-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Wed, 11 Sep 2019 11:56:13 +0200
Source: qemu
Binary: qemu qemu-system qemu-system-common qemu-system-misc qemu-system-arm
qemu-system-mips qemu-system-ppc qemu-system-sparc qemu-system-x86 qemu-user
qemu-user-static qemu-user-binfmt qemu-utils qemu-guest-agent qemu-kvm
Architecture: source amd64
Version: 1:2.1+dfsg-12+deb8u12
Distribution: jessie-security
Urgency: medium
Maintainer: Debian QEMU Team
Changed-By: Sylvain Beucler
Description:
qemu - fast processor emulator
qemu-guest-agent - Guest-side qemu-system agent
qemu-kvm - QEMU Full virtualization on x86 hardware
qemu-system - QEMU full system emulation binaries
qemu-system-arm - QEMU full system emulation binaries (arm)
qemu-system-common - QEMU full system emulation binaries (common files)
qemu-system-mips - QEMU full system emulation binaries (mips)
qemu-system-misc - QEMU full system emulation binaries (miscelaneous)
qemu-system-ppc - QEMU full system emulation binaries (ppc)
qemu-system-sparc - QEMU full system emulation binaries (sparc)
qemu-system-x86 - QEMU full system emulation binaries (x86)
qemu-user - QEMU user mode emulation binaries
qemu-user-binfmt - QEMU user mode binfmt registration for qemu-user
qemu-user-static - QEMU user mode emulation binaries (static version)
qemu-utils - QEMU utilities
Changes:
qemu (1:2.1+dfsg-12+deb8u12) jessie-security; urgency=medium
.
* Non-maintainer upload by the LTS team.
.
[Mike Gabriel]
* CVE-2017-9375: Track xhci_kick_ep processing being active in a variable.
Check the variable at the beginning of xhci_kick_ep. Add an assert right
before processing the kick.
* CVE-2019-12155: qxl: Check release info object. When releasing spice
resources in release_resource() routine, if release info object
'ext.info' is null, it leads to null pointer dereference. Add check
to avoid it.
* CVE-2016-5403: virtio: error out if guest exceeds virtqueue size. Plus
set vq->inuse correctly at various places.
* CVE-2016-5126: block/iscsi: avoid potential overflow of acb->task->cdb.
* Remove unused/redundant patch files.
.
[Sylvain Beucler]
* CVE-2019-12068: scsi: lsi: exit infinite loop while executing script
* CVE-2019-13164: qemu-bridge-helper.c in QEMU 4.0.0 does not ensure
that a network interface name (obtained from bridge.conf or a
--br=bridge option) is limited to the IFNAMSIZ size, which can
lead to an ACL bypass.
* CVE-2019-14378: ip_reass in ip_input.c in libslirp has a
heap-based buffer overflow via a large packet because it
mishandles a case involving the first fragment.
* CVE-2019-15890: libslirp has a use-after-free in ip_reass in ip_input.c.
Checksums-Sha1:
4acefb7d871bc0d17f87c7970d2fcf560a3d971f 5193 qemu_2.1+dfsg-12+deb8u12.dsc
964a44f2db3bc24ebe0e1cb4e445ea14dd54e9ad 223924
qemu_2.1+dfsg-12+deb8u12.debian.tar.xz
fa3a787fe60a85d5d3dfba8ea05439bb5b719809 126996
qemu_2.1+dfsg-12+deb8u12_amd64.deb
5ed3b13f43d2e55d0f31972c163d22d1da0ad5ed 56230
qemu-system_2.1+dfsg-12+deb8u12_amd64.deb
3cc4435e0aa76321a87630d7bf09b10eee75675b 286938
qemu-system-common_2.1+dfsg-12+deb8u12_amd64.deb
07dbe5deecd3800e0848ff36e2a8446e8767a182 4795244
qemu-system-misc_2.1+dfsg-12+deb8u12_amd64.deb
9295641efd9cfd44694eb1e423e075f84f0e23ab 2240822
qemu-system-arm_2.1+dfsg-12+deb8u12_amd64.deb
a5eae3703d9f833ffa5b8ee476fff37c61c52f9b 2841670
qemu-system-mips_2.1+dfsg-12+deb8u12_amd64.deb
b332d823ae8c9cb05d144e72c3ad5112fcb65088 2750384
qemu-system-ppc_2.1+dfsg-12+deb8u12_amd64.deb
112d0b66616a81ad7989ee9867672261a8afcca2 1673754
qemu-system-sparc_2.1+dfsg-12+deb8u12_amd64.deb
3c28434b3a212c8f10f1c75b79c9b0c69b2c47c9 2050640
qemu-system-x86_2.1+dfsg-12+deb8u12_amd64.deb
1c3cdde2d2f54761263c9166fba43200d4c6505c 6114562
qemu-user_2.1+dfsg-12+deb8u12_amd64.deb
ea0ef1aaafb429abe81946a93d07d466b99f6a60 8393026
qemu-user-static_2.1+dfsg-12+deb8u12_amd64.deb
d3ad6dd0db93f0236f5bf05bc71bcb34c7170a99 2932
qemu-user-binfmt_2.1+dfsg-12+deb8u12_amd64.deb
f85bab6b6c469efd0208da378e025c8f45cf885b 487968
qemu-utils_2.1+dfsg-12+deb8u12_amd64.deb
5ffd889d65f4fdc57d5773d15818738da88fd1ea 140284
qemu-guest-agent_2.1+dfsg-12+deb8u12_amd64.deb
3a326759e3eb4e7e41c8cc02fe085e176806899f 56894
qemu-kvm_2.1+dfsg-12+deb8u12_amd64.deb
Checksums-Sha256:
9798c54b3cc0e1aa5baac8c5269ecf989ab65c091647c283d747141ad7440f41 5193
qemu_2.1+dfsg-12+deb8u12.dsc
7fed0281e9e41bb1cd1517223ce57c95cf69765551a070f457653c859802bbf6 223924
qemu_2.1+dfsg-12+deb8u12.debian.tar.xz
1197c0aeec9a512101dfbf723414c39c6c65e995eb4b7cfddba1e6436e05b349 126996
qemu_2.1+dfsg-12+deb8u12_amd64.deb
39729d2e28265e1612cb861e762771dbb703431bb0aee083a6afc743f1e45bb9 56230
qemu-system_2.1+dfsg-12+deb8u12_amd64.deb
6533502e56c381d08cb2e7a84594fa57cb3e1b5be6bea65e417874c3abaebd4b 286938
qemu-system-common_2.1+dfsg-12+deb8u12_amd64.deb