Package: qemu Severity: important Tags: security Tags: fixed 0.9.1+svn20081101-1
Hi, The following CVE (Common Vulnerabilities & Exposures) id was published for qemu. CVE-2008-4539[0]: | Heap-based buffer overflow in the Cirrus VGA implementation in (1) KVM | before kvm-82 and (2) QEMU on Debian GNU/Linux and Ubuntu might allow | local users to gain privileges by using the VNC console for a | connection, aka the LGD-54XX "bitblt" heap overflow. NOTE: this issue | exists because of an incorrect fix for CVE-2007-1320. This is already fixed in version 0.9.1+svn20081101-1 in unstable. Please coordinate with the security team ([email protected]) to prepare packages for the stable releases. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4539 http://security-tracker.debian.net/tracker/CVE-2008-4539 -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
