[ubuntu/artful-proposed] qemu 1:2.8+dfsg-3ubuntu3 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Thu May 18 16:15:15 UTC 2017
qemu (1:2.8+dfsg-3ubuntu3) artful; urgency=medium
* SECURITY UPDATE: denial of service via leak in virtFS
- debian/patches/CVE-2017-7377.patch: fix file descriptor leak in
hw/9pfs/9p.c.
- CVE-2017-7377
* SECURITY UPDATE: denial of service in cirrus_vga
- debian/patches/CVE-2017-7718.patch: check parameters in
hw/display/cirrus_vga_rop.h.
- CVE-2017-7718
* SECURITY UPDATE: code execution via cirrus_vga OOB r/w
- debian/patches/CVE-2017-7980-1.patch: handle negative pitch in
hw/display/cirrus_vga.c.
- debian/patches/CVE-2017-7980-2.patch: allow zero source pitch in
hw/display/cirrus_vga.c.
- debian/patches/CVE-2017-7980-3.patch: fix blit address mask handling
in hw/display/cirrus_vga.c.
- debian/patches/CVE-2017-7980-4.patch: fix patterncopy checks in
hw/display/cirrus_vga.c.
- debian/patches/CVE-2017-7980-5.patch: revert allow zero source pitch
in hw/display/cirrus_vga.c.
- debian/patches/CVE-2017-7980-6.patch: stop passing around dst
pointers in hw/display/cirrus_vga.c, hw/display/cirrus_vga_rop.h,
hw/display/cirrus_vga_rop2.h.
- debian/patches/CVE-2017-7980-7.patch: stop passing around src
pointers in hw/display/cirrus_vga.c, hw/display/cirrus_vga_rop.h,
hw/display/cirrus_vga_rop2.h.
- debian/patches/CVE-2017-7980-8.patch: fix off-by-one in
hw/display/cirrus_vga_rop.h.
- debian/patches/CVE-2017-7980-9.patch: fix cirrus_invalidate_region in
hw/display/cirrus_vga.c.
- CVE-2017-7980
* SECURITY UPDATE: denial of service via memory leak in virtFS
- debian/patches/CVE-2017-8086.patch: fix leak in hw/9pfs/9p-xattr.c.
- CVE-2017-8086
* SECURITY UPDATE: denial of service via leak in audio
- debian/patches/CVE-2017-8309.patch: release capture buffers in
audio/audio.c.
- CVE-2017-8309
* SECURITY UPDATE: denial of service via leak in keyboard
- debian/patches/CVE-2017-8379-1.patch: limit kbd queue depth in
ui/input.c.
- debian/patches/CVE-2017-8379-2.patch: don't queue delay if paused in
ui/input.c.
- CVE-2017-8379
Date: Thu, 18 May 2017 09:20:54 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/qemu/1:2.8+dfsg-3ubuntu3
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 18 May 2017 09:20:54 -0400
Source: qemu
Binary: qemu qemu-system qemu-block-extra qemu-system-common qemu-system-misc qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc qemu-system-x86 qemu-user qemu-user-static qemu-user-binfmt qemu-utils qemu-guest-agent qemu-kvm qemu-system-aarch64 qemu-system-s390x
Architecture: source
Version: 1:2.8+dfsg-3ubuntu3
Distribution: artful
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
qemu - fast processor emulator
qemu-block-extra - extra block backend modules for qemu-system and qemu-utils
qemu-guest-agent - Guest-side qemu-system agent
qemu-kvm - QEMU Full virtualization
qemu-system - QEMU full system emulation binaries
qemu-system-aarch64 - QEMU full system emulation binaries (aarch64)
qemu-system-arm - QEMU full system emulation binaries (arm)
qemu-system-common - QEMU full system emulation binaries (common files)
qemu-system-mips - QEMU full system emulation binaries (mips)
qemu-system-misc - QEMU full system emulation binaries (miscellaneous)
qemu-system-ppc - QEMU full system emulation binaries (ppc)
qemu-system-s390x - QEMU full system emulation binaries (s390x)
qemu-system-sparc - QEMU full system emulation binaries (sparc)
qemu-system-x86 - QEMU full system emulation binaries (x86)
qemu-user - QEMU user mode emulation binaries
qemu-user-binfmt - QEMU user mode binfmt registration for qemu-user
qemu-user-static - QEMU user mode emulation binaries (static version)
qemu-utils - QEMU utilities
Changes:
qemu (1:2.8+dfsg-3ubuntu3) artful; urgency=medium
.
* SECURITY UPDATE: denial of service via leak in virtFS
- debian/patches/CVE-2017-7377.patch: fix file descriptor leak in
hw/9pfs/9p.c.
- CVE-2017-7377
* SECURITY UPDATE: denial of service in cirrus_vga
- debian/patches/CVE-2017-7718.patch: check parameters in
hw/display/cirrus_vga_rop.h.
- CVE-2017-7718
* SECURITY UPDATE: code execution via cirrus_vga OOB r/w
- debian/patches/CVE-2017-7980-1.patch: handle negative pitch in
hw/display/cirrus_vga.c.
- debian/patches/CVE-2017-7980-2.patch: allow zero source pitch in
hw/display/cirrus_vga.c.
- debian/patches/CVE-2017-7980-3.patch: fix blit address mask handling
in hw/display/cirrus_vga.c.
- debian/patches/CVE-2017-7980-4.patch: fix patterncopy checks in
hw/display/cirrus_vga.c.
- debian/patches/CVE-2017-7980-5.patch: revert allow zero source pitch
in hw/display/cirrus_vga.c.
- debian/patches/CVE-2017-7980-6.patch: stop passing around dst
pointers in hw/display/cirrus_vga.c, hw/display/cirrus_vga_rop.h,
hw/display/cirrus_vga_rop2.h.
- debian/patches/CVE-2017-7980-7.patch: stop passing around src
pointers in hw/display/cirrus_vga.c, hw/display/cirrus_vga_rop.h,
hw/display/cirrus_vga_rop2.h.
- debian/patches/CVE-2017-7980-8.patch: fix off-by-one in
hw/display/cirrus_vga_rop.h.
- debian/patches/CVE-2017-7980-9.patch: fix cirrus_invalidate_region in
hw/display/cirrus_vga.c.
- CVE-2017-7980
* SECURITY UPDATE: denial of service via memory leak in virtFS
- debian/patches/CVE-2017-8086.patch: fix leak in hw/9pfs/9p-xattr.c.
- CVE-2017-8086
* SECURITY UPDATE: denial of service via leak in audio
- debian/patches/CVE-2017-8309.patch: release capture buffers in
audio/audio.c.
- CVE-2017-8309
* SECURITY UPDATE: denial of service via leak in keyboard
- debian/patches/CVE-2017-8379-1.patch: limit kbd queue depth in
ui/input.c.
- debian/patches/CVE-2017-8379-2.patch: don't queue delay if paused in
ui/input.c.
- CVE-2017-8379
Checksums-Sha1:
c4f17afe116d3c37a2c4a7a48efb223bb6452825 6263 qemu_2.8+dfsg-3ubuntu3.dsc
2c5873668f3a67a8bcc723462c05b29187480604 128804 qemu_2.8+dfsg-3ubuntu3.debian.tar.xz
c496fb5a1a5e69ae2ac81dba3932fba1093bc59b 13378 qemu_2.8+dfsg-3ubuntu3_source.buildinfo
Checksums-Sha256:
36b8ee7b2c1ec7338b2a91efbba50c79af7ecfee45360f7e3de65d0a51f71ee0 6263 qemu_2.8+dfsg-3ubuntu3.dsc
efe6e0f37334eb172a4400979fe142a5bae3be3b31dd4c05750a590122330549 128804 qemu_2.8+dfsg-3ubuntu3.debian.tar.xz
d143a5c63850ebfbf1c4179054bc08e7b8d73cba83aeaac0b457b58cd4b07100 13378 qemu_2.8+dfsg-3ubuntu3_source.buildinfo
Files:
34960529c0973bb97b7100610be5a280 6263 otherosfs optional qemu_2.8+dfsg-3ubuntu3.dsc
348e291fedc10d0db022d72774be9b65 128804 otherosfs optional qemu_2.8+dfsg-3ubuntu3.debian.tar.xz
0b6c8a07309d197a59ddf372eccf9274 13378 otherosfs optional qemu_2.8+dfsg-3ubuntu3_source.buildinfo
Original-Maintainer: Debian QEMU Team <pkg-qemu-devel at lists.alioth.debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJZHcbtAAoJEGVp2FWnRL6T954QAJxfgTk/Kiji3So64Jb2mKeL
kWHh/2mbEYu+MaauItLsz/k7dgcdKcOAvzOb0c2jAgQFLkb4J3jn96oQfljogpgO
sA9IkCndD6OPZjMWt4NypZ8h04a/XjzwRX50kEqecNhx4BnaEjFQUh2NtLgtNgXE
AXLlXXTBaLA4/z2jyG+t4mjzDWtYv/ZKb41Oz6lY39G7FP12BodA7LeljDGTZNr7
UbllezOMkwoUXbAvw48wA3Ep1Pmo1LUuzsJhkFuQF7wWa/wZrG3tK7AjyAGUk75y
JbEyWcbyEodbr0f2xr6GfAyutK1eAZEkB2VgRreByNeuGWrOCwM9UBfCuwC7GiRg
F2Mb2gYzDC2IxarFaDrejscXt7xV++OHICwI7Hn9eYJCLk07My6XPETMbI+YhfrJ
8UXuTie0xLGAVZDVzFnyqGkShaE+lPeAW5UU4WoxP8035l+ehi54VNGeOtyB8puJ
V2S4yG9LIgOyQ8BmIVolXN7fer5VmQsoz+CU1+xdrlp7nqToJH6d3E6riTkaOfg+
le0fP2gIX2+MhA2VmtB1uQuRf6uZwEGLrhw2rICQprs3aNdJAdzgvNwCBi8kuaw/
On4ueTohk8lbd82Y+4FaDKrf+FkIrMTP4ULEPBJH7JFgVVHK6Abfl/4+V7RtndRE
b4dHgaHzuQ6j3FPkl3gl
=inyJ
-----END PGP SIGNATURE-----
More information about the Artful-changes
mailing list