[Git][security-tracker-team/security-tracker][master] 3 commits: CVE-2026-3842/qemu: bullseye not-affected

Wed, 25 Mar 2026 01:29:20 -0700 


Sylvain Beucler pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
da26c29f by Sylvain Beucler at 2026-03-25T09:28:44+01:00
CVE-2026-3842/qemu: bullseye not-affected

- - - - -
e41230bb by Sylvain Beucler at 2026-03-25T09:28:47+01:00
CVE-2026-3196/qemu: fix commit link

- - - - -
5496473c by Sylvain Beucler at 2026-03-25T09:28:49+01:00
CVE-2026-3196/qemu: bullseye not-affected

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2986,6 +2986,7 @@ CVE-2026-XXXX [OSSA-2026-004: Server-Side Request Forgery 
(SSRF) vulnerabilities
        NOTE: https://www.openwall.com/lists/oss-security/2026/03/19/3
 CVE-2026-3842
        - qemu 1:10.2.2+ds-1
+       [bullseye] - qemu <not-affected> (Synthetic Debugging introduced in 
v7.1.0)
        NOTE: Fixed by: 
https://gitlab.com/qemu-project/qemu/-/commit/85af4e937016ed2f20122eb116597d1abb30c5c0
 (v10.2.2)
 CVE-2026-4427 (A flaw was found in pgproto3. A malicious or compromised 
PostgreSQL se ...)
        - golang-github-jackc-pgproto3 2.3.3-2 (bug #1131327)
@@ -197538,10 +197539,10 @@ CVE-2026-3196
        - qemu 1:10.2.2+ds-1 (bug #1129605)
        [trixie] - qemu <no-dsa> (Minor issue)
        [bookworm] - qemu <no-dsa> (Minor issue)
-       [bullseye] - qemu <postponed> (Minor issue, DoS)
+       [bullseye] - qemu <not-affected> (VirtIO sound device introduced in 
v8.2.0)
        NOTE: 
https://lore.kernel.org/qemu-devel/[email protected]/
        NOTE: Fixed by: 
https://gitlab.com/qemu-project/qemu/-/commit/61679d7dcfa2dffc8fb115aa19b09e0e7cf5ea5c
 (v11.0.0-rc0)
-       NOTE: Fixed by: 
https://gitlab.com/qemu-project/qemu/-/commit/6d84fbf241d0322f19adfbe466c60bed5f50de262
 (v10.2.2)
+       NOTE: Fixed by: 
https://gitlab.com/qemu-project/qemu/-/commit/d84fbf241d0322f19adfbe466c60bed5f50de262
 (v10.2.2)
 CVE-2026-3195
        - qemu 1:10.2.2+ds-1 (bug #1129604)
        [trixie] - qemu <no-dsa> (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/7d7566b31b37b4cf0d43853d1875fc315d6f894d...5496473c9bce3309eb10db4612af6668e9f45d28

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/7d7566b31b37b4cf0d43853d1875fc315d6f894d...5496473c9bce3309eb10db4612af6668e9f45d28
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to