diff options
| author | Moritz Mühlenhoff <jmm@debian.org> | 2021-03-03 20:29:32 +0100 |
|---|---|---|
| committer | Moritz Mühlenhoff <jmm@debian.org> | 2021-03-03 20:29:32 +0100 |
| commit | afe89ad2eb8f067fe372702ef84e3e44428156a9 (patch) | |
| tree | bc5e17edf1f2d1d04582f611fcf2fd36f42f7ac7 | |
| parent | d08b2b2ef43925890d6159264788c23675e0327d (diff) | |
qemu, newlib bugs
| -rw-r--r-- | data/CVE/2020.list | 4 | ||||
| -rw-r--r-- | data/CVE/2021.list | 24 |
2 files changed, 18 insertions, 10 deletions
diff --git a/data/CVE/2020.list b/data/CVE/2020.list index e56d951a3b..a495507422 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1800,7 +1800,7 @@ CVE-2020-35507 (There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in b NOTE: binutils not covered by security support CVE-2020-35506 [use after free vulnerability in esp_do_dma() in hw/scsi/esp.c] RESERVED - - qemu <unfixed> + - qemu <unfixed> (bug #984454) [bullseye] - qemu <postponed> (Minor issue) [buster] - qemu <postponed> (Fix along in future DSA) [stretch] - qemu <postponed> (Fix along in future DLA) @@ -1808,7 +1808,7 @@ CVE-2020-35506 [use after free vulnerability in esp_do_dma() in hw/scsi/esp.c] NOTE: https://bugs.launchpad.net/qemu/+bug/1909247 CVE-2020-35505 [NULL pointer dereference in do_busid_cmd() in hw/scsi/esp.c] RESERVED - - qemu <unfixed> + - qemu <unfixed> (bug #984455) [bullseye] - qemu <postponed> (Minor issue) [buster] - qemu <postponed> (Fix along in future DSA) [stretch] - qemu <postponed> (Fix along in future DLA) diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 83af77f3da..359b77bb41 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -1,6 +1,6 @@ CVE-2021-3420 RESERVED - - newlib <unfixed> + - newlib <unfixed> (bug #984446) [buster] - newlib <no-dsa> (Minor issue) - picolibc 1.5-1 - libnewlib-nano <unfixed> (bug #984424) @@ -93,7 +93,8 @@ CVE-2021-27876 (An issue was discovered in Veritas Backup Exec before 21.2. The NOT-FOR-US: Veritas CVE-2021-3419 [net: rtl8139: stack-based buffer overflow induced by infinite recursion issue] RESERVED - - qemu <unfixed> + - qemu <unfixed> (bug #984447) + [buster] - qemu <postponed> (Minor issue) NOTE: https://bugs.launchpad.net/qemu/+bug/1910826 NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-03/msg00010.html CVE-2021-3418 @@ -386,7 +387,8 @@ CVE-2021-3417 RESERVED CVE-2021-3416 [net: infinite loop in loopback mode may lead to stack overflow] RESERVED - - qemu <unfixed> + - qemu <unfixed> (bug #984448) + [buster] - qemu <postponed> (Minor issue) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg07431.html NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg07484.html CVE-2021-27736 @@ -2868,7 +2870,8 @@ CVE-2021-3393 [postgres: information leak in error message] NOTE: https://www.postgresql.org/about/news/postgresql-132-126-1111-1016-9621-and-9525-released-2165/ CVE-2021-3392 [scsi: mptsas: use-after-free while processing io requests] RESERVED - - qemu <unfixed> + - qemu <unfixed> (bug #984449) + [buster] - qemu <postponed> (Minor issue) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg00488.html NOTE: https://bugs.launchpad.net/qemu/+bug/1914236 CVE-2021-26597 @@ -16701,13 +16704,15 @@ CVE-2021-20258 RESERVED CVE-2021-20257 [net: e1000: infinite loop while processing transmit descriptors] RESERVED - - qemu <unfixed> + - qemu <unfixed> (bug #984450) + [buster] - qemu <postponed> (Minor issue) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg03595.html CVE-2021-20256 (A flaw was found in Red Hat Satellite. The BMC interface exposes the p ...) NOT-FOR-US: Red Hat Satellite CVE-2021-20255 [net: eepro100: stack overflow via infinite recursion] RESERVED - - qemu <unfixed> + - qemu <unfixed> (bug #984451) + [buster] - qemu <postponed> (Minor issue) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html NOTE: https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Feepro100_stackoverflow1 CVE-2021-20254 @@ -16871,6 +16876,7 @@ CVE-2021-20221 [GIC: out-of-bound heap buffer access via an interrupt ID field] RESERVED {DLA-2560-1} - qemu 1:5.2+dfsg-4 + [buster] - qemu <postponed> (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2021/02/05/1 NOTE: https://gitlab.com/qemu-project/qemu/-/commit/edfe2eb4360cde4ed5d95bda7777edcb3510f76a CVE-2021-20220 (A flaw was found in Undertow. A regression in the fix for CVE-2020-106 ...) @@ -16962,7 +16968,8 @@ CVE-2021-20205 CVE-2021-20204 RESERVED CVE-2021-20203 (An integer overflow issue was found in the vmxnet3 NIC emulator of the ...) - - qemu <unfixed> + - qemu <unfixed> (bug #984452) + [buster] - qemu <postponed> (Minor issue) NOTE: https://bugs.launchpad.net/qemu/+bug/1913873 NOTE: https://bugs.launchpad.net/qemu/+bug/1890152 NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-01/msg07935.html @@ -17002,7 +17009,7 @@ CVE-2021-20197 NOTE: binutils not covered by security support CVE-2021-20196 [block: fdc: null pointer dereference may lead to guest crash] RESERVED - - qemu <unfixed> + - qemu <unfixed> (bug #984453) [buster] - qemu <postponed> (Fix along in future DSA) [stretch] - qemu <postponed> (Fix along in future DLA) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1919210 @@ -17063,6 +17070,7 @@ CVE-2021-20181 [9pfs: Fully restart unreclaim loop] RESERVED {DLA-2560-1} - qemu 1:5.2+dfsg-4 + [buster] - qemu <postponed> (Minor issue) NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=89fbea8737e8f7b954745a1ffc4238d377055305 CVE-2021-20180 RESERVED |