Source: qemu Version: 0.12.5+dfsg-3squeeze1 Severity: grave Tags: security upstream patch
All versions of qemu (and qemu-kvm) since 2004 have a flaw in handling VT100 escape sequences when emulating some devices with a virtual console backend. More information can be found at redhat bugreport there: https://bugzilla.redhat.com/show_bug.cgi?id=851252 and Xen Security Advisory at http://seclists.org/oss-sec/2012/q3/381 . This issue has been fixed in upstream version 1.1.2 (and 1.2.0), and affects all current versions of Debian. I'll prepare the security fixes in the nearest future. /mjt -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
