Accepted qemu 1:5.2+dfsg-11+deb11u2 (source) into proposed-updates->stable-new, proposed-updates
- To: debian-changes@lists.debian.org
- Subject: Accepted qemu 1:5.2+dfsg-11+deb11u2 (source) into proposed-updates->stable-new, proposed-updates
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Sat, 14 May 2022 11:47:22 +0000
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id:Subject: Content-Transfer-Encoding:Content-Type:MIME-Version:To:Reply-To:From:Cc: Content-ID:Content-Description:In-Reply-To:References; bh=B128Pkl2c+/jPwJ0q2o8TUuO3/mkWGIyfDtb3fPALPI=; b=ZHsRJIjDFhCWAWVXB5MB7uaTZQ T9HHsL6jm4S1TFyXEEUcP5h9EarBLSuJU2QiHvv7Z23O0BOOZ4228lwbESNvnvpCKk1mDGd2+h9Zd /RF2uD2eeqLZvMGC7lhrLK/eFJY3PZdbrmPEEURjAYF9FdjLmgHj+iVSg0AbMQhc4NCKn0XXiBsIO ET7GpwS66tbZsSevUVKa5/0YAN8LCBYdIiuUmBMnWswRKchRfAZgSTkbFq7s78A2AGyEWXDTaYf7c HJMB7QBvbN/KPgVYObxyKGpUPUi62cWOdKC7qVt6xm0K3Hry6MZxU6AuEJJ4Dpz7/Nem1ILj/pPk/ JBLGJ+OQ==;
- Mail-followup-to: debian-devel@lists.debian.org
- Message-id: <E1npqF0-0005TV-0p@fasolo.debian.org>
- Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 04 May 2022 22:50:01 +0300
Source: qemu
Architecture: source
Version: 1:5.2+dfsg-11+deb11u2
Distribution: bullseye-security
Urgency: medium
Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>
Changed-By: Michael Tokarev <mjt@tls.msk.ru>
Changes:
qemu (1:5.2+dfsg-11+deb11u2) bullseye-security; urgency=medium
.
* virtio-net-fix-map-leaking-on-error-during-receive-CVE-2022-26353.patch
fix memory leak after fix for CVE-2021-3748
* vhost-vsock-detach-the-virqueue-element-on-error-CVE-2022-26354.patch
vhost-sock device was not detaching invalid element from
the virtqueue on error
* ui-cursor-fix-integer-overflow-in-cursor_alloc-CVE-2021-4206.patch,
display-qxl-render-fix-race-condition-in-qxl_cursor-CVE-2021-4207.patch
two flaws can lead to allocation of small cursor object followed by a
subsequent heap-based buffer overflow with a potential for executing
arbitrary code within the context of QEMU process
* virtiofsd-drop-membership-of-all-supplementary-group-CVE-2022-0358.patch
potential group escalation allowed by virtiofsd
Checksums-Sha1:
d3d88738d0ae4893edd1d96b854d8f5aad5c8f40 6636 qemu_5.2+dfsg-11+deb11u2.dsc
03264bd6f417b16c6f87874a3c4840381005946d 125164 qemu_5.2+dfsg-11+deb11u2.debian.tar.xz
fb3605462e1c72f67e660b03c9a769adb5bf6cbf 12418 qemu_5.2+dfsg-11+deb11u2_source.buildinfo
Checksums-Sha256:
6c3675cb803c23c1c2133e7c0bafccb8e9bd4a752c969f483cfc76583181f3d7 6636 qemu_5.2+dfsg-11+deb11u2.dsc
6204ddd09ec5965120bcf10a464dca9558f14ed3da83f00b6db141c85cd71cc6 125164 qemu_5.2+dfsg-11+deb11u2.debian.tar.xz
a94f1a1eefd43cc417a6eadf274c434b04659feb5494a8fb11824f9628a27d82 12418 qemu_5.2+dfsg-11+deb11u2_source.buildinfo
Files:
33f16747ad236e046439bb123ebe5bd3 6636 otherosfs optional qemu_5.2+dfsg-11+deb11u2.dsc
ea8c9aa3537c62419f24c66eb7956a09 125164 otherosfs optional qemu_5.2+dfsg-11+deb11u2.debian.tar.xz
8db623b19b0d9d602b745e2be0bab539 12418 otherosfs optional qemu_5.2+dfsg-11+deb11u2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQFDBAEBCAAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAmJ1Ju0PHG1qdEB0bHMu
bXNrLnJ1AAoJEHAbT2saaT5ZAEkIAI/QmqyCETqJ6LjCoOG8icxLoDwkN/v+FfFA
ORN70wS1cm6tDfzwT8oruyjbIVx3kVGvqgIajvbd7DetfGkch/ZMMWEAgjxl6EfO
tmLXYn6epNGlRqbPIH9UIOG6Xw6B4gkH6Ty8H4886OT2NIE0OBUysUbkYcZkXsig
c6aQCFU8x83zGbBm7rQet1h8+DKlxZtEH2Flxo1jjUiMPmLuXJTNip+wJqcgs83q
0ftYtuh7E6PKZ/EaEXIKz5V8XMws7tneP1JwF9wauFSoeWmMMQK4qogba/V1cmFH
5cmGxd3Nu5njPmF8BbOOF/aRkY4Ww8qKAjLy38xpe+8+3IfAY8M=
=B5gp
-----END PGP SIGNATURE-----