Accepted qemu 1:3.1+dfsg-8+deb10u11 (source) into oldoldstable
- To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
- Subject: Accepted qemu 1:3.1+dfsg-8+deb10u11 (source) into oldoldstable
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Thu, 05 Oct 2023 16:10:18 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: qemu_3.1+dfsg-8+deb10u11_source.changes
- Debian-source: qemu
- Debian-suite: oldoldstable
- Debian-version: 1:3.1+dfsg-8+deb10u11
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.seger; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=hIRW/moeoFxpBnPzLMeSFjkC/kjQH8gXsoGtS+qZbZo=; b=cdbsrCifgFCSCeXoNefKjAUYs3 JezNngDRu9u4ihYqibL9pTNA0y2II5qs98MzYo3gP6H1QtJNDi+uxxw2ZrJXsQnX8nl31v+KH2hCn /0EiKx7mNQsfzY0hYNkBgvZN9L7nOMBMM+RFixr5bdEwpQFq3Li808oOpDfYl7+3A+aDgnccXbKzm ZYG3enyTXRFKEDyiKxdMVF/bq6MKzY621zidHNy1AnoSD6O9yOkzHV5at4n1OVNBZPK/H4j5FDgFV MAREE+/p/SDPnOWEPXxqoKhCDPizymK0lf3n2CqekPKsEycloNmJpkQZJizaQ7OyitzLyGCJQVf8C uAMzLw1g==;
- Mail-followup-to: debian-lts@lists.debian.org
- Message-id: <E1qoQva-00FGOD-N5@seger.debian.org>
- Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 05 Oct 2023 14:39:20 +0100
Source: qemu
Architecture: source
Version: 1:3.1+dfsg-8+deb10u11
Distribution: buster-security
Urgency: high
Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>
Changed-By: Sean Whitton <spwhitton@spwhitton.name>
Closes: 1029155
Changes:
qemu (1:3.1+dfsg-8+deb10u11) buster-security; urgency=high
.
* Non-maintainer upload by the LTS Security Team.
* CVE-2020-24165: Use-after-free race could lead to the execution of
arbitrary code.
* CVE-2023-0330: A DMA-MMIO reentrancy problem in the lsi53c895a device
may lead to memory corruption bugs like stack overflow or
use-after-free. (Closes: #1029155).
* CVE-2023-3180: The function virtio_crypto_sym_op_helper, part of the
implementation of qemu's virtual crypto device, does not check that
the values of 'src_len' and 'dst_len' are the same. This could lead
to a heap buffer overflow.
Checksums-Sha1:
13bb2abc09e394b8246513251fd87b7d26c4037c 6521 qemu_3.1+dfsg-8+deb10u11.dsc
215cfb335bdcb321817ee4cacf16e8e619dc67bf 145104 qemu_3.1+dfsg-8+deb10u11.debian.tar.xz
de13a8d82f120936a7a08ae2e16f5dba04772f06 15462 qemu_3.1+dfsg-8+deb10u11_source.buildinfo
Checksums-Sha256:
860db8af4a3dde04d74e57c0a6cdaccd00f313dd6afc331617879916c5bc7702 6521 qemu_3.1+dfsg-8+deb10u11.dsc
0b3bc555dde608d1fb7bd51f4631a8c2692f0633e59eb3f547b2690817859d93 145104 qemu_3.1+dfsg-8+deb10u11.debian.tar.xz
1caa151df1a1718500ad8075ba758338e25f3c3218b164f4c7239b1385ade428 15462 qemu_3.1+dfsg-8+deb10u11_source.buildinfo
Files:
f277b4f8c6f5cad6db436da0454a3677 6521 otherosfs optional qemu_3.1+dfsg-8+deb10u11.dsc
d3bad46744ff22c29eb342b068d70864 145104 otherosfs optional qemu_3.1+dfsg-8+deb10u11.debian.tar.xz
0277a2b4c99ff54f495a29f5993f3f41 15462 otherosfs optional qemu_3.1+dfsg-8+deb10u11_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJNBAEBCgA3FiEEm5FwB64DDjbk/CSLaVt65L8GYkAFAmUe27oZHHNwd2hpdHRv
bkBzcHdoaXR0b24ubmFtZQAKCRBpW3rkvwZiQFqkD/9a4gRpDBhhCDyFMI1PqZds
fwUhgX9ALeQz0d1006f215odFtPh9uu+E6T69eDIAmeJq/gaOQ32zBCR42w7xIaN
CBNTDhOpGwc61ZD/JC17G6tbXXz1/u/VzIEQIpnWpj4UHnNEVcdM/7pNCH0xaC7Z
bvWI9JNMsWfwNRjyi+AKKTgu4TQ02ZWwGhXhd2BGyepawX6/LxKign564vp8CB+e
N6GE9+S5JZkM3isYsjkyrhlQykf3/KHvsFcaYDEJ94bKyNiBDjeynoTjQ+XWC8Ih
HBhaRs66vJe45OMAcFl0c4Wv1ltWfKYcV5/MVFoeehx3B3F68OZ/wDzNnGoB5WHJ
C7EdNG8/tMsxHdY8shNkS5dpcZPPxWbBDwx57CV86qaPz5DQZEiGs67qsZdc1TVr
NPPF04wrHzRDhOmcIj7xeH2YAaOLNd3gTFYW9z5A8ZmBB1nKhCOfENBuswe9KDZP
i7/ncm8a38M/qHvbQOHLO+qKZl6nn4CHEAczDnnXPIGpx2nFfMapMgIpeHcGsz6s
xH35dOZ78kvztR3Mgwj/SgG+WvW6c6Tfbiy4gYS3vZn1r8Bm3Df4u+HPE9/t4m05
unIT5v2BUenr4ZnBAxChxRVkmlsoficzhO7N9SXWhMfw3x/2aR1H+0v5qMCDI12A
9OYcSQgTJO2iBo+6n1xdyw==
=3Jrx
-----END PGP SIGNATURE-----