summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMoritz Muehlenhoff <jmm@debian.org>2021-03-05 09:58:52 +0100
committerMoritz Muehlenhoff <jmm@debian.org>2021-03-05 09:59:21 +0100
commit0b75c3037502d1a67d1c3299f09d85a5e3810ca5 (patch)
tree1bb6a51c5090f15016d7ba42ac23ded72b47988c
parent2f3676786c52622c7e6bd2d1527b83d016613919 (diff)
qemu triage
-rw-r--r--data/CVE/2019.list1
-rw-r--r--data/CVE/2020.list10
2 files changed, 8 insertions, 3 deletions
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index cc2784a8d0..45fadc32af 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -23219,6 +23219,7 @@ CVE-2019-12068 (In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.
CVE-2019-12067 [ide: ahci: add check to avoid null dereference]
RESERVED
- qemu <unfixed> (low; bug #972099)
+ [bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream)
[buster] - qemu <postponed> (Minor issue, revisit when fixed upstream)
[stretch] - qemu <postponed> (Minor issue, can be fixed along in future update)
[jessie] - qemu <postponed> (Minor issue, can be fixed along in future update)
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index cdb0da2dea..2011724d01 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -1803,7 +1803,7 @@ CVE-2020-35507 (There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in b
CVE-2020-35506 [use after free vulnerability in esp_do_dma() in hw/scsi/esp.c]
RESERVED
- qemu <unfixed> (bug #984454)
- [bullseye] - qemu <postponed> (Minor issue)
+ [bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream)
[buster] - qemu <postponed> (Fix along in future DSA)
[stretch] - qemu <postponed> (Fix along in future DLA)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1909996
@@ -1811,7 +1811,7 @@ CVE-2020-35506 [use after free vulnerability in esp_do_dma() in hw/scsi/esp.c]
CVE-2020-35505 [NULL pointer dereference in do_busid_cmd() in hw/scsi/esp.c]
RESERVED
- qemu <unfixed> (bug #984455)
- [bullseye] - qemu <postponed> (Minor issue)
+ [bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream)
[buster] - qemu <postponed> (Fix along in future DSA)
[stretch] - qemu <postponed> (Fix along in future DLA)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1909769
@@ -1819,11 +1819,12 @@ CVE-2020-35505 [NULL pointer dereference in do_busid_cmd() in hw/scsi/esp.c]
CVE-2020-35504 [NULL pointer dereference in scsi_req_continue() in hw/scsi/scsi-bus.c]
RESERVED
- qemu <unfixed> (bug #979679)
- [bullseye] - qemu <postponed> (Minor issue)
+ [bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream)
[buster] - qemu <postponed> (Fix along in future DSA)
[stretch] - qemu <postponed> (Fix along in future DLA)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1909766
NOTE: https://bugs.launchpad.net/qemu/+bug/1910723 (reproducer)
+ NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-12/msg06065.html
CVE-2020-35503 [QEMU: NULL pointer dereference issue in megasas-gen2 host bus adapter]
RESERVED
- qemu <unfixed> (bug #979678)
@@ -11863,18 +11864,21 @@ CVE-2020-25744 (SaferVPN before 5.0.3.3 on Windows could allow low-privileged us
NOT-FOR-US: SaferVPN
CVE-2020-25743 (hw/ide/pci.c in QEMU before 5.1.1 can trigger a NULL pointer dereferen ...)
- qemu <unfixed> (bug #970940)
+ [bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream)
[buster] - qemu <postponed> (Fix along in next qemu DSA)
[stretch] - qemu <postponed> (Fix along in future DLA)
NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg01568.html
NOTE: https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Fide_nullptr1
CVE-2020-25742 (pci_change_irq_level in hw/pci/pci.c in QEMU before 5.1.1 has a NULL p ...)
- qemu <unfixed> (bug #971390)
+ [bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream)
[buster] - qemu <postponed> (Fix along in next qemu DSA)
[stretch] - qemu <postponed> (Fix along in future DLA)
NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05294.html
NOTE: https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Flsi_nullptr1
CVE-2020-25741 (fdctrl_write_data in hw/block/fdc.c in QEMU 5.0.0 has a NULL pointer d ...)
- qemu <unfixed> (bug #970939)
+ [bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream)
[buster] - qemu <postponed> (Fix along in next qemu DSA)
[stretch] - qemu <postponed> (Fix along in future DLA)
NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg07779.html

© 2014-2022 Faster IT GmbH | imprint | privacy policy