Source: qemu Version: 2.1+dfsg-1 Severity: important Tags: security patch upstream fixed-upstream pending
CVE-2015-8550 (XSA-155). xenfb and xen/blkif reads shared memory contents more than once which open possibility to verification bypass from guest. http://xenbits.xen.org/xsa/advisory-155.html The issue has been fixed past upstream 2.5.0 release. Filing this bug against qemu version 2.1 (jessie), because in Debian, only in jessie xen uses qemu. Before jessie, xen used its own copy of qemu. _______________________________________________ Secure-testing-team mailing list Secure-testing-team@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team