[Git][security-tracker-team/security-tracker][master] qemu fixed in sid

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d66e81d2 by Moritz Muehlenhoff at 2024-04-25T14:35:15+02:00
qemu fixed in sid

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3855,12 +3855,14 @@ CVE-2024-3569 (A Denial of Service (DoS) vulnerability 
exists in the mintplex-la
 CVE-2024-3568 (The huggingface/transformers library is vulnerable to arbitrary 
code e ...)
        NOT-FOR-US: huggingface/transformers
 CVE-2024-3567 (A flaw was found in QEMU. An assertion failure was present in 
the upda ...)
-       - qemu <unfixed> (bug #1068822)
+       - qemu 1:8.2.3+ds-1 (bug #1068822)
        [bookworm] - qemu <no-dsa> (Minor issue)
        [bullseye] - qemu <no-dsa> (Minor issue)
        [buster] - qemu <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2274339
        NOTE: https://gitlab.com/qemu-project/qemu/-/issues/2273
+       NOTE: 
https://gitlab.com/qemu-project/qemu/-/commit/83ddb3dbba2ee0f1767442ae6ee665058aeb1093
 (v9.0.0-rc3)
+       NOTE: 
https://gitlab.com/qemu-project/qemu/-/commit/1cfe45956e03070f894e91b304e233b4d5b99719
 (v8.2.3)
 CVE-2024-3566 (A command inject vulnerability allows an attacker to perform 
command i ...)
        - nodejs <not-affected> (Only affects Windows)
 CVE-2024-3516 (Heap buffer overflow in ANGLE in Google Chrome prior to 
123.0.6312.122 ...)
@@ -4279,13 +4281,15 @@ CVE-2024-26815 (In the Linux kernel, the following 
vulnerability has been resolv
        [buster] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/343041b59b7810f9cdca371f445dd43b35c740b1 (6.9-rc1)
 CVE-2024-3447
-       - qemu <unfixed> (bug #1068821)
+       - qemu 1:8.2.3+ds-1 (bug #1068821)
        [bookworm] - qemu <no-dsa> (Minor issue)
        [bullseye] - qemu <no-dsa> (Minor issue)
        [buster] - qemu <no-dsa> (Minor issue)
        NOTE: https://patchew.org/QEMU/20240404085549.16987-1-phi...@linaro.org/
        NOTE: https://patchew.org/QEMU/20240409145524.27913-1-phi...@linaro.org/
        NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=58813
+       NOTE: 
https://gitlab.com/qemu-project/qemu/-/commit/9e4b27ca6bf4974f169bbca7f3dca117b1208b6f
 (v9.0.0-rc3)
+       NOTE: 
https://gitlab.com/qemu-project/qemu/-/commit/35a67d2aa8caf8eb0bee7d38515924c95417047e
 (v8.2.3)
 CVE-2024-2905
        NOT-FOR-US: rpm-ostree
 CVE-2024-2243 (A vulnerability was found in csmock where a regular user of the 
OSH se ...)
@@ -4447,12 +4451,18 @@ CVE-2024-3514
 CVE-2024-3512 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for 
WordPre ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-3446 (A double free vulnerability was found in QEMU virtio devices 
(virtio-g ...)
-       - qemu <unfixed> (bug #1068820)
+       - qemu 1:8.2.3+ds-1 (bug #1068820)
        [bookworm] - qemu <no-dsa> (Minor issue)
        [bullseye] - qemu <no-dsa> (Minor issue)
        [buster] - qemu <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2274211
        NOTE: https://patchew.org/QEMU/20240409105537.18308-1-phi...@linaro.org/
+       NOTE: 
https://gitlab.com/qemu-project/qemu/-/commit/f4729ec39ad97a42ceaa7b5697f84f440ea6e5dc
 (v9.0.0-rc3)
+       NOTE: 
https://gitlab.com/qemu-project/qemu/-/commit/b4295bff25f7b50de1d9cc94a9c6effd40056bca
 (v9.0.0-rc3)
+       NOTE: 
https://gitlab.com/qemu-project/qemu/-/commit/ba28e0ff4d95b56dc334aac2730ab3651ffc3132
 (v9.0.0-rc3)
+       NOTE: 
https://gitlab.com/qemu-project/qemu/-/commit/4f01537ced3e787bd985b8f8de5869b92657160a
 (v8.2.3)
+       NOTE: 
https://gitlab.com/qemu-project/qemu/-/commit/fbeb0a160cbcc067c0e1f0d380cea4a31de213e3
 (v8.2.3)
+       NOTE: 
https://gitlab.com/qemu-project/qemu/-/commit/1b2a52712b249e14d246cd9c7db126088e6e64db
 (v8.2.3)
 CVE-2024-3281 (A vulnerability was discovered in the firmware builds after 
8.0.2.3267 ...)
        NOT-FOR-US: HP
 CVE-2024-3267 (The Bold Page Builder plugin for WordPress is vulnerable to 
Stored Cro ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d66e81d2f69e126c4e75d7f96a0f6a616663412a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d66e81d2f69e126c4e75d7f96a0f6a616663412a
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits