From 8a2d34aecf2c2da699e02d6941613cde5b894924 Mon Sep 17 00:00:00 2001
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Fri, 18 Sep 2020 11:16:18 +0200
Subject: qemu bugs / postponed

---
 data/CVE/list.2020 | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/data/CVE/list.2020 b/data/CVE/list.2020
index 0f8e9036d6..0884c2d047 100644
--- a/data/CVE/list.2020
+++ b/data/CVE/list.2020
@@ -279,11 +279,14 @@ CVE-2020-25626
 	RESERVED
 CVE-2020-25625 [usb: hcd-ohci: infinite loop issue while processing transfer descriptors]
 	RESERVED
-	- qemu <unfixed>
+	- qemu <unfixed> (bug #970542)
+	[buster] - qemu <postponed> (Can be fixed along in next qemu DSA)
 	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05905.html
+	NOTE: https://www.openwall.com/lists/oss-security/2020/09/17/1
 CVE-2020-25624 [hcd-ohci: out-of-bound access issue while processing transfer descriptors]
 	RESERVED
-	- qemu <unfixed>
+	- qemu <unfixed> (bug #970541)
+	[buster] - qemu <postponed> (Can be fixed along in next qemu DSA)
 	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05492.html
 CVE-2020-25623
 	RESERVED
@@ -1399,14 +1402,19 @@ CVE-2020-25086 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in
 	NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap
 CVE-2020-25085 [sdhci: out-of-bounds access issue while doing multi block SDMA]
 	RESERVED
-	- qemu <unfixed>
+	- qemu <unfixed> (bug #970540)
+	[buster] - qemu <postponed> (Can be fixed along in next qemu DSA)
 	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg00733.html
 	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg01439.html
+	NOTE: https://www.openwall.com/lists/oss-security/2020/09/16/6
 CVE-2020-25084 [usb: use-after-free issue while setting up packet]
 	RESERVED
-	- qemu <unfixed>
+	- qemu <unfixed> (bug #970539)
+	[buster] - qemu <postponed> (Can be fixed along in next qemu DSA)
 	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-08/msg08050.html
 	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-08/msg08043.html
+	NOTE: https://www.openwall.com/lists/oss-security/2020/09/16/5
+	NOTE: https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Fxhci_uaf_2
 CVE-2020-25083
 	RESERVED
 CVE-2020-25082
-- 
cgit v1.2.3