[ubuntu/focal-proposed] libslirp 4.1.0-2ubuntu1 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Wed Feb 19 14:29:12 UTC 2020
libslirp (4.1.0-2ubuntu1) focal; urgency=medium
* SECURITY UPDATE: buffer overflow via incorrect snprintf return codes
- debian/patches/ubuntu/CVE-2020-8608-1.patch: add slirp_fmt() helpers
to src/util.c, src/util.h.
- debian/patches/ubuntu/CVE-2020-8608-2.patch: fix unsafe snprintf()
usages in src/tcp_subr.c.
- CVE-2020-8608
Date: Wed, 19 Feb 2020 08:57:46 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/libslirp/4.1.0-2ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 19 Feb 2020 08:57:46 -0500
Source: libslirp
Architecture: source
Version: 4.1.0-2ubuntu1
Distribution: focal
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
libslirp (4.1.0-2ubuntu1) focal; urgency=medium
.
* SECURITY UPDATE: buffer overflow via incorrect snprintf return codes
- debian/patches/ubuntu/CVE-2020-8608-1.patch: add slirp_fmt() helpers
to src/util.c, src/util.h.
- debian/patches/ubuntu/CVE-2020-8608-2.patch: fix unsafe snprintf()
usages in src/tcp_subr.c.
- CVE-2020-8608
Checksums-Sha1:
3b4d4f488f9579793878a3fe42755aaca79cbb5c 2105 libslirp_4.1.0-2ubuntu1.dsc
3144ed99ad707ed3832b5a34900b278cadc72c92 7040 libslirp_4.1.0-2ubuntu1.debian.tar.xz
9a77043a6d1ad7de8ecf41f8e56df8ae3fb829a5 6923 libslirp_4.1.0-2ubuntu1_source.buildinfo
Checksums-Sha256:
b38e8d460b7f769a79498b6edca1508e37b89b6e77ec6ae4801b60ec191f59b0 2105 libslirp_4.1.0-2ubuntu1.dsc
3189f1978b859429adf79cebc5a6aecef25ab5e80e7de0909360d4d3665925ea 7040 libslirp_4.1.0-2ubuntu1.debian.tar.xz
c61be343b3f9ecf2c05066ebdbc377eeffcf9c1e814b11b6febc9a7444c58b36 6923 libslirp_4.1.0-2ubuntu1_source.buildinfo
Files:
8f211daed6d2aaf60eb26219c84f84e0 2105 net optional libslirp_4.1.0-2ubuntu1.dsc
8b235d1e93c002f6a06670e5c2d678a8 7040 net optional libslirp_4.1.0-2ubuntu1.debian.tar.xz
9e0cc84331988dfba7c75feb2e3d6936 6923 net optional libslirp_4.1.0-2ubuntu1_source.buildinfo
Original-Maintainer: Debian QEMU Team <pkg-qemu-devel at lists.alioth.debian.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl5NQyUACgkQZWnYVadE
vpO6jA/+MP/qCkrdyddN6VeWLiGF5nXN1xTpgNe6aPOVqmhkm0GAKUUqIyE4BUes
nj6Hh2h0ZoPjRaxIkodX97Af2sZuOnm3m4WOMsJ8VaDeyDkr6q7hH7mGKpzbeslb
DoC6RnthM7hYtO81feOFCtEkIllbjzaWsFraY4DWrYPXYOGJjxtm8lwJQWwP4NJO
znqB8tTIuTOAsHRQSDf6q8Y5okkTPdvU1bTooPeDHZaiA457p2ZZ2jWaJwzlKWCi
NvYRCQhP2uZtZEMqky9xbav5t73GV20Vj3mDOG9j5khkce4GA8ErjtN7jwSo3szi
pJKnCgFhMoDv/puPhXUTtvwxGuFA5UxDoH0lmgRFxIvvYO/w7MmfFRgKHtII+80+
RfhO/uq2mMAivMOWghJg4QedinQca03J/UzYQIJOfylezgbcg0Q8JiNQLevU5MBF
hfb8OtIrbo0ucMPsV0W2zHnuTQh7mcU6zFtbWcg7gLa0v8CVbJlZOLgv4HC5BUdG
Fk7V3BKEafe5swozxscX4iP/PjCcWWsvQT9ROLa8r7+gxSSsV5J6EmRfXV/N6ocz
kxVqb/h++JHhUYUnxoWIVTeDLeTANQkoHzfN4W9IGSfMTJwJJ/ekuAXpJaPcqyO5
fT4CQwoNKr4VNm647St2N8e203+QapZAlXgwMzhnBIA3f4Lz2bU=
=J0Rv
-----END PGP SIGNATURE-----
More information about the Focal-changes
mailing list