[Git][security-tracker-team/security-tracker][master] 3 commits: mark CVE-2020-25707 as postponed for Stretch

Thu, 26 Nov 2020 07:06:07 -0800 


Thorsten Alteholz pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
fd13fe2b by Thorsten Alteholz at 2020-11-26T15:32:37+01:00
mark CVE-2020-25707 as postponed for Stretch

- - - - -
d852d1d0 by Thorsten Alteholz at 2020-11-26T15:48:08+01:00
add Fixed by: for CVE-2020-25624

- - - - -
d7a2bad3 by Thorsten Alteholz at 2020-11-26T16:05:35+01:00
add Fixed by: for CVE-2020-25085

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -10897,6 +10897,7 @@ CVE-2020-25707 [infinite loop in 
e1000e_write_packet_to_guest() in hw/net/e1000e
        RESERVED
        - qemu <unfixed> (bug #974687)
        [buster] - qemu <postponed> (Fix along in future DSA)
+       [stretch] - qemu <postponed> (Minor issue; reconsider when fixed 
upstream)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1893895
        NOTE: 
https://lists.nongnu.org/archive/html/qemu-devel/2020-11/msg03552.html
 CVE-2020-25706 (A cross-site scripting (XSS) vulnerability exists in 
templates_import. ...)
@@ -11243,6 +11244,7 @@ CVE-2020-25624 [hcd-ohci: out-of-bound access issue 
while processing transfer de
        [buster] - qemu <postponed> (Can be fixed along in next qemu DSA)
        [stretch] - qemu <postponed> (Fix along in future DLA)
        NOTE: 
https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05492.html
+       NOTE: Fixed by: 
https://git.qemu.org/?p=qemu.git;a=commit;h=1328fe0c32d5474604105b8105310e944976b058
 CVE-2020-25623 (Erlang/OTP 22.3.x before 22.3.4.6 and 23.x before 23.1 allows 
Director ...)
        - erlang 1:23.1+dfsg-1
        [buster] - erlang <not-affected> (Vulnerable code introduced later)
@@ -12453,6 +12455,7 @@ CVE-2020-25085 (QEMU 5.0.0 has a heap-based Buffer 
Overflow in flatview_read_con
        NOTE: 
https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg00733.html
        NOTE: 
https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg01439.html
        NOTE: https://www.openwall.com/lists/oss-security/2020/09/16/6
+       NOTE: Fixed by: 
https://git.qemu.org/?p=qemu.git;a=patch;h=dfba99f17feb6d4a129da19d38df1bcd8579d1c3
 CVE-2020-25084 (QEMU 5.0.0 has a use-after-free in hw/usb/hcd-xhci.c because 
the usb_p ...)
        - qemu <unfixed> (bug #970539)
        [buster] - qemu <postponed> (Can be fixed along in next qemu DSA)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1e48691798d93298d2c20529d0618a74b1a1956f...d7a2bad31fae638f0a43dfd07460fdb1ba700511

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1e48691798d93298d2c20529d0618a74b1a1956f...d7a2bad31fae638f0a43dfd07460fdb1ba700511
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to