Back to qemu PTS page

Accepted qemu 1:3.1+dfsg-8+deb10u6 (source) into proposed-updates->stable-new, proposed-updates

To: debian-changes@lists.debian.org
Subject: Accepted qemu 1:3.1+dfsg-8+deb10u6 (source) into proposed-updates->stable-new, proposed-updates
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Thu, 23 Jul 2020 20:38:07 +0000
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1jyhyh-0005bH-Ep@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 04 Jul 2020 13:17:32 +0300
Source: qemu
Architecture: source
Version: 1:3.1+dfsg-8+deb10u6
Distribution: buster-security
Urgency: high
Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>
Changed-By: Michael Tokarev <mjt@tls.msk.ru>
Closes: 961887 961888
Changes:
 qemu (1:3.1+dfsg-8+deb10u6) buster-security; urgency=high
 .
   * revert-memory-accept-mismatching-sizes-in-memory_region_access_valid...patch
     Closes: CVE-2020-13754, possible OOB memory accesses in a bunch of qemu
     devices which uses min_access_size and max_access_size Memory API fields.
     Also closes: CVE-2020-13791
   * acpi-tmr-allow-2-byte-reads.patch - fix an issue in MacOS exposed by
     the previous  "revert-.." change (#964247)
   * exec-set-map-length-to-zero-when-returning-NULL-CVE-2020-13659.patch
     CVE-2020-13659: address_space_map in exec.c can trigger
     a NULL pointer dereference related to BounceBuffer
   * megasas-use-unsigned-type-for-reply_queue_head-and-check-index...patch
     Closes: #961887, CVE-2020-13362, megasas_lookup_frame in hw/scsi/megasas.c
     has an OOB read via a crafted reply_queue_head field from a guest OS user
   * megasas-use-unsigned-type-for-positive-numeric-fields.patch
     fix other possible cases like in CVE-2020-13362 (#961887)
   * megasas-fix-possible-out-of-bounds-array-access.patch
     Some tracepoints use a guest-controlled value as an index into the
     mfi_frame_desc[] array. Thus a malicious guest could cause a very low
     impact OOB errors here
   * es1370-check-total-frame-count-against-current-frame-CVE-2020-13361.patch
     Closes: #961888, CVE-2020-13361, es1370_transfer_audio in hw/audio/es1370.c
     does not properly validate the frame count, which allows guest OS users
     to trigger an out-of-bounds access during an es1370_write() operation
   * slirp-drop-bogus-IPv6-messages-CVE-2020-10756.patch
     Closes: CVE-2020-10756, possible OOB read in icmp6_send_echoreply()
Checksums-Sha1:
 e5a9eaea0356e4e73d98cb9924a90228c62f8c67 6155 qemu_3.1+dfsg-8+deb10u6.dsc
 8fef37f6415522375209c0b109b0b1e8af1473a9 108880 qemu_3.1+dfsg-8+deb10u6.debian.tar.xz
 0ca040287d62909aa33fd3ea042be80be05da0e8 8663 qemu_3.1+dfsg-8+deb10u6_source.buildinfo
Checksums-Sha256:
 5456c3ee75220ebc7f51a85f1ea12ac0679913f86da262f5963aa64b6d5bf34b 6155 qemu_3.1+dfsg-8+deb10u6.dsc
 1bf29191828888ea47829972ac6053013b4c21dc9f2707ef7d35c956039d1d3a 108880 qemu_3.1+dfsg-8+deb10u6.debian.tar.xz
 e2a674391acb25f5f2a259239e7b7b694a87287c4e01c9695e7b20af512b1ae6 8663 qemu_3.1+dfsg-8+deb10u6_source.buildinfo
Files:
 84bf6cd780f4c36fe48d69416fef2ecf 6155 otherosfs optional qemu_3.1+dfsg-8+deb10u6.dsc
 7b23cb41b4ad1d09e4d5b5c38ec5fd96 108880 otherosfs optional qemu_3.1+dfsg-8+deb10u6.debian.tar.xz
 7b6058ee8e6bdf9eb8b92dddcda80c9d 8663 otherosfs optional qemu_3.1+dfsg-8+deb10u6_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQFDBAEBCAAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAl8NjTkPHG1qdEB0bHMu
bXNrLnJ1AAoJEHAbT2saaT5ZProIAJ5pq7aoDUWKfNO8u02m8Xut/88PI/cgYa9I
inck/BvYFDRYKnZXyrPw4BVKaHkmKVSj+O/k5ZAGjnhZdKOeicZ4Ww9QQ5fNADZ2
XMB2/YFkCp3BZrJgNQgcjg48uOwaeommXwmaGjGubI5BQ6C/9gpzzoaTe7aJp/Ef
GGjc0bNq5v1Ks26ZU/oB/eaeetPOwL//cNj1sQxOoItohccAfe3/F0IpEjMZ6rhB
TvmlTDSFinrZZfpp34bVvSHvtrYD/SrDpPmimX2xAd7+Je2unqDXhIQj9sdAMix7
Z4B6+52zDgcbOJTfWQbIMPDepbJFPLBZuU0YG94vCv9CVc25dMg=
=GCc2
-----END PGP SIGNATURE-----