diff options
| author | Guilhem Moulin <guilhem@debian.org> | 2024-04-01 13:45:40 +0200 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@debian.org> | 2024-04-01 13:45:40 +0200 |
| commit | 9739710098cfd6b81354dd6bbe64c9049ea55c5a (patch) | |
| tree | 5e104f32ff55cc5f38b6527cd2a95b1c654de1a2 /data | |
| parent | 57a7439b274fe7a20b83d6d009742c203cee10eb (diff) | |
Reserve DLA-3778-1 for libvirt
Diffstat (limited to 'data')
| -rw-r--r-- | data/CVE/list | 10 | ||||
| -rw-r--r-- | data/DLA/list | 3 | ||||
| -rw-r--r-- | data/dla-needed.txt | 5 |
3 files changed, 3 insertions, 15 deletions
diff --git a/data/CVE/list b/data/CVE/list index e452c81c3d..7ff8a1d872 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -5707,13 +5707,11 @@ CVE-2024-2496 (A NULL pointer dereference flaw was found in the udevConnectListA - libvirt 9.8.0-1 [bookworm] - libvirt <no-dsa> (Minor issue) [bullseye] - libvirt <no-dsa> (Minor issue) - [buster] - libvirt <postponed> (Minor issue; DoS / clean crash) NOTE: Fixed by: https://gitlab.com/libvirt/libvirt/-/commit/2ca94317ac642a70921947150ced8acc674ccdc8 (v9.8.0-rc1) CVE-2024-1441 (An off-by-one error flaw was found in the udevListInterfacesByStatus() ...) - libvirt 10.1.0-1 (bug #1066058) [bookworm] - libvirt <no-dsa> (Minor issue) [bullseye] - libvirt <no-dsa> (Minor issue) - [buster] - libvirt <postponed> (Minor issue; very rare crash before v5.10) NOTE: Introduced by: https://gitlab.com/libvirt/libvirt/-/commit/5a33366f5c0b18c93d161bd144f9f079de4ac8ca (v1.0.0-rc1) NOTE: Introduced by: https://gitlab.com/libvirt/libvirt/-/commit/d6064e2759a24e0802f363e3a810dc5a7d7ebb15 (v5.10.0-rc1) NOTE: Fixed by: https://gitlab.com/libvirt/libvirt/-/commit/c664015fe3a7bf59db26686e9ed69af011c6ebb8 (v10.1.0) @@ -149897,7 +149895,6 @@ CVE-2022-0898 (The IgniteUp WordPress plugin through 3.4.1 does not sanitise and CVE-2022-0897 (A flaw was found in the libvirt nwfilter driver. The virNWFilterObjLis ...) - libvirt 8.2.0-1 (bug #1009075) [bullseye] - libvirt <no-dsa> (Minor issue) - [buster] - libvirt <no-dsa> (Minor issue) [stretch] - libvirt <postponed> (Minor issue) NOTE: https://gitlab.com/libvirt/libvirt/-/commit/a4947e8f63c3e6b7b067b444f3d6cf674c0d7f36 (v8.2.0-rc1) CVE-2022-0896 (Improper Neutralization of Special Elements Used in a Template Engine ...) @@ -167439,7 +167436,6 @@ CVE-2021-4148 (A vulnerability was found in the Linux kernel's block_invalidatep CVE-2021-4147 (A flaw was found in the libvirt libxl driver. A malicious guest could ...) - libvirt 7.10.0-2 (bug #1002535) [bullseye] - libvirt <no-dsa> (Minor issue) - [buster] - libvirt <no-dsa> (Minor issue) [stretch] - libvirt <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2034195 NOTE: https://listman.redhat.com/archives/libvir-list/2021-November/msg00908.html @@ -172486,7 +172482,6 @@ CVE-2021-3976 (kimai2 is vulnerable to Cross-Site Request Forgery (CSRF)) CVE-2021-3975 (A use-after-free flaw was found in libvirt. The qemuMonitorUnregister( ...) - libvirt 7.6.0-1 [bullseye] - libvirt <no-dsa> (Minor issue) - [buster] - libvirt <no-dsa> (Minor issue) [stretch] - libvirt <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2024326 NOTE: Fixed by: https://github.com/libvirt/libvirt/commit/1ac703a7d0789e46833f4013a3876c2e3af18ec7 (v7.1.0-rc2) @@ -192924,7 +192919,6 @@ CVE-2021-37579 (The Dubbo Provider will check the incoming request and the corre CVE-2021-3667 (An improper locking issue was found in the virStoragePoolLookupByTarge ...) - libvirt 7.6.0-1 (bug #991594) [bullseye] - libvirt <no-dsa> (Minor issue) - [buster] - libvirt <no-dsa> (Minor issue) [stretch] - libvirt <not-affected> (Introduced in 4.1) NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=447f69dec47e1b0bd15ecd7cd49a9fd3b050fb87 (v7.6.0-rc1) NOTE: Introduced in https://libvirt.org/git/?p=libvirt.git;a=commit;h=7aa0e8c0cb8a6293d0c6f7e3d29c13b96dec2129 @@ -196603,7 +196597,6 @@ CVE-2017-20006 (UnRAR 5.6.1.2 and 5.6.1.3 has a heap-based buffer overflow in Un CVE-2021-3631 (A flaw was found in libvirt while it generates SELinux MCS category pa ...) - libvirt 7.6.0-1 (bug #990709) [bullseye] - libvirt <no-dsa> (Minor issue) - [buster] - libvirt <no-dsa> (Minor issue) [stretch] - libvirt <no-dsa> (Minor issue) NOTE: https://gitlab.com/libvirt/libvirt/-/issues/153 NOTE: Fixed by: https://gitlab.com/libvirt/libvirt/-/commit/15073504dbb624d3f6c911e85557019d3620fdb2 (v7.5.0) @@ -255374,7 +255367,6 @@ CVE-2020-25638 (A flaw was found in hibernate-core in versions prior to and incl CVE-2020-25637 (A double free memory issue was found to occur in the libvirt API, in v ...) {DLA-2395-1} - libvirt 6.8.0-1 (bug #971555) - [buster] - libvirt <no-dsa> (Minor issue) NOTE: Introduced by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=0977b8aa071de550e1a013d35e2c72615e65d520 (v1.2.14-rc1) NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=955029bd0ad7ef96000f529ac38204a8f4a96401 (v6.8.0) NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=50864dcda191eb35732dbd80fb6ca251a6bba923 (v6.8.0) @@ -286363,7 +286355,6 @@ CVE-2020-12431 (A Windows privilege change issue was discovered in Splashtop Sof CVE-2020-12430 (An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_dri ...) [experimental] - libvirt 6.2.0-1 - libvirt 6.4.0-2 (low; bug #959447) - [buster] - libvirt <no-dsa> (Minor issue) [stretch] - libvirt <not-affected> (Vulnerable code introduced later) [jessie] - libvirt <not-affected> (Vulnerable code introduced later) NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=9bf9e0ae6af38c806f4672ca7b12a6b38d5a9581 (v6.1.0-rc1) @@ -292586,7 +292577,6 @@ CVE-2020-10704 (A flaw was found when using samba as an Active Directory Domain NOTE: https://www.samba.org/samba/security/CVE-2020-10704.html CVE-2020-10703 (A NULL pointer dereference was found in the libvirt API responsible in ...) - libvirt 6.0.0-2 - [buster] - libvirt <no-dsa> (Minor issue) [stretch] - libvirt <not-affected> (Vulnerable code introduced later) [jessie] - libvirt <not-affected> (Vulnerable code introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1790725 diff --git a/data/DLA/list b/data/DLA/list index afe24c0e59..4ca0587908 100644 --- a/data/DLA/list +++ b/data/DLA/list @@ -1,3 +1,6 @@ +[01 Apr 2024] DLA-3778-1 libvirt - security update + {CVE-2020-10703 CVE-2020-12430 CVE-2020-25637 CVE-2021-3631 CVE-2021-3667 CVE-2021-3975 CVE-2021-4147 CVE-2022-0897 CVE-2024-1441 CVE-2024-2494 CVE-2024-2496} + [buster] - libvirt 5.0.0-4+deb10u2 [27 Mar 2024] DLA-3777-1 composer - security update {CVE-2023-43655} [buster] - composer 1.8.4-1+deb10u3 diff --git a/data/dla-needed.txt b/data/dla-needed.txt index d0cd5bd2d6..d8a9585d9c 100644 --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -149,11 +149,6 @@ libstb NOTE: 20240314: several CVEs fixed in DLA-3305-1 remain unfixed (no-dsa) in bullseye NOTE: 20240314: and bookwork. Uploads to spu and ospu should be coordinated. (roberto) -- -libvirt (guilhem) - NOTE: 20240316: Added by Front-Desk (Beuc) - NOTE: 20240316: A few years of minor vulnerabilities piled up; - NOTE: 20240316: coordinate with stable/oldstable to fix them uniformly (Beuc/front-desk) --- linux (Ben Hutchings) NOTE: 20230111: perma-added for LTS package-specific delegation (bwh) -- |