-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Tue, 20 May 2008 13:28:14 +0000 Source: kvm Binary: kvm kvm-data kvm-source Architecture: source all i386 Version: 66+dfsg-1.1 Distribution: unstable Urgency: high Maintainer: Jan Lübbe <[EMAIL PROTECTED]> Changed-By: Steffen Joeris <[EMAIL PROTECTED]> Description: kvm - Full virtualization on x86 hardware kvm-data - Data files for the KVM package kvm-source - Source for the KVM driver Closes: 480011 481204 Changes: kvm (66+dfsg-1.1) unstable; urgency=high . * Non-maintainer upload by the security team * Merge the fixes for the security issues in the embedded qemu version (Closes: #480011) Thanks to Jamie Strandboge - Add CVE-2007-1320+1321+1322+1366+2893.patch from from qemu 0.9.1-1 to address the following issues: - Cirrus LGD-54XX "bitblt" heap overflow. - NE2000 "mtu" heap overflow. - QEMU "net socket" heap overflow. - QEMU NE2000 "receive" integer signedness error. - Infinite loop in the emulated SB16 device. - Unprivileged "aam" instruction does not correctly handle the undocumented divisor operand. - Unprivileged "icebp" instruction will halt emulation. * Include patch which defaults to existing behaviour (probing based on file contents), so it still requires the mgmt app (e.g. libvirt xml) to pass a new "format=raw" parameter for raw disk images - Fixes possible privilege escalation, which could allow guest users to read arbitrary files on the host by modifying the header to identify a different format (Closes: #481204) Fixes: CVE-2008-2004 Checksums-Sha1: 91a99c6cd0fb41e7ce54e413f1d8b1ca939f9347 1308 kvm_66+dfsg-1.1.dsc d03b192d199763803083e1c88d3fbe7ac80f35c5 34347 kvm_66+dfsg-1.1.diff.gz 3b32e47d274d621c760209cc686a14a232295e6e 186850 kvm-data_66+dfsg-1.1_all.deb 7d84ae37e8f8fb08e49efed0f9f659a18acee34d 158952 kvm-source_66+dfsg-1.1_all.deb 917f2b97235de8ee38254f42b1a428208fada0d5 632944 kvm_66+dfsg-1.1_i386.deb Checksums-Sha256: a66a2f026ba401e7a0115b1923bd86e52390e2015a58ceb4637b4f5e18abc1ce 1308 kvm_66+dfsg-1.1.dsc 0d65d3c69bf308ddce0f37c23e36fb1a3a69ed245729646293932e54b248deff 34347 kvm_66+dfsg-1.1.diff.gz f25066a3281482ae0f2c043a954c1b566d39a66a3b5eac5e9aec35ff9f6456b8 186850 kvm-data_66+dfsg-1.1_all.deb 37934401158248b77f3daa3ed9fdf1aa1ba268efc7491788eafbc39bc7fa538e 158952 kvm-source_66+dfsg-1.1_all.deb f4c635a3927c2b19d1c3fafe4df16096a54113144c4e149fc9960562195657bf 632944 kvm_66+dfsg-1.1_i386.deb Files: 23def165ed98f21c558245099146b41d 1308 misc optional kvm_66+dfsg-1.1.dsc 5d3bf47baebe9a89d771b30830c9df92 34347 misc optional kvm_66+dfsg-1.1.diff.gz 6b0557c6e139d5803f0878438d49a281 186850 misc optional kvm-data_66+dfsg-1.1_all.deb 0528a7efdd3d30b8d28c4e0674ec28c1 158952 misc optional kvm-source_66+dfsg-1.1_all.deb 202bae86a7d24a0d3270fd91c440922e 632944 misc optional kvm_66+dfsg-1.1_i386.deb
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFIMuDa62zWxYk/rQcRAhzzAKCtHxSlNFh0pwUMOb8jHmMkmRY3owCfWCiJ Nd8wh9rdLpYp6KU6pkcSqD0= =H9hM -----END PGP SIGNATURE----- Accepted: kvm-data_66+dfsg-1.1_all.deb to pool/main/k/kvm/kvm-data_66+dfsg-1.1_all.deb kvm-source_66+dfsg-1.1_all.deb to pool/main/k/kvm/kvm-source_66+dfsg-1.1_all.deb kvm_66+dfsg-1.1.diff.gz to pool/main/k/kvm/kvm_66+dfsg-1.1.diff.gz kvm_66+dfsg-1.1.dsc to pool/main/k/kvm/kvm_66+dfsg-1.1.dsc kvm_66+dfsg-1.1_i386.deb to pool/main/k/kvm/kvm_66+dfsg-1.1_i386.deb -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]