[ubuntu/disco-proposed] qemu 1:3.1+dfsg-2ubuntu1 (Accepted)
Christian Ehrhardt
christian.ehrhardt at canonical.com
Fri Jan 25 08:30:19 UTC 2019
qemu (1:3.1+dfsg-2ubuntu1) disco; urgency=medium
* Merge with Debian testing, Among many other things this fixes LP Bugs:
LP: #1806104 - fix misleading page size error on ppc64el
LP: #1782205 - SnowRidge enabled new ISAs
LP: #1786956 - upgrade to qemu >= 3.0
LP: #1809083 - Backward migration to Xenial on ppc64el
LP: #1803315 - s390x Huge page enablement
LP: #1657409 - enable virglrenderer
Remaining Changes:
- qemu-kvm to systemd unit
- d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
hugepages and architecture specifics
- d/qemu-kvm.service: systemd unit to call qemu-kvm-init
- d/qemu-system-common.install: install systemd unit and helper script
- d/qemu-system-common.maintscript: clean old sysv and upstart scripts
- d/qemu-system-common.qemu-kvm.default: defaults for
/etc/default/qemu-kvm
- d/rules: install /etc/default/qemu-kvm
- Enable nesting by default
- d/qemu-system-x86.modprobe: set nested=1 module option on intel.
(is default on amd)
- d/qemu-system-x86.postinst: re-load kvm_intel.ko if it was loaded
without nested=1
- d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
in qemu64 cpu type.
- d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
in qemu64 on amd
- d/qemu-system-x86.README.Debian: document intention of nested being
default is comfort, not full support
- Distribution specific machine type (LP: 1304107 1621042 1776189 1761372)
- d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
types
- d/qemu-system-x86.NEWS Info on fixed machine type defintions
for host-phys-bits=true (LP: 1776189)
- add an info about -hpb machine type in debian/qemu-system-x86.NEWS
- d/p/ubuntu/lp-1761372-*: provide pseries-bionic-2.11-sxxm type as
convenience with all meltdown/spectre workarounds enabled by default.
(LP: 1761372).
- improved dependencies
- Make qemu-system-common depend on qemu-block-extra
- Make qemu-utils depend on qemu-block-extra
- let qemu-utils recommend sharutils
- s390x support
- Create qemu-system-s390x package
- Enable numa support for s390x
- arch aware kvm wrappers
- d/control: update VCS links (updated to match latest Ubuntu)
- qemu-guest-agent: freeze-hook fixes (LP: 1484990)
- d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook
- d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d
- d/control-in: enable RDMA support in qemu (LP: 1692476)
- enable RDMA config option
- add libibumad-dev build-dep
- tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
- d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
reference 256k path
- d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
handle incoming migrations from former releases.
- d/control-in: Disable capstone disassembler library support (universe)
* Added Changes:
- d/p/ubuntu/define-ubuntu-machine-types.patch: update machine type changes
for qemu 3.1 in the Ubuntu Disco release
- d/p/ubuntu/lp-1759509-* fix waking up VMs from dompmsuspend (LP: #1759509)
- Move s390x roms to a new qemu-system-data-s390x
- d/qemu-system-data.install: install s390x roms as architecture:all in
qemu-system-data
- d/rules: build s390-ccw.img with upstream Makefile
- d/rules: build s390x-netboot.img with upstream Makefile
- d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch: bring back
some SLOF bits stripped in DFSG to be able to build s390x-netboot roms
As that hack to build s390-ccw.img rom can't build s390x-netboot.img
replace it with a build-indep using the upstream makefiles.
This is less prone to miss future changes/fixes that are done to the
makefiles
- d/control-in: add breaks/replaces for moving s390x roms from
qemu-system-s390x to qemu-system-data
- remove /dev/kvm permission handling (moved to systemd 239-6) (#892945)
[From not yet uploaded Debian branch]
- d/p/debianize-qemu-guest-service.patch: fix path of qemu-ga
(Closes: #918378)
- d/rules: fix qemu-kvm service for debhelper compat >=12
- d/p/ubuntu/Revert-target-i386-kvm-add-VMX-migration-blocker.patch:
avoid misdetection of simplified nesting blocking all migrations
- d/p/ubuntu/lp-1812384-s390x-Return-specification-exception-for-
unimplement.patch: properly return archicture defined exception
on bad subcodes of diag 308 (LP: #1812384)
* Dropped Changes:
- Include s390-ccw.img firmware (old style native build)
- d/rules enable install s390x-netboot.img (old style native build)
- libvirt/qemu user/group support
- qemu-system-common.postinst: remove acl placed by udev, and add udevadm
trigger.
[ Droppable since logind properly sets ACLs now ]
- qemu-system-common.preinst: add kvm group if needed
[ Droppable because systemd/udev take care of it since 239-6]
- d/p/guest-agent-freeze-hook-skip-dpkg-artifacts.patch of qemu-guest-agent
freeze-hook fixes (LP: 1484990)
[upstream]
- d/p/ubuntu/CVE-2018-3639/* update for qemu 2.12 using the final patches
merged upstream
[upstream]
- d/p/ubuntu/CVE-2018-11806-slirp-correct-size.patch: slirp: correct size
computation while concatenating mbuf.
CVE-2018-11806
[upstream]
- d/p/ubuntu/lp-1781526-powerpc64-align-memory-THP.patch: align to 2MB
for powerpc64 to speed up translation (LP: 1781526)
[upstream]
- d/p/ubuntu/lp-1780773-s390x-cpumodels-add-z14-Model-ZR1.patch: Add
cpu model for z14 ZR1 (LP: 1780773).
[upstream]
- Mark qemu-system-data foreign to be able to install it e.g. on i386
(Closes: 903562)
[in Debian]
- d/control-in: qemu-keymaps is provided by qemu-system-data now (from yet
unreleased Debian version)
[in Debian]
- d/p/lp-1755912-qxl-fix-local-renderer-crash.patch: Fix an issue triggered
by migrations with UI frontends or frequent guest resolution changes
(LP #1755912)
[upstream]
- d//ubuntu/target-ppc-extend-eieio-for-POWER9.patch: Backport to
extend eieio for POWER9 emulation (LP: 1787408).
[upstream]
- d/p/ubuntu/lp-1789551-seccomp-set-the-seccomp-filter-to-all-threads.patch:
ensure that the seccomp blacklist is applied to all threads (LP: 1789551)
[upstream]
- improve s390x spectre mitigation with etoken facility (LP: 1790457)
[upstream]
- Update pxe netboot images for KVM s390x to qemu 3.0 level (LP: 1790901)
[upstream]
- d/control-in: our addition of a qemu-system-s390x package needs to follow
the split of qemu-system-data by adding a dependency to it (LP: 1798084)
[in Debian]
- debian/patches/ubuntu/lp1787405-*: Support guest dedicated Crypto
Adapters on s390x (LP: 1787405)
[upstream]
- enable opengl for vfio-MDEV support (LP: 1804766)
[in Debian]
- SECURITY UPDATE: integer overflow in NE2000 NIC emulation
[upstream]
- SECURITY UPDATE: integer overflow via crafted QMP command
[upstream]
- SECURITY UPDATE: OOB heap buffer r/w access in NVM Express Controller
[upstream]
- SECURITY UPDATE: buffer overflow in rtl8139
[upstream]
- SECURITY UPDATE: buffer overflow in pcnet
[upstream]
- SECURITY UPDATE: DoS via large packet sizes
[upstream]
- SECURITY UPDATE: DoS in lsi53c895a
[upstream]
- SECURITY UPDATE: Out-of-bounds r/w stack access in ppc64
[upstream]
- SECURITY UPDATE: race condition in 9p
[upstream]
qemu (1:3.1+dfsg-2) unstable; urgency=medium
* d/rules: split arch and indep builds
* enable s390x cross-compiler and build s390-ccw.img (Closes: #684909)
* build x86 optionrom in qemu-system-data (was in seabios/debian/)
* qemu-system-data: Multi-Arch: allowed=>foreign (Closes: #903562)
* fix Replaces: version for qemu-system-common (Closes: #916279)
* add simple udev rules file for systemd guest agent (Closes: #916674)
* usb-mtp-use-O_NOFOLLOW-and-O_CLOEXEC-CVE-2018-16872.patch
Race condition in usb_mtp implementation (Closes: #916397)
* bt-use-size_t-type-for-length-parameters-instead-of-int-CVE-2018-19665.patch
Memory corruption in bluetooth subsystem (Closes: #916278)
* hw_usb-fix-mistaken-de-initialization-of-CCID-state.patch (Closes: #917007)
* bump debhelper compat to 12 (>>11)
* d/rules: use dh_missing instead of dh_install --list-missing (compat=12)
* use dh_installsystemd for guest agent (Closes: #916625)
* mention closing by 3.1: Closes: #912655, CVE-2018-16847
* mention closing by 2.10:
Closes: #849798, CVE-2016-10028
Closes: CVE-2017-9060
Closes: CVE-2017-8284
qemu (1:3.1+dfsg-1) unstable; urgency=medium
* new upstream release (3.1)
* Security bugs fixed by upstream:
Closes: #910431, CVE-2018-10839:
integer overflow leads to buffer overflow issue
Closes: #911468, CVE-2018-17962
pcnet: integer overflow leads to buffer overflow
Closes: #911469, CVE-2018-17963
net: ignore packets with large size
Closes: #908682, CVE-2018-3639
qemu should be able to pass the ssbd cpu flag
Closes: #901017, CVE-2018-11806
m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow
via incoming fragmented datagrams
Closes: #902725, CVE-2018-12617
qmp_guest_file_read in qemu-ga has an integer overflow
Closes: #907500, CVE-2018-15746
qemu-seccomp might allow local OS guest users to cause a denial of service
Closes: #915884, CVE-2018-16867
dev-mtp: path traversal in usb_mtp_write_data of the MTP
Closes: #911499, CVE-2018-17958
Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c
because an incorrect integer data type is used
Closes: #911470, CVE-2018-18438
integer overflows because IOReadHandler and its associated functions
use a signed integer data type for a size value
Closes: #912535, CVE-2018-18849
lsi53c895a: OOB msg buffer access leads to DoS
Closes: #914604, CVE-2018-18954
pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu before 3.1
allows out-of-bounds write or read access to PowerNV memory
Closes: #914599, CVE-2018-19364
Use-after-free due to race condition while updating fid path
Closes: #914727, CVE-2018-19489
9pfs: crash due to race condition in renaming files
Closes: #912655, CVE-2018-16847
Out-of-bounds r/w buffer access in cmb operations
* remove patches which were applied upstream
* add new manpage qemu-cpu-models.7
* qemu-system-ppcemb is gone, use qemu-system-ppc[64]
* do-not-link-everything-with-xen.patch (trivial)
* get-orig-source: handle 3.x and 4.x, and remove roms again, as
upstream wants us to use separate source packages for that stuff
* move generated data from qemu-system-data back to qemu-system-common
* d/control: enable spice on arm64 (Closes: #902501)
(probably should enable on all)
* d/control: change git at salsa urls to https
* add qemu-guest-agent.service (Closes: #795486)
* enable opengl support and virglrenderer (Closes: #813658)
* simplify d/rules just a little bit
* build-depend on libudev-dev, for qga
Date: Tue, 08 Jan 2019 09:41:08 +0100
Changed-By: Christian Ehrhardt <christian.ehrhardt at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/qemu/1:3.1+dfsg-2ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 08 Jan 2019 09:41:08 +0100
Source: qemu
Binary: qemu qemu-system qemu-block-extra qemu-system-data qemu-system-common qemu-system-gui qemu-system-misc qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc qemu-system-x86 qemu-user qemu-user-static qemu-user-binfmt qemu-utils qemu-guest-agent qemu-kvm qemu-system-s390x
Architecture: source
Version: 1:3.1+dfsg-2ubuntu1
Distribution: disco
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Christian Ehrhardt <christian.ehrhardt at canonical.com>
Description:
qemu - fast processor emulator, dummy package
qemu-block-extra - extra block backend modules for qemu-system and qemu-utils
qemu-guest-agent - Guest-side qemu-system agent
qemu-kvm - QEMU Full virtualization on x86 hardware
qemu-system - QEMU full system emulation binaries
qemu-system-arm - QEMU full system emulation binaries (arm)
qemu-system-common - QEMU full system emulation binaries (common files)
qemu-system-data - QEMU full system emulation (data files)
qemu-system-gui - QEMU full system emulation binaries (user interface and audio sup
qemu-system-mips - QEMU full system emulation binaries (mips)
qemu-system-misc - QEMU full system emulation binaries (miscellaneous)
qemu-system-ppc - QEMU full system emulation binaries (ppc)
qemu-system-s390x - QEMU full system emulation binaries (s390x)
qemu-system-sparc - QEMU full system emulation binaries (sparc)
qemu-system-x86 - QEMU full system emulation binaries (x86)
qemu-user - QEMU user mode emulation binaries
qemu-user-binfmt - QEMU user mode binfmt registration for qemu-user
qemu-user-static - QEMU user mode emulation binaries (static version)
qemu-utils - QEMU utilities
Closes: 684909 795486 813658 849798 901017 902501 902725 903562 907500 908682 910431 911468 911469 911470 911499 912535 912655 914599 914604 914727 915884 916278 916279 916397 916625 916674 917007 918378
Launchpad-Bugs-Fixed: 1657409 1759509 1782205 1786956 1803315 1806104 1809083 1812384
Changes:
qemu (1:3.1+dfsg-2ubuntu1) disco; urgency=medium
.
* Merge with Debian testing, Among many other things this fixes LP Bugs:
LP: #1806104 - fix misleading page size error on ppc64el
LP: #1782205 - SnowRidge enabled new ISAs
LP: #1786956 - upgrade to qemu >= 3.0
LP: #1809083 - Backward migration to Xenial on ppc64el
LP: #1803315 - s390x Huge page enablement
LP: #1657409 - enable virglrenderer
Remaining Changes:
- qemu-kvm to systemd unit
- d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
hugepages and architecture specifics
- d/qemu-kvm.service: systemd unit to call qemu-kvm-init
- d/qemu-system-common.install: install systemd unit and helper script
- d/qemu-system-common.maintscript: clean old sysv and upstart scripts
- d/qemu-system-common.qemu-kvm.default: defaults for
/etc/default/qemu-kvm
- d/rules: install /etc/default/qemu-kvm
- Enable nesting by default
- d/qemu-system-x86.modprobe: set nested=1 module option on intel.
(is default on amd)
- d/qemu-system-x86.postinst: re-load kvm_intel.ko if it was loaded
without nested=1
- d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
in qemu64 cpu type.
- d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
in qemu64 on amd
- d/qemu-system-x86.README.Debian: document intention of nested being
default is comfort, not full support
- Distribution specific machine type (LP: 1304107 1621042 1776189 1761372)
- d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
types
- d/qemu-system-x86.NEWS Info on fixed machine type defintions
for host-phys-bits=true (LP: 1776189)
- add an info about -hpb machine type in debian/qemu-system-x86.NEWS
- d/p/ubuntu/lp-1761372-*: provide pseries-bionic-2.11-sxxm type as
convenience with all meltdown/spectre workarounds enabled by default.
(LP: 1761372).
- improved dependencies
- Make qemu-system-common depend on qemu-block-extra
- Make qemu-utils depend on qemu-block-extra
- let qemu-utils recommend sharutils
- s390x support
- Create qemu-system-s390x package
- Enable numa support for s390x
- arch aware kvm wrappers
- d/control: update VCS links (updated to match latest Ubuntu)
- qemu-guest-agent: freeze-hook fixes (LP: 1484990)
- d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook
- d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d
- d/control-in: enable RDMA support in qemu (LP: 1692476)
- enable RDMA config option
- add libibumad-dev build-dep
- tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
- d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
reference 256k path
- d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
handle incoming migrations from former releases.
- d/control-in: Disable capstone disassembler library support (universe)
* Added Changes:
- d/p/ubuntu/define-ubuntu-machine-types.patch: update machine type changes
for qemu 3.1 in the Ubuntu Disco release
- d/p/ubuntu/lp-1759509-* fix waking up VMs from dompmsuspend (LP: #1759509)
- Move s390x roms to a new qemu-system-data-s390x
- d/qemu-system-data.install: install s390x roms as architecture:all in
qemu-system-data
- d/rules: build s390-ccw.img with upstream Makefile
- d/rules: build s390x-netboot.img with upstream Makefile
- d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch: bring back
some SLOF bits stripped in DFSG to be able to build s390x-netboot roms
As that hack to build s390-ccw.img rom can't build s390x-netboot.img
replace it with a build-indep using the upstream makefiles.
This is less prone to miss future changes/fixes that are done to the
makefiles
- d/control-in: add breaks/replaces for moving s390x roms from
qemu-system-s390x to qemu-system-data
- remove /dev/kvm permission handling (moved to systemd 239-6) (#892945)
[From not yet uploaded Debian branch]
- d/p/debianize-qemu-guest-service.patch: fix path of qemu-ga
(Closes: #918378)
- d/rules: fix qemu-kvm service for debhelper compat >=12
- d/p/ubuntu/Revert-target-i386-kvm-add-VMX-migration-blocker.patch:
avoid misdetection of simplified nesting blocking all migrations
- d/p/ubuntu/lp-1812384-s390x-Return-specification-exception-for-
unimplement.patch: properly return archicture defined exception
on bad subcodes of diag 308 (LP: #1812384)
* Dropped Changes:
- Include s390-ccw.img firmware (old style native build)
- d/rules enable install s390x-netboot.img (old style native build)
- libvirt/qemu user/group support
- qemu-system-common.postinst: remove acl placed by udev, and add udevadm
trigger.
[ Droppable since logind properly sets ACLs now ]
- qemu-system-common.preinst: add kvm group if needed
[ Droppable because systemd/udev take care of it since 239-6]
- d/p/guest-agent-freeze-hook-skip-dpkg-artifacts.patch of qemu-guest-agent
freeze-hook fixes (LP: 1484990)
[upstream]
- d/p/ubuntu/CVE-2018-3639/* update for qemu 2.12 using the final patches
merged upstream
[upstream]
- d/p/ubuntu/CVE-2018-11806-slirp-correct-size.patch: slirp: correct size
computation while concatenating mbuf.
CVE-2018-11806
[upstream]
- d/p/ubuntu/lp-1781526-powerpc64-align-memory-THP.patch: align to 2MB
for powerpc64 to speed up translation (LP: 1781526)
[upstream]
- d/p/ubuntu/lp-1780773-s390x-cpumodels-add-z14-Model-ZR1.patch: Add
cpu model for z14 ZR1 (LP: 1780773).
[upstream]
- Mark qemu-system-data foreign to be able to install it e.g. on i386
(Closes: 903562)
[in Debian]
- d/control-in: qemu-keymaps is provided by qemu-system-data now (from yet
unreleased Debian version)
[in Debian]
- d/p/lp-1755912-qxl-fix-local-renderer-crash.patch: Fix an issue triggered
by migrations with UI frontends or frequent guest resolution changes
(LP #1755912)
[upstream]
- d//ubuntu/target-ppc-extend-eieio-for-POWER9.patch: Backport to
extend eieio for POWER9 emulation (LP: 1787408).
[upstream]
- d/p/ubuntu/lp-1789551-seccomp-set-the-seccomp-filter-to-all-threads.patch:
ensure that the seccomp blacklist is applied to all threads (LP: 1789551)
[upstream]
- improve s390x spectre mitigation with etoken facility (LP: 1790457)
[upstream]
- Update pxe netboot images for KVM s390x to qemu 3.0 level (LP: 1790901)
[upstream]
- d/control-in: our addition of a qemu-system-s390x package needs to follow
the split of qemu-system-data by adding a dependency to it (LP: 1798084)
[in Debian]
- debian/patches/ubuntu/lp1787405-*: Support guest dedicated Crypto
Adapters on s390x (LP: 1787405)
[upstream]
- enable opengl for vfio-MDEV support (LP: 1804766)
[in Debian]
- SECURITY UPDATE: integer overflow in NE2000 NIC emulation
[upstream]
- SECURITY UPDATE: integer overflow via crafted QMP command
[upstream]
- SECURITY UPDATE: OOB heap buffer r/w access in NVM Express Controller
[upstream]
- SECURITY UPDATE: buffer overflow in rtl8139
[upstream]
- SECURITY UPDATE: buffer overflow in pcnet
[upstream]
- SECURITY UPDATE: DoS via large packet sizes
[upstream]
- SECURITY UPDATE: DoS in lsi53c895a
[upstream]
- SECURITY UPDATE: Out-of-bounds r/w stack access in ppc64
[upstream]
- SECURITY UPDATE: race condition in 9p
[upstream]
.
qemu (1:3.1+dfsg-2) unstable; urgency=medium
.
* d/rules: split arch and indep builds
* enable s390x cross-compiler and build s390-ccw.img (Closes: #684909)
* build x86 optionrom in qemu-system-data (was in seabios/debian/)
* qemu-system-data: Multi-Arch: allowed=>foreign (Closes: #903562)
* fix Replaces: version for qemu-system-common (Closes: #916279)
* add simple udev rules file for systemd guest agent (Closes: #916674)
* usb-mtp-use-O_NOFOLLOW-and-O_CLOEXEC-CVE-2018-16872.patch
Race condition in usb_mtp implementation (Closes: #916397)
* bt-use-size_t-type-for-length-parameters-instead-of-int-CVE-2018-19665.patch
Memory corruption in bluetooth subsystem (Closes: #916278)
* hw_usb-fix-mistaken-de-initialization-of-CCID-state.patch (Closes: #917007)
* bump debhelper compat to 12 (>>11)
* d/rules: use dh_missing instead of dh_install --list-missing (compat=12)
* use dh_installsystemd for guest agent (Closes: #916625)
* mention closing by 3.1: Closes: #912655, CVE-2018-16847
* mention closing by 2.10:
Closes: #849798, CVE-2016-10028
Closes: CVE-2017-9060
Closes: CVE-2017-8284
.
qemu (1:3.1+dfsg-1) unstable; urgency=medium
.
* new upstream release (3.1)
* Security bugs fixed by upstream:
Closes: #910431, CVE-2018-10839:
integer overflow leads to buffer overflow issue
Closes: #911468, CVE-2018-17962
pcnet: integer overflow leads to buffer overflow
Closes: #911469, CVE-2018-17963
net: ignore packets with large size
Closes: #908682, CVE-2018-3639
qemu should be able to pass the ssbd cpu flag
Closes: #901017, CVE-2018-11806
m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow
via incoming fragmented datagrams
Closes: #902725, CVE-2018-12617
qmp_guest_file_read in qemu-ga has an integer overflow
Closes: #907500, CVE-2018-15746
qemu-seccomp might allow local OS guest users to cause a denial of service
Closes: #915884, CVE-2018-16867
dev-mtp: path traversal in usb_mtp_write_data of the MTP
Closes: #911499, CVE-2018-17958
Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c
because an incorrect integer data type is used
Closes: #911470, CVE-2018-18438
integer overflows because IOReadHandler and its associated functions
use a signed integer data type for a size value
Closes: #912535, CVE-2018-18849
lsi53c895a: OOB msg buffer access leads to DoS
Closes: #914604, CVE-2018-18954
pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu before 3.1
allows out-of-bounds write or read access to PowerNV memory
Closes: #914599, CVE-2018-19364
Use-after-free due to race condition while updating fid path
Closes: #914727, CVE-2018-19489
9pfs: crash due to race condition in renaming files
Closes: #912655, CVE-2018-16847
Out-of-bounds r/w buffer access in cmb operations
* remove patches which were applied upstream
* add new manpage qemu-cpu-models.7
* qemu-system-ppcemb is gone, use qemu-system-ppc[64]
* do-not-link-everything-with-xen.patch (trivial)
* get-orig-source: handle 3.x and 4.x, and remove roms again, as
upstream wants us to use separate source packages for that stuff
* move generated data from qemu-system-data back to qemu-system-common
* d/control: enable spice on arm64 (Closes: #902501)
(probably should enable on all)
* d/control: change git at salsa urls to https
* add qemu-guest-agent.service (Closes: #795486)
* enable opengl support and virglrenderer (Closes: #813658)
* simplify d/rules just a little bit
* build-depend on libudev-dev, for qga
Checksums-Sha1:
3970777a29750927731ef87e11b2804b1e41d3d8 6825 qemu_3.1+dfsg-2ubuntu1.dsc
b6a6c31d146b13e14af253d6dc25f16ccad7d060 8705368 qemu_3.1+dfsg.orig.tar.xz
2400b6e47c292f4524a2c9138c8ef39473756f63 167984 qemu_3.1+dfsg-2ubuntu1.debian.tar.xz
18ff688314694faf7a01479afc79670fb33e58fa 9373 qemu_3.1+dfsg-2ubuntu1_source.buildinfo
Checksums-Sha256:
60edfb863da27eee1d2a71ad85792adc08a94d92237d8bdd9edb787a5076c446 6825 qemu_3.1+dfsg-2ubuntu1.dsc
2f277942759dd3eed21f7e00edfeab52b4f58d6f2f22d4f7e1a8aa4dc54c80d7 8705368 qemu_3.1+dfsg.orig.tar.xz
04a3fe39d0d9615d810a06f6763ce420176fcc25e4515914b80b6d9f6a30051d 167984 qemu_3.1+dfsg-2ubuntu1.debian.tar.xz
9f7eff90673284e0d6d0e397ebc1559cd33ae8c6e443f54cea7658d8cf6c699b 9373 qemu_3.1+dfsg-2ubuntu1_source.buildinfo
Files:
e09577812fa4e0c351d3f49d3fe6fb37 6825 otherosfs optional qemu_3.1+dfsg-2ubuntu1.dsc
b17f33786c89d547150490811a40f0b2 8705368 otherosfs optional qemu_3.1+dfsg.orig.tar.xz
08c93800b5b0f957cf4db9e5aecae803 167984 otherosfs optional qemu_3.1+dfsg-2ubuntu1.debian.tar.xz
2e8568bee48ff2e983b6606811afb4b2 9373 otherosfs optional qemu_3.1+dfsg-2ubuntu1_source.buildinfo
Original-Maintainer: Debian QEMU Team <pkg-qemu-devel at lists.alioth.debian.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEktYY9mjyL47YC+71uj4pM4KAskIFAlxKw6IACgkQuj4pM4KA
skKXDQ/7BHcFBaXJsFLUDrRNMqUcT2xSs9XIFPzk8sKVTDA4cAsKqHr10fJix3zw
vYWoMBn4nTWLwlPY6zlPE4yzhxA/FBBbNSMGtS7oGxjBoULUERWf3vuhe7SmioY0
cfa5N+BTJ/J+t58O3kvqDJx/6ZWR2P/Xo6HEgfPUYeoMJkQ/oC54/705pN9NA5Kz
TH8QrO15G7bbF1KPdA1IVpL5mggUZSCN/UQRW9SSShyI2QdI5J/N53zIdMLBIjWo
e5rvKFwJNZglMtwVrqOgxer1afLvndBcd8ivGpMSvcbgmhYuKKuEkz1OOJzMeFZM
Qz7AMmoZpAms4SiCIGrUNRNQCPQs5ChD1fG6cc+bV5R6pVvchZUTWDgiHRCuJSju
FL/0tTpYkW6ReY2ryI/7VraO88x9sEwC0bMeEA441FGdOg4zk5LV4bOEOcXmn6Yg
qfbGHZGR4h1fw9RrqqRhaklV6cPe+AKV960WJeRgdiDADkBYrB8f3hmYiAGHgxNM
EhapRedSapB0cvEQdc+QqkFnS6hi4eSSqPKWLe2xLjQKHVRo9gCYedrCRqvtfpqu
N5I9xhhSA2DtdIzl2JGzCQ6yvPXXE7A5FN6TCp26cokbh189trI43dz4MdmR0hou
hXarKO2KmLcyYLwF1BatQjJWR3Qcw8Wt8I4+VKZDhSAWefBKV6k=
=XaPq
-----END PGP SIGNATURE-----
More information about the Disco-changes
mailing list