found in the SDHCI device of Q
[buster] - qemu <postponed> (Minor issue, DoS, waiting for sanctioned
patch)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2140567
NOTE: patch proposal 1:
https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg01068.html
+ NOTE:
https://patchew.org/QEMU/[email protected]/
NOTE: patch proposal 2:
https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg01161.html
- NOTE: No sanctioned upstream patch as of 2023-03-09
+ NOTE: https://patchew.org/QEMU/[email protected]/
+ NOTE: No sanctioned upstream patch as of 2024-08-06
CVE-2022-45043 (Tenda AX12 V22.03.01.16_cn is vulnerable to command injection
via gofo ...)
NOT-FOR-US: Tenda
CVE-2022-45042
@@ -161733,6 +161735,11 @@ CVE-2022-36648 (The hardware emulation in the
of_dpa_cmd_add_l2_flood of rocker
[bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream)
[buster] - qemu <postponed> (Minor issue, revisit when fixed upstream)
NOTE:
https://lists.nongnu.org/archive/html/qemu-devel/2022-06/msg04469.html
+ NOTE:
https://patchew.org/QEMU/[email protected]/
+ NOTE:
https://lists.nongnu.org/archive/html/qemu-devel/2023-11/msg04872.html
+ NOTE:
https://patchew.org/QEMU/[email protected]/
+ NOTE: https://gitlab.com/qemu-project/qemu/-/issues/1851
+ NOTE: CVE is tagged disputed
CVE-2022-36647 (PKUVCL davs2 v1.6.205 was discovered to contain a global
buffer overfl ...)
- davs2 <removed> (bug #1019358)
NOTE: https://github.com/pkuvcl/davs2/issues/29
@@ -226759,7 +226766,7 @@ CVE-2021-3735 (A deadlock issue was found in the AHCI
controller device of QEMU.
[bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream)
[buster] - qemu <postponed> (Minor issue, waiting for patch)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1997184
- NOTE: No upstream patch as of 2023-03-09
+ NOTE: No upstream patch as of 2024-08-06
CVE-2021-40083 (Knot Resolver before 5.3.2 is prone to an assertion failure,
triggerab ...)
[experimental] - knot-resolver 5.4.1-1
- knot-resolver 5.4.1-2 (bug #991463)
@@ -278300,6 +278307,7 @@ CVE-2021-20255 (A stack overflow via an infinite
recursion vulnerability was fou
[bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream)
[buster] - qemu <postponed> (Minor issue, waiting for sanctioned patch,
fixed in stretch-lts)
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html
+ NOTE:
https://patchew.org/QEMU/[email protected]/
NOTE:
https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Feepro100_stackoverflow1
CVE-2021-20254 (A flaw was found in samba. The Samba smbd file server must map
Windows ...)
{DLA-2668-1}
@@ -279150,7 +279158,8 @@ CVE-2020-35503 (A NULL pointer dereference flaw was
found in the megasas-gen2 SC
[buster] - qemu <postponed> (Minor issue, waiting for sanctioned patch)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1910346
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2020-12/msg06065.html
- NOTE: No sanctioned upstream patch as of 2023-03-09
+ NOTE:
https://patchew.org/QEMU/[email protected]/
+ NOTE: No sanctioned upstream patch as of 2024-08-06
CVE-2020-35502 (A flaw was found in Privoxy in versions before 3.0.29. Memory
leaks wh ...)
{DLA-2548-1}
- privoxy 3.0.29-1
@@ -295211,24 +295220,27 @@ CVE-2020-25743 (hw/ide/pci.c in QEMU before 5.1.1
can trigger a NULL pointer der
[bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream)
[buster] - qemu <postponed> (Minor issue, waiting for sanctioned patch)
NOTE:
https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg01568.html
+ NOTE:
https://patchew.org/QEMU/[email protected]/
NOTE:
https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Fide_nullptr1
- NOTE: No sanctioned upstream patch as of 2023-03-09
+ NOTE: No sanctioned upstream patch as of 2024-08-11
CVE-2020-25742 (pci_change_irq_level in hw/pci/pci.c in QEMU before 5.1.1 has
a NULL p ...)
- qemu <unfixed> (bug #971390)
[bookworm] - qemu <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream)
[buster] - qemu <postponed> (Minor issue, waiting for sanctioned patch)
NOTE:
https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05294.html
+ NOTE:
https://patchew.org/QEMU/[email protected]/
NOTE:
https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Flsi_nullptr1
- NOTE: No sanctioned upstream patch as of 2023-03-09
+ NOTE: No sanctioned upstream patch as of 2024-08-06
CVE-2020-25741 (fdctrl_write_data in hw/block/fdc.c in QEMU 5.0.0 has a NULL
pointer d ...)
- qemu <unfixed> (bug #970939)
[bookworm] - qemu <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream)
[buster] - qemu <postponed> (Minor issue, waiting for sanctioned patch)
NOTE:
https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg07779.html
+ NOTE:
https://patchew.org/QEMU/[email protected]/
NOTE:
https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Ffdc_nullptr1
- NOTE: No sanctioned upstream patch as of 2023-03-09
+ NOTE: No sanctioned upstream patch as of 2024-08-06
CVE-2020-25740
RESERVED
CVE-2020-25739 (An issue was discovered in the gon gem before gon-6.4.0 for
Ruby. Mult ...)
@@ -318438,14 +318450,14 @@ CVE-2020-15469 (In QEMU 4.2.0, a MemoryRegionOps
object may lack read/write call
NOTE: https://www.openwall.com/lists/oss-security/2020/07/02/1
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg09961.html
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg00674.html
- NOTE:
https://git.qemu.org/?p=qemu.git;a=commitdiff;h=520f26fc6d17b71a43eaf620e834b3bdf316f3d3
- NOTE:
https://git.qemu.org/?p=qemu.git;a=commitdiff;h=4f2a5202a05fc1612954804a2482f07bff105ea2
- NOTE:
https://git.qemu.org/?p=qemu.git;a=commitdiff;h=24202d2b561c3b4c48bd28383c8c34b4ac66c2bf
- NOTE:
https://git.qemu.org/?p=qemu.git;a=commitdiff;h=f867cebaedbc9c43189f102e4cdfdff05e88df7f
- NOTE:
https://git.qemu.org/?p=qemu.git;a=commitdiff;h=b5bf601f364e1a14ca4c3276f88dfec024acf613
- NOTE:
https://git.qemu.org/?p=qemu.git;a=commitdiff;h=921604e175b8ec06c39503310e7b3ec1e3eafe9e
- NOTE:
https://git.qemu.org/?p=qemu.git;a=commitdiff;h=2c9fb3b784000c1df32231e1c2464bb2e3fc4620
- NOTE:
https://git.qemu.org/?p=qemu.git;a=commitdiff;h=735754aaa15a6ed46db51fd731e88331c446ea54
+ NOTE:
https://gitlab.com/qemu-project/qemu/-/commit/520f26fc6d17b71a43eaf620e834b3bdf316f3d3
(v6.0.0-rc0)
+ NOTE:
https://gitlab.com/qemu-project/qemu/-/commit/4f2a5202a05fc1612954804a2482f07bff105ea2
(v6.0.0-rc0)
+ NOTE:
https://gitlab.com/qemu-project/qemu/-/commit/24202d2b561c3b4c48bd28383c8c34b4ac66c2bf
(v6.0.0-rc0)
+ NOTE:
https://gitlab.com/qemu-project/qemu/-/commit/f867cebaedbc9c43189f102e4cdfdff05e88df7f
(v6.0.0-rc0)
+ NOTE:
https://gitlab.com/qemu-project/qemu/-/commit/b5bf601f364e1a14ca4c3276f88dfec024acf613
(v6.0.0-rc0)
+ NOTE:
https://gitlab.com/qemu-project/qemu/-/commit/921604e175b8ec06c39503310e7b3ec1e3eafe9e
(v6.0.0-rc0)
+ NOTE:
https://gitlab.com/qemu-project/qemu/-/commit/2c9fb3b784000c1df32231e1c2464bb2e3fc4620
(v6.0.0-rc0)
+ NOTE:
https://gitlab.com/qemu-project/qemu/-/commit/735754aaa15a6ed46db51fd731e88331c446ea54
(v6.0.0-rc0)
CVE-2020-15468 (Persian VIP Download Script 1.0 allows SQL Injection via the
cart_edit ...)
NOT-FOR-US: Persian VIP Download Script
CVE-2020-15467 (The administrative interface of Cohesive Networks vns3:vpn
appliances ...)
@@ -383141,9 +383153,10 @@ CVE-2019-12067 (The ahci_commit_buf function in
ide/ahci.c in QEMU allows attack
[buster] - qemu <postponed> (Minor issue, waiting for sanctioned patch)
- qemu-kvm <removed>
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01358.html
+ NOTE:
https://patchew.org/QEMU/[email protected]/
NOTE: patched function introduced in 2014/2.1.50 but affected code
pre-existed
- NOTE:
https://github.com/qemu/qemu/commit/659142ecf71a0da240ab0ff7cf929ee25c32b9bc
- NOTE: No sanctioned upstream patch as of 2023-03-08
+ NOTE:
https://github.com/qemu/qemu/commit/659142ecf71a0da240ab0ff7cf929ee25c32b9bc
(v2.2.0-rc0)
+ NOTE: No sanctioned upstream patch as of 2024-08-06
CVE-2019-12066
RESERVED
CVE-2019-12065
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d5e8c318b54e7757ab58b8c4fb4eba59746c87dc
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d5e8c318b54e7757ab58b8c4fb4eba59746c87dc
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
