[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2020-24352/qemu

Mon, 11 Aug 2025 10:30:39 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
7e2feeeb by Salvatore Bonaccorso at 2025-08-11T19:28:30+02:00
Track fixed version for CVE-2020-24352/qemu

This is not fully correct, the patch does not fix all cases according to
the upstream comment. Though the maintainer who is as well upstream
consideres it enough to fix the CVE. Follow suit in this case and track
the fix with upstream's ca1f9cbfdce4 ("ati: check x y display parameter
values").

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -409515,11 +409515,12 @@ CVE-2020-24354 (Zyxel VMG5313-B30B router on 
firmware 5.13(ABCJ.6)b3_1127, and p
 CVE-2020-24353 (Pega Platform before 8.4.0 has a XSS issue via stream rule 
parameters  ...)
        NOT-FOR-US: Pega Platform
 CVE-2020-24352 (An issue was discovered in QEMU through 5.1.0. An 
out-of-bounds memory ...)
-       - qemu <unfixed> (unimportant; bug #968820)
+       - qemu 1:5.2+dfsg-1 (unimportant; bug #968820)
        [buster] - qemu <not-affected> (Vulnerable code introduced in ATI VGA 
device emulation added later)
        [stretch] - qemu <not-affected> (Vulnerable code introduced later)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1847584
        NOTE: Feature isn't production-ready/experimental: 
https://lists.gnu.org/archive/html/qemu-devel/2020-08/msg05528.html
+       NOTE: 
https://gitlab.com/qemu-project/qemu/-/commit/ca1f9cbfdce4d63b10d57de80fef89a89d92a540
 (v5.2.0-rc1)
 CVE-2020-24351
        RESERVED
 CVE-2020-24350



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e2feeeb3917d87fc7934c7b50c083034cc4b4e3

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e2feeeb3917d87fc7934c7b50c083034cc4b4e3
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to