diff options
| author | Thorsten Alteholz <debian@alteholz.de> | 2020-09-29 11:08:19 +0200 |
|---|---|---|
| committer | Thorsten Alteholz <debian@alteholz.de> | 2020-09-29 11:08:19 +0200 |
| commit | 60995be5ba0010636037566e0cbf5fe325afc367 (patch) | |
| tree | 535fea4c2f1fca82401b400f429c64ef82b7cfc7 | |
| parent | 8333c7194ef13a4ceea7cc2fced4d96eac3fc8d3 (diff) | |
as fixes for most qemu CVEs are still being discussed and not yet fixed upstream, mark them as postponed
| -rw-r--r-- | data/CVE/list | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/data/CVE/list b/data/CVE/list index 8c4706cdfe..5d6f1e247c 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -866,16 +866,19 @@ CVE-2020-25743 [ide: null pointer dereference while cancelling i/o operation] RESERVED - qemu <unfixed> (bug #970940) [buster] - qemu <postponed> (Fix along in next qemu DSA) + [stretch] - qemu <postponed> (Fix along in future DLA) NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg01568.html NOTE: https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Fide_nullptr1 CVE-2020-25742 [scsi: lsi: null pointer dereference during memory move] RESERVED - qemu <unfixed> + [stretch] - qemu <postponed> (Fix along in future DLA) NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05294.html NOTE: https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Flsi_nullptr1 CVE-2020-25741 [fdc: null pointer dereference during r/w data transfer] RESERVED - qemu <unfixed> (bug #970939) + [stretch] - qemu <postponed> (Fix along in future DLA) [buster] - qemu <postponed> (Fix along in next qemu DSA) NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg07779.html NOTE: https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Ffdc_nullptr1 @@ -1132,12 +1135,14 @@ CVE-2020-25626 CVE-2020-25625 (hw/usb/hcd-ohci.c in QEMU 5.0.0 has an infinite loop when a TD list ha ...) - qemu <unfixed> (bug #970542) [buster] - qemu <postponed> (Can be fixed along in next qemu DSA) + [stretch] - qemu <postponed> (Fix along in future DLA) NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05905.html NOTE: https://www.openwall.com/lists/oss-security/2020/09/17/1 CVE-2020-25624 [hcd-ohci: out-of-bound access issue while processing transfer descriptors] RESERVED - qemu <unfixed> (bug #970541) [buster] - qemu <postponed> (Can be fixed along in next qemu DSA) + [stretch] - qemu <postponed> (Fix along in future DLA) NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05492.html CVE-2020-25623 RESERVED @@ -2321,12 +2326,14 @@ CVE-2020-25086 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in CVE-2020-25085 (QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_continue ...) - qemu <unfixed> (bug #970540) [buster] - qemu <postponed> (Can be fixed along in next qemu DSA) + [stretch] - qemu <postponed> (Fix along in future DLA) NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg00733.html NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg01439.html NOTE: https://www.openwall.com/lists/oss-security/2020/09/16/6 CVE-2020-25084 (QEMU 5.0.0 has a use-after-free in hw/usb/hcd-xhci.c because the usb_p ...) - qemu <unfixed> (bug #970539) [buster] - qemu <postponed> (Can be fixed along in next qemu DSA) + [stretch] - qemu <postponed> (Fix along in future DLA) NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-08/msg08050.html NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-08/msg08043.html NOTE: https://www.openwall.com/lists/oss-security/2020/09/16/5 |