diff options
| author | Salvatore Bonaccorso <carnil@debian.org> | 2021-02-18 13:08:27 +0100 |
|---|---|---|
| committer | Salvatore Bonaccorso <carnil@debian.org> | 2021-02-18 13:12:36 +0100 |
| commit | 82a0c8c421b8f2d81d7622c577b2214448d25065 (patch) | |
| tree | c557e314ab06a027de7ca829fcd664c37d847cf9 /data/CVE/2020.list | |
| parent | e7330584fa705144e66d2efebd1637c77706e1a7 (diff) | |
Revert "Triage CVE-2020-15469, CVE-2020-15859, CVE-2020-25084, CVE-2020-28916 CVE-2020-29130 & CVE-2020-29443 for qemu for stretch LTS."
This reverts commit 482a467cfdb36d7202a5ea84539352a203cefba7.
As this was fixed as part of DLA-2560-1, but the upload could not be
processed, cf. https://lists.debian.org/debian-lts/2021/02/msg00070.html
for details.
Diffstat (limited to 'data/CVE/2020.list')
| -rw-r--r-- | data/CVE/2020.list | 6 |
1 files changed, 0 insertions, 6 deletions
diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 5e9651a304..b2df7539a6 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -3331,7 +3331,6 @@ CVE-2020-29443 (ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows o {DLA-2560-1} - qemu <unfixed> [buster] - qemu <postponed> (Fix along in future DSA) - [stretch] - qemu <postponed> (Can be fixed in future DLA) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-01/msg04255.html NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=813212288970c39b1800f63e83ac6e96588095c6 NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=b8d7f1bc59276fec85e4d09f1567613a3e14d31e @@ -4016,7 +4015,6 @@ CVE-2020-29130 (slirp.c in libslirp through 4.3.1 has a buffer over-read because - libslirp 4.4.0-1 - qemu 1:4.1-2 [buster] - qemu <postponed> (Fix along in future DSA) - [stretch] - qemu <postponed> (Can be fixed in next DLA) NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/2e1dcbc0c2af64fcb17009eaf2ceedd81be2b27f (v4.4.0) NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed. CVE-2020-29129 (ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tri ...) @@ -4536,7 +4534,6 @@ CVE-2020-28916 (hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an R {DLA-2560-1} - qemu 1:5.2+dfsg-1 (bug #976388; bug #974687) [buster] - qemu <postponed> (Fix along in future DSA) - [stretch] - qemu <postponed> (Fix along in a future DLA) NOTE: https://www.openwall.com/lists/oss-security/2020/12/01/2 NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-11/msg03185.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1893895 (duplicate) @@ -13473,7 +13470,6 @@ CVE-2020-25084 (QEMU 5.0.0 has a use-after-free in hw/usb/hcd-xhci.c because the {DLA-2560-1} - qemu 1:5.2+dfsg-1 (bug #970539) [buster] - qemu <postponed> (Can be fixed along in next qemu DSA) - [stretch] - qemu <postponed> (Can be fixed in next DLA) NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-08/msg08050.html NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-08/msg08043.html NOTE: https://www.openwall.com/lists/oss-security/2020/09/16/5 @@ -32663,7 +32659,6 @@ CVE-2020-15859 (QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because {DLA-2560-1} - qemu 1:5.2+dfsg-1 (bug #965978) [buster] - qemu <postponed> (Minor issue, can be fixed along in next DSA) - [stretch] - qemu <postponed> (Minor issue, can be fixed in next DLA) NOTE: Proposed patch: https://lists.gnu.org/archive/html/qemu-devel/2020-07/msg05895.html NOTE: https://bugs.launchpad.net/qemu/+bug/1886362 NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=22dc8663d9fc7baa22100544c600b6285a63c7a3 @@ -33714,7 +33709,6 @@ CVE-2020-15469 (In QEMU 4.2.0, a MemoryRegionOps object may lack read/write call {DLA-2560-1} - qemu <unfixed> (low; bug #970253) [buster] - qemu <postponed> (Minor issue, fix along in next DSA) - [stretch] - qemu <postponed> (Minor issue, can be fixed in next DLA) NOTE: https://www.openwall.com/lists/oss-security/2020/07/02/1 NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg09961.html NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg00674.html |