From afe89ad2eb8f067fe372702ef84e3e44428156a9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Moritz=20M=C3=BChlenhoff?= <jmm@debian.org>
Date: Wed, 3 Mar 2021 20:29:32 +0100
Subject: qemu, newlib bugs

---
 data/CVE/2020.list |  4 ++--
 data/CVE/2021.list | 24 ++++++++++++++++--------
 2 files changed, 18 insertions(+), 10 deletions(-)

diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index e56d951a3b..a495507422 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -1800,7 +1800,7 @@ CVE-2020-35507 (There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in b
 	NOTE: binutils not covered by security support
 CVE-2020-35506 [use after free vulnerability in esp_do_dma() in hw/scsi/esp.c]
 	RESERVED
-	- qemu <unfixed>
+	- qemu <unfixed> (bug #984454)
 	[bullseye] - qemu <postponed> (Minor issue)
 	[buster] - qemu <postponed> (Fix along in future DSA)
 	[stretch] - qemu <postponed> (Fix along in future DLA)
@@ -1808,7 +1808,7 @@ CVE-2020-35506 [use after free vulnerability in esp_do_dma() in hw/scsi/esp.c]
 	NOTE: https://bugs.launchpad.net/qemu/+bug/1909247
 CVE-2020-35505 [NULL pointer dereference in do_busid_cmd() in hw/scsi/esp.c]
 	RESERVED
-	- qemu <unfixed>
+	- qemu <unfixed> (bug #984455)
 	[bullseye] - qemu <postponed> (Minor issue)
 	[buster] - qemu <postponed> (Fix along in future DSA)
 	[stretch] - qemu <postponed> (Fix along in future DLA)
diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index 83af77f3da..359b77bb41 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -1,6 +1,6 @@
 CVE-2021-3420
 	RESERVED
-	- newlib <unfixed>
+	- newlib <unfixed> (bug #984446)
 	[buster] - newlib <no-dsa> (Minor issue)
 	- picolibc 1.5-1
 	- libnewlib-nano <unfixed> (bug #984424)
@@ -93,7 +93,8 @@ CVE-2021-27876 (An issue was discovered in Veritas Backup Exec before 21.2. The
 	NOT-FOR-US: Veritas
 CVE-2021-3419 [net: rtl8139: stack-based buffer overflow induced by infinite recursion issue]
 	RESERVED
-	- qemu <unfixed>
+	- qemu <unfixed> (bug #984447)
+	[buster] - qemu <postponed> (Minor issue)
 	NOTE: https://bugs.launchpad.net/qemu/+bug/1910826
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-03/msg00010.html
 CVE-2021-3418
@@ -386,7 +387,8 @@ CVE-2021-3417
 	RESERVED
 CVE-2021-3416 [net: infinite loop in loopback mode may lead to stack overflow]
 	RESERVED
-	- qemu <unfixed>
+	- qemu <unfixed> (bug #984448)
+	[buster] - qemu <postponed> (Minor issue)
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg07431.html
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg07484.html
 CVE-2021-27736
@@ -2868,7 +2870,8 @@ CVE-2021-3393 [postgres: information leak in error message]
 	NOTE: https://www.postgresql.org/about/news/postgresql-132-126-1111-1016-9621-and-9525-released-2165/
 CVE-2021-3392 [scsi: mptsas: use-after-free while processing io requests]
 	RESERVED
-	- qemu <unfixed>
+	- qemu <unfixed> (bug #984449)
+	[buster] - qemu <postponed> (Minor issue)
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg00488.html
 	NOTE: https://bugs.launchpad.net/qemu/+bug/1914236
 CVE-2021-26597
@@ -16701,13 +16704,15 @@ CVE-2021-20258
 	RESERVED
 CVE-2021-20257 [net: e1000: infinite loop while processing transmit descriptors]
 	RESERVED
-	- qemu <unfixed>
+	- qemu <unfixed> (bug #984450)
+	[buster] - qemu <postponed> (Minor issue)
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg03595.html
 CVE-2021-20256 (A flaw was found in Red Hat Satellite. The BMC interface exposes the p ...)
 	NOT-FOR-US: Red Hat Satellite
 CVE-2021-20255 [net: eepro100: stack overflow via infinite recursion]
 	RESERVED
-	- qemu <unfixed>
+	- qemu <unfixed> (bug #984451)
+	[buster] - qemu <postponed> (Minor issue)
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html
 	NOTE: https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Feepro100_stackoverflow1
 CVE-2021-20254
@@ -16871,6 +16876,7 @@ CVE-2021-20221 [GIC: out-of-bound heap buffer access via an interrupt ID field]
 	RESERVED
 	{DLA-2560-1}
 	- qemu 1:5.2+dfsg-4
+	[buster] - qemu <postponed> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/02/05/1
 	NOTE: https://gitlab.com/qemu-project/qemu/-/commit/edfe2eb4360cde4ed5d95bda7777edcb3510f76a
 CVE-2021-20220 (A flaw was found in Undertow. A regression in the fix for CVE-2020-106 ...)
@@ -16962,7 +16968,8 @@ CVE-2021-20205
 CVE-2021-20204
 	RESERVED
 CVE-2021-20203 (An integer overflow issue was found in the vmxnet3 NIC emulator of the ...)
-	- qemu <unfixed>
+	- qemu <unfixed> (bug #984452)
+	[buster] - qemu <postponed> (Minor issue)
 	NOTE: https://bugs.launchpad.net/qemu/+bug/1913873
 	NOTE: https://bugs.launchpad.net/qemu/+bug/1890152
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-01/msg07935.html
@@ -17002,7 +17009,7 @@ CVE-2021-20197
 	NOTE: binutils not covered by security support
 CVE-2021-20196 [block: fdc: null pointer dereference may lead to guest crash]
 	RESERVED
-	- qemu <unfixed>
+	- qemu <unfixed> (bug #984453)
 	[buster] - qemu <postponed> (Fix along in future DSA)
 	[stretch] - qemu <postponed> (Fix along in future DLA)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1919210
@@ -17063,6 +17070,7 @@ CVE-2021-20181 [9pfs: Fully restart unreclaim loop]
 	RESERVED
 	{DLA-2560-1}
 	- qemu 1:5.2+dfsg-4
+	[buster] - qemu <postponed> (Minor issue)
 	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=89fbea8737e8f7b954745a1ffc4238d377055305
 CVE-2021-20180
 	RESERVED
-- 
cgit v1.2.3