[ubuntu/eoan-security] qemu 1:4.0+dfsg-0ubuntu9.6 (Accepted)

[Marc Deslauriers]

qemu (1:4.0+dfsg-0ubuntu9.6) eoan-security; urgency=medium

  * SECURITY UPDATE: overflow via PCIe extended config space
    - debian/patches/ubuntu/CVE-2019-15034.patch: fix pcie support in
      hw/display/bochs-display.c.
    - CVE-2019-15034
  * SECURITY UPDATE: memory leak in zrle_compress_data
    - debian/patches/ubuntu/CVE-2019-20382.patch: fix memory leak when vnc
      disconnect in ui/vnc-enc-tight.c, ui/vnc-enc-zrle.inc.c, ui/vnc.c,
      ui/vnc.h.
    - CVE-2019-20382
  * SECURITY UPDATE: weak sig generation in Pointer Auth support for ARM
    - debian/patches/ubuntu/CVE-2020-10702.patch: fix PAuth sbox functions
      in target/arm/pauth_helper.c.
    - CVE-2020-10702
  * SECURITY UPDATE: use-after-free in ip_reass()
    - debian/patches/ubuntu/CVE-2020-1983.patch: fix buffer handling in
      slirp/src/ip_input.c.
    - CVE-2020-1983

qemu (1:4.0+dfsg-0ubuntu9.5) eoan; urgency=medium

  * allow qemu to load old modules post upgrade (LP: #1847361)
    - d/p/ubuntu/lp-1847361-modules-load-upgrade.patch: to fallback module
      load to a versioned path
    - d/qemu-block-extra.*.in, d/qemu-system-gui.*.in: save shared objects on
      upgrade
    - d/rules: generate maintainer scripts matching package version on build
    - d/rules: enable --enable-module-upgrades where --enable-modules is set

Date: 2020-05-14 18:41:13.647181+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/qemu/1:4.0+dfsg-0ubuntu9.6
-------------- next part --------------
Sorry, changesfile not available.