Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker
Commits: fd13fe2b by Thorsten Alteholz at 2020-11-26T15:32:37+01:00 mark CVE-2020-25707 as postponed for Stretch - - - - - d852d1d0 by Thorsten Alteholz at 2020-11-26T15:48:08+01:00 add Fixed by: for CVE-2020-25624 - - - - - d7a2bad3 by Thorsten Alteholz at 2020-11-26T16:05:35+01:00 add Fixed by: for CVE-2020-25085 - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -10897,6 +10897,7 @@ CVE-2020-25707 [infinite loop in e1000e_write_packet_to_guest() in hw/net/e1000e RESERVED - qemu <unfixed> (bug #974687) [buster] - qemu <postponed> (Fix along in future DSA) + [stretch] - qemu <postponed> (Minor issue; reconsider when fixed upstream) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1893895 NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-11/msg03552.html CVE-2020-25706 (A cross-site scripting (XSS) vulnerability exists in templates_import. ...) @@ -11243,6 +11244,7 @@ CVE-2020-25624 [hcd-ohci: out-of-bound access issue while processing transfer de [buster] - qemu <postponed> (Can be fixed along in next qemu DSA) [stretch] - qemu <postponed> (Fix along in future DLA) NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05492.html + NOTE: Fixed by: https://git.qemu.org/?p=qemu.git;a=commit;h=1328fe0c32d5474604105b8105310e944976b058 CVE-2020-25623 (Erlang/OTP 22.3.x before 22.3.4.6 and 23.x before 23.1 allows Director ...) - erlang 1:23.1+dfsg-1 [buster] - erlang <not-affected> (Vulnerable code introduced later) @@ -12453,6 +12455,7 @@ CVE-2020-25085 (QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_con NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg00733.html NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg01439.html NOTE: https://www.openwall.com/lists/oss-security/2020/09/16/6 + NOTE: Fixed by: https://git.qemu.org/?p=qemu.git;a=patch;h=dfba99f17feb6d4a129da19d38df1bcd8579d1c3 CVE-2020-25084 (QEMU 5.0.0 has a use-after-free in hw/usb/hcd-xhci.c because the usb_p ...) - qemu <unfixed> (bug #970539) [buster] - qemu <postponed> (Can be fixed along in next qemu DSA) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1e48691798d93298d2c20529d0618a74b1a1956f...d7a2bad31fae638f0a43dfd07460fdb1ba700511 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1e48691798d93298d2c20529d0618a74b1a1956f...d7a2bad31fae638f0a43dfd07460fdb1ba700511 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits