From 0b75c3037502d1a67d1c3299f09d85a5e3810ca5 Mon Sep 17 00:00:00 2001 From: Moritz Muehlenhoff Date: Fri, 5 Mar 2021 09:58:52 +0100 Subject: qemu triage --- data/CVE/2019.list | 1 + data/CVE/2020.list | 10 +++++++--- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/data/CVE/2019.list b/data/CVE/2019.list index cc2784a8d0..45fadc32af 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -23219,6 +23219,7 @@ CVE-2019-12068 (In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3. CVE-2019-12067 [ide: ahci: add check to avoid null dereference] RESERVED - qemu (low; bug #972099) + [bullseye] - qemu (Minor issue, revisit when fixed upstream) [buster] - qemu (Minor issue, revisit when fixed upstream) [stretch] - qemu (Minor issue, can be fixed along in future update) [jessie] - qemu (Minor issue, can be fixed along in future update) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index cdb0da2dea..2011724d01 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1803,7 +1803,7 @@ CVE-2020-35507 (There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in b CVE-2020-35506 [use after free vulnerability in esp_do_dma() in hw/scsi/esp.c] RESERVED - qemu (bug #984454) - [bullseye] - qemu (Minor issue) + [bullseye] - qemu (Minor issue, revisit when fixed upstream) [buster] - qemu (Fix along in future DSA) [stretch] - qemu (Fix along in future DLA) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1909996 @@ -1811,7 +1811,7 @@ CVE-2020-35506 [use after free vulnerability in esp_do_dma() in hw/scsi/esp.c] CVE-2020-35505 [NULL pointer dereference in do_busid_cmd() in hw/scsi/esp.c] RESERVED - qemu (bug #984455) - [bullseye] - qemu (Minor issue) + [bullseye] - qemu (Minor issue, revisit when fixed upstream) [buster] - qemu (Fix along in future DSA) [stretch] - qemu (Fix along in future DLA) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1909769 @@ -1819,11 +1819,12 @@ CVE-2020-35505 [NULL pointer dereference in do_busid_cmd() in hw/scsi/esp.c] CVE-2020-35504 [NULL pointer dereference in scsi_req_continue() in hw/scsi/scsi-bus.c] RESERVED - qemu (bug #979679) - [bullseye] - qemu (Minor issue) + [bullseye] - qemu (Minor issue, revisit when fixed upstream) [buster] - qemu (Fix along in future DSA) [stretch] - qemu (Fix along in future DLA) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1909766 NOTE: https://bugs.launchpad.net/qemu/+bug/1910723 (reproducer) + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-12/msg06065.html CVE-2020-35503 [QEMU: NULL pointer dereference issue in megasas-gen2 host bus adapter] RESERVED - qemu (bug #979678) @@ -11863,18 +11864,21 @@ CVE-2020-25744 (SaferVPN before 5.0.3.3 on Windows could allow low-privileged us NOT-FOR-US: SaferVPN CVE-2020-25743 (hw/ide/pci.c in QEMU before 5.1.1 can trigger a NULL pointer dereferen ...) - qemu (bug #970940) + [bullseye] - qemu (Minor issue, revisit when fixed upstream) [buster] - qemu (Fix along in next qemu DSA) [stretch] - qemu (Fix along in future DLA) NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg01568.html NOTE: https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Fide_nullptr1 CVE-2020-25742 (pci_change_irq_level in hw/pci/pci.c in QEMU before 5.1.1 has a NULL p ...) - qemu (bug #971390) + [bullseye] - qemu (Minor issue, revisit when fixed upstream) [buster] - qemu (Fix along in next qemu DSA) [stretch] - qemu (Fix along in future DLA) NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05294.html NOTE: https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Flsi_nullptr1 CVE-2020-25741 (fdctrl_write_data in hw/block/fdc.c in QEMU 5.0.0 has a NULL pointer d ...) - qemu (bug #970939) + [bullseye] - qemu (Minor issue, revisit when fixed upstream) [buster] - qemu (Fix along in next qemu DSA) [stretch] - qemu (Fix along in future DLA) NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg07779.html -- cgit v1.2.3