diff options
author | Moritz Mühlenhoff <jmm@debian.org> | 2021-01-10 00:07:00 +0100 |
---|---|---|
committer | Moritz Mühlenhoff <jmm@debian.org> | 2021-01-10 00:07:00 +0100 |
commit | 92a8339ee6e9b4858c053d83885536c8b079365c (patch) | |
tree | fe36eba2726f3b29cdeb851cea660815c310b69a /data/CVE | |
parent | f63d9fb4c4703ebe7439fd8b04a75f6657902baa (diff) |
bullseye triage
Diffstat (limited to 'data/CVE')
-rw-r--r-- | data/CVE/2018.list | 5 | ||||
-rw-r--r-- | data/CVE/2020.list | 15 |
2 files changed, 14 insertions, 6 deletions
diff --git a/data/CVE/2018.list b/data/CVE/2018.list index 3a8be60142..071f1be863 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -497,12 +497,13 @@ CVE-2018-21037 (Subrion CMS 4.1.5 (and possibly earlier versions) allow CSRF to CVE-2018-21036 (Sails.js before v1.0.0-46 allows attackers to cause a denial of servic ...) NOT-FOR-US: Sails.js CVE-2018-21035 (In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB f ...) - - qtwebsockets-opensource-src <unfixed> (low; bug #953049) - [buster] - qtwebsockets-opensource-src <ignored> (Minor issue) + - qtwebsockets-opensource-src 5.15.1-2 (low; bug #953049) + [buster] - qtwebsockets-opensource-src <ignored> (Minor issue, fix adds new API only) [stretch] - qtwebsockets-opensource-src <ignored> (Minor issue) [jessie] - qtwebsockets-opensource-src <no-dsa> (Minor issue) NOTE: https://bugreports.qt.io/browse/QTBUG-70693 NOTE: https://codereview.qt-project.org/c/qt/qtwebsockets/+/284735 + NOTE: https://github.com/qt/qtwebsockets/commit/ed93680f34e92ad0383aa4e610bb65689118ca93 CVE-2018-21034 (In Argo versions prior to v1.5.0-rc1, it was possible for authenticate ...) NOT-FOR-US: Argo CVE-2018-21033 (A vulnerability in Hitachi Command Suite prior to 8.6.2-00, Hitachi Au ...) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 47a4da1d55..a16e5d4489 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1497,24 +1497,28 @@ CVE-2020-35507 (There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in b CVE-2020-35506 [use after free vulnerability in esp_do_dma() in hw/scsi/esp.c] RESERVED - qemu <unfixed> + [bullseye] - qemu <postponed> (Minor issue) [buster] - qemu <postponed> (Fix along in future DSA) [stretch] - qemu <postponed> (Fix along in future DLA) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1909996 CVE-2020-35505 [NULL pointer dereference in do_busid_cmd() in hw/scsi/esp.c] RESERVED - qemu <unfixed> + [bullseye] - qemu <postponed> (Minor issue) [buster] - qemu <postponed> (Fix along in future DSA) [stretch] - qemu <postponed> (Fix along in future DLA) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1909769 CVE-2020-35504 [NULL pointer dereference in scsi_req_continue() in hw/scsi/scsi-bus.c] RESERVED - - qemu <unfixed> + - qemu <unfixed> (bug #979679) + [bullseye] - qemu <postponed> (Minor issue) [buster] - qemu <postponed> (Fix along in future DSA) [stretch] - qemu <postponed> (Fix along in future DLA) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1909766 CVE-2020-35503 [QEMU: NULL pointer dereference issue in megasas-gen2 host bus adapter] RESERVED - - qemu <unfixed> + - qemu <unfixed> (bug #979678) + [bullseye] - qemu <postponed> (Minor issue) [buster] - qemu <postponed> (Fix along in future DSA) [stretch] - qemu <postponed> (Fix along in future DLA) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1910346 @@ -9344,7 +9348,8 @@ CVE-2020-26666 CVE-2020-26665 RESERVED CVE-2020-26664 (A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media play ...) - - vlc <unfixed> + - vlc <unfixed> (low; bug #979676) + [buster] - vlc <postponed> (Minor issue, wait for 3.0.12 release) NOTE: https://code.videolan.org/videolan/vlc-3.0/-/commit/ec1f55ee9ace5cc675395a1bc9700d99679e7e8c (3.0.12) NOTE: https://gist.githubusercontent.com/henices/db11664dd45b9f322f8514d182aef5ea/raw/d56940c8bf211992bf4f3309a85bb2b69383e511/CVE-2020-26664.txt CVE-2020-26663 @@ -35778,7 +35783,9 @@ CVE-2020-14395 RESERVED CVE-2020-14394 [infinite loop in xhci_ring_chain_length() in hw/usb/hcd-xhci.c] RESERVED - - qemu <unfixed> + - qemu <unfixed> (bug #979677) + [bullseye] - qemu <postponed> (Minor issue) + [buster] - qemu <postponed> (Minor issue) [stretch] - qemu <postponed> (Fix along in future DLA) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1908004 CVE-2020-14393 (A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local ...) |