Package: qemu-system, qemu-kvm Version: 1.1.2+dfsg-1 Severity: serious Tags: security upstream patch wheezy jessie
CVE-2014-2894, a guest-triggerable out of bounds memory access using IDE SMART commands. This can lead to qemu process memory corruption and potentially (unlikely) to invalid code execution with host qemu process privileges. Introduced past 2009. Qemu 0.12 (on squeeze, oldstable) is not affected, wheezy/stable and current testing are affected, fixed in upstream 2.0 which is currently in sid. /mjt -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org