CVE Status: Difference between revisions
RossBurton (talk | contribs) No edit summary |
RossBurton (talk | contribs) No edit summary |
||
| Line 21: | Line 21: | ||
Appears to be a floating point exception in a test, should verify that the crash is in the test code and not the library. [https://gitlab.freedesktop.org/pixman/pixman/-/issues/76 This ticket] has the details. | Appears to be a floating point exception in a test, should verify that the crash is in the test code and not the library. [https://gitlab.freedesktop.org/pixman/pixman/-/issues/76 This ticket] has the details. | ||
CVE-2023-1386 CVE-2023-3019 CVE-2023-3180 CVE-2023-3354 CVE-2023-40360 CVE-2023-4135 | |||
=== qemu === | |||
Upgrading to 8.1.0 will solve the ones which have merged fixes. | |||
CVE-2023-1386 https://github.com/v9fs/linux/issues/29 | |||
CVE-2023-3019. Patches sent but not merged, need to be rebased. | |||
CVE-2023-3180. Patch at https://gitlab.com/qemu-project/qemu/-/commit/9d38a8434721a6479fe03fb5afb150ca793d3980. | |||
CVE-2023-3354. Patch at https://lore.kernel.org/qemu-devel/20230801174650.177924-2-berrange@redhat.com/. | |||
CVE-2023-40360. Patch at https://gitlab.com/qemu-project/qemu/-/commit/6c8f8456cb0b239812dee5211881426496da7b98. | |||
CVE-2023-4135. Patch at https://gitlab.com/qemu-project/qemu/-/commit/ecb1b7b082d3b7dceff0e486a114502fc52c0fdf. | |||
=== linux === | |||
TODO | |||
Revision as of 21:48, 24 August 2023
This is a list of CVEs which are currently being reported as open, and the current state.
CVE-2022-3219 (gnupg)
Hypothetical DoS. A patch was proposed but hasn't been reviewed or merged.
CVE-2022-33065 (libsndfile1)
Integer overflow, still open upstream.
CVE-2022-46456 (nasm)
Buffer overflow, still open upstream.
CVE-2023-0687 (glibc)
Bad CPE, should be marked as fixed in 2.38. Emailed NIST, data not updated yet.
CVE-2023-37769 (pixman)
Appears to be a floating point exception in a test, should verify that the crash is in the test code and not the library. This ticket has the details.
qemu
Upgrading to 8.1.0 will solve the ones which have merged fixes.
CVE-2023-1386 https://github.com/v9fs/linux/issues/29 CVE-2023-3019. Patches sent but not merged, need to be rebased. CVE-2023-3180. Patch at https://gitlab.com/qemu-project/qemu/-/commit/9d38a8434721a6479fe03fb5afb150ca793d3980. CVE-2023-3354. Patch at https://lore.kernel.org/qemu-devel/20230801174650.177924-2-berrange@redhat.com/. CVE-2023-40360. Patch at https://gitlab.com/qemu-project/qemu/-/commit/6c8f8456cb0b239812dee5211881426496da7b98. CVE-2023-4135. Patch at https://gitlab.com/qemu-project/qemu/-/commit/ecb1b7b082d3b7dceff0e486a114502fc52c0fdf.
linux
TODO
