Accepted qemu 1:2.1+dfsg-12+deb8u12 (source amd64) into oldoldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 11 Sep 2019 11:56:13 +0200
Source: qemu
Binary: qemu qemu-system qemu-system-common qemu-system-misc qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc qemu-system-x86 qemu-user qemu-user-static qemu-user-binfmt qemu-utils qemu-guest-agent qemu-kvm
Architecture: source amd64
Version: 1:2.1+dfsg-12+deb8u12
Distribution: jessie-security
Urgency: medium
Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>
Changed-By: Sylvain Beucler <beuc@debian.org>
Description:
qemu - fast processor emulator
qemu-guest-agent - Guest-side qemu-system agent
qemu-kvm - QEMU Full virtualization on x86 hardware
qemu-system - QEMU full system emulation binaries
qemu-system-arm - QEMU full system emulation binaries (arm)
qemu-system-common - QEMU full system emulation binaries (common files)
qemu-system-mips - QEMU full system emulation binaries (mips)
qemu-system-misc - QEMU full system emulation binaries (miscelaneous)
qemu-system-ppc - QEMU full system emulation binaries (ppc)
qemu-system-sparc - QEMU full system emulation binaries (sparc)
qemu-system-x86 - QEMU full system emulation binaries (x86)
qemu-user - QEMU user mode emulation binaries
qemu-user-binfmt - QEMU user mode binfmt registration for qemu-user
qemu-user-static - QEMU user mode emulation binaries (static version)
qemu-utils - QEMU utilities
Changes:
qemu (1:2.1+dfsg-12+deb8u12) jessie-security; urgency=medium
.
* Non-maintainer upload by the LTS team.
.
[Mike Gabriel]
* CVE-2017-9375: Track xhci_kick_ep processing being active in a variable.
Check the variable at the beginning of xhci_kick_ep. Add an assert right
before processing the kick.
* CVE-2019-12155: qxl: Check release info object. When releasing spice
resources in release_resource() routine, if release info object
'ext.info' is null, it leads to null pointer dereference. Add check
to avoid it.
* CVE-2016-5403: virtio: error out if guest exceeds virtqueue size. Plus
set vq->inuse correctly at various places.
* CVE-2016-5126: block/iscsi: avoid potential overflow of acb->task->cdb.
* Remove unused/redundant patch files.
.
[Sylvain Beucler]
* CVE-2019-12068: scsi: lsi: exit infinite loop while executing script
* CVE-2019-13164: qemu-bridge-helper.c in QEMU 4.0.0 does not ensure
that a network interface name (obtained from bridge.conf or a
--br=bridge option) is limited to the IFNAMSIZ size, which can
lead to an ACL bypass.
* CVE-2019-14378: ip_reass in ip_input.c in libslirp has a
heap-based buffer overflow via a large packet because it
mishandles a case involving the first fragment.
* CVE-2019-15890: libslirp has a use-after-free in ip_reass in ip_input.c.
Checksums-Sha1:
4acefb7d871bc0d17f87c7970d2fcf560a3d971f 5193 qemu_2.1+dfsg-12+deb8u12.dsc
964a44f2db3bc24ebe0e1cb4e445ea14dd54e9ad 223924 qemu_2.1+dfsg-12+deb8u12.debian.tar.xz
fa3a787fe60a85d5d3dfba8ea05439bb5b719809 126996 qemu_2.1+dfsg-12+deb8u12_amd64.deb
5ed3b13f43d2e55d0f31972c163d22d1da0ad5ed 56230 qemu-system_2.1+dfsg-12+deb8u12_amd64.deb
3cc4435e0aa76321a87630d7bf09b10eee75675b 286938 qemu-system-common_2.1+dfsg-12+deb8u12_amd64.deb
07dbe5deecd3800e0848ff36e2a8446e8767a182 4795244 qemu-system-misc_2.1+dfsg-12+deb8u12_amd64.deb
9295641efd9cfd44694eb1e423e075f84f0e23ab 2240822 qemu-system-arm_2.1+dfsg-12+deb8u12_amd64.deb
a5eae3703d9f833ffa5b8ee476fff37c61c52f9b 2841670 qemu-system-mips_2.1+dfsg-12+deb8u12_amd64.deb
b332d823ae8c9cb05d144e72c3ad5112fcb65088 2750384 qemu-system-ppc_2.1+dfsg-12+deb8u12_amd64.deb
112d0b66616a81ad7989ee9867672261a8afcca2 1673754 qemu-system-sparc_2.1+dfsg-12+deb8u12_amd64.deb
3c28434b3a212c8f10f1c75b79c9b0c69b2c47c9 2050640 qemu-system-x86_2.1+dfsg-12+deb8u12_amd64.deb
1c3cdde2d2f54761263c9166fba43200d4c6505c 6114562 qemu-user_2.1+dfsg-12+deb8u12_amd64.deb
ea0ef1aaafb429abe81946a93d07d466b99f6a60 8393026 qemu-user-static_2.1+dfsg-12+deb8u12_amd64.deb
d3ad6dd0db93f0236f5bf05bc71bcb34c7170a99 2932 qemu-user-binfmt_2.1+dfsg-12+deb8u12_amd64.deb
f85bab6b6c469efd0208da378e025c8f45cf885b 487968 qemu-utils_2.1+dfsg-12+deb8u12_amd64.deb
5ffd889d65f4fdc57d5773d15818738da88fd1ea 140284 qemu-guest-agent_2.1+dfsg-12+deb8u12_amd64.deb
3a326759e3eb4e7e41c8cc02fe085e176806899f 56894 qemu-kvm_2.1+dfsg-12+deb8u12_amd64.deb
Checksums-Sha256:
9798c54b3cc0e1aa5baac8c5269ecf989ab65c091647c283d747141ad7440f41 5193 qemu_2.1+dfsg-12+deb8u12.dsc
7fed0281e9e41bb1cd1517223ce57c95cf69765551a070f457653c859802bbf6 223924 qemu_2.1+dfsg-12+deb8u12.debian.tar.xz
1197c0aeec9a512101dfbf723414c39c6c65e995eb4b7cfddba1e6436e05b349 126996 qemu_2.1+dfsg-12+deb8u12_amd64.deb
39729d2e28265e1612cb861e762771dbb703431bb0aee083a6afc743f1e45bb9 56230 qemu-system_2.1+dfsg-12+deb8u12_amd64.deb
6533502e56c381d08cb2e7a84594fa57cb3e1b5be6bea65e417874c3abaebd4b 286938 qemu-system-common_2.1+dfsg-12+deb8u12_amd64.deb
c75bb5e75a4bca5294ce97afc98bcbdaf5b5b2b7685e0abe2cc208d6726203c2 4795244 qemu-system-misc_2.1+dfsg-12+deb8u12_amd64.deb
6edda0c7d40d88b66690b012f93b6e659c4c01ad37c1bb82b893932a47026b72 2240822 qemu-system-arm_2.1+dfsg-12+deb8u12_amd64.deb
b01dad409b779e240e9f9be880d1c0db2acda7ffe24b36148184474a431884e1 2841670 qemu-system-mips_2.1+dfsg-12+deb8u12_amd64.deb
6cfafcc46ed815b4e946cf4bbff75d6e2dd93a266cf7bd0bf30e14ebecf0e4b8 2750384 qemu-system-ppc_2.1+dfsg-12+deb8u12_amd64.deb
4572d6865b0a242ebe8892fb9383d32033315ad28b94c3a24b14f9b58e5865e1 1673754 qemu-system-sparc_2.1+dfsg-12+deb8u12_amd64.deb
cf99264303c72d273051f3a72458c6dc2c09f840e54c1c5e0e920c1e6cb1a3d9 2050640 qemu-system-x86_2.1+dfsg-12+deb8u12_amd64.deb
544a248b226a39c3592f49015a8a79ab1e961b02decdc5c3120b29035eb226ca 6114562 qemu-user_2.1+dfsg-12+deb8u12_amd64.deb
f647875610498dc66a24881d209c5e985e62dee2d24fe8abe6205e17de44cf50 8393026 qemu-user-static_2.1+dfsg-12+deb8u12_amd64.deb
46371b9bccd8f177fc855e2e16450b0d109e033e34ef577346d11196c38095c9 2932 qemu-user-binfmt_2.1+dfsg-12+deb8u12_amd64.deb
8492f1755265854b07a0b09b75b58fa680a82d902eecb76ac65bd5263dc84af0 487968 qemu-utils_2.1+dfsg-12+deb8u12_amd64.deb
4581523cf142d18b5cec7de2a5d72b0c07d381031ae7fd8ec38c97f571dd71b1 140284 qemu-guest-agent_2.1+dfsg-12+deb8u12_amd64.deb
b372b552deb6379a49c34bf4515566cfba57709fd709d8df551eeeb790eb0e4f 56894 qemu-kvm_2.1+dfsg-12+deb8u12_amd64.deb
Files:
2867d1cb91dc874252096138da3200e8 5193 otherosfs optional qemu_2.1+dfsg-12+deb8u12.dsc
288e9fa4d52809b1d9c1dab0e5c9e73c 223924 otherosfs optional qemu_2.1+dfsg-12+deb8u12.debian.tar.xz
4f6dd349d18b9964f2da325986f1654a 126996 otherosfs optional qemu_2.1+dfsg-12+deb8u12_amd64.deb
c61ca5b577c8ab7c215121a18dcc30a7 56230 otherosfs optional qemu-system_2.1+dfsg-12+deb8u12_amd64.deb
4925547217bebb065eec0548924b0e7f 286938 otherosfs optional qemu-system-common_2.1+dfsg-12+deb8u12_amd64.deb
cf9fcf12e0a11727129f71418eb11e7f 4795244 otherosfs optional qemu-system-misc_2.1+dfsg-12+deb8u12_amd64.deb
2eed562617ba55c300b57f0227cc8eb4 2240822 otherosfs optional qemu-system-arm_2.1+dfsg-12+deb8u12_amd64.deb
1179dfec08ca6c0ec49fe7604ef6b912 2841670 otherosfs optional qemu-system-mips_2.1+dfsg-12+deb8u12_amd64.deb
7cb234c7cc927aaf8eec0102f82406f3 2750384 otherosfs optional qemu-system-ppc_2.1+dfsg-12+deb8u12_amd64.deb
43198c02e8fedf45b7b958194fa2e3a1 1673754 otherosfs optional qemu-system-sparc_2.1+dfsg-12+deb8u12_amd64.deb
c0a9f2c548bc9e947b2ff8a4e123d271 2050640 otherosfs optional qemu-system-x86_2.1+dfsg-12+deb8u12_amd64.deb
8da982e803ce83cdda92b95b4998e80e 6114562 otherosfs optional qemu-user_2.1+dfsg-12+deb8u12_amd64.deb
203bc9fbf57753afc64cf914a3f4baf9 8393026 otherosfs optional qemu-user-static_2.1+dfsg-12+deb8u12_amd64.deb
9de7327ad655cfc81f7e21cae5762635 2932 otherosfs optional qemu-user-binfmt_2.1+dfsg-12+deb8u12_amd64.deb
f8465a50e3b2a506e2d1a74bb9d7e497 487968 otherosfs optional qemu-utils_2.1+dfsg-12+deb8u12_amd64.deb
c6cbce27d86aaeb58e7faf86470ceaa7 140284 otherosfs optional qemu-guest-agent_2.1+dfsg-12+deb8u12_amd64.deb
4d58884f9453d19c416cf5c554b37724 56894 otherosfs optional qemu-kvm_2.1+dfsg-12+deb8u12_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCgAdFiEEQic8GuN/xDR88HkSj/HLbo2JBZ8FAl2EjXEACgkQj/HLbo2J
BZ/HUggAjIDOtfoIgWcXetFfSUGCFa6RFe3V5bWZA6qgUD1Q5GqHDDl3bHI4f6oZ
6beEbppgFklHX4C7476//ixWSVyCKLrHvoKjk3WkZHisYhczWFTWrC6SRc3nbtku
msbz+RyQFB+bwJGd6so+W8QcMUwNKchge/a8IBAqyHhfe3a3AUJY2lLMQoKQCJ7n
5cb+0BNSdW7rB7O71ZC+wG7I581yHCvs21F73G7latyjrHjzocHcxQ+9XcN+mS0U
cOU42vMlMaAaDgPXXk8pgUymGuo+Zlr70uwFkfsWM6hUTWtpdcNwhJ8MXITz2IpZ
sMFJxLt5PGsYqRHa3+udjZpLZ3l00Q==
=MtX0
-----END PGP SIGNATURE-----