Accepted: kvm 1:62+dfsg-0ubuntu3 (source)
Soren Hansen
soren at ubuntu.com
Fri Apr 11 07:35:51 BST 2008
Accepted:
OK: kvm_62+dfsg.orig.tar.gz
OK: kvm_62+dfsg-0ubuntu3.diff.gz
OK: kvm_62+dfsg-0ubuntu3.dsc
-> Component: main Section: misc
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Thu, 10 Apr 2008 16:35:09 +0000
Source: kvm
Binary: kvm kvm-source
Architecture: source
Version: 1:62+dfsg-0ubuntu3
Distribution: hardy
Urgency: low
Maintainer: Ubuntu MOTU Developers <ubuntu-motu at lists.ubuntu.com>
Changed-By: Soren Hansen <soren at ubuntu.com>
Description:
kvm - Full virtualization on x86 hardware
kvm-source - Source for the KVM driver
Changes:
kvm (1:62+dfsg-0ubuntu3) hardy; urgency=low
.
[ Jamie Strandboge ]
* debian/patches/SECURITY_CVE-2007-1320+1321+1322+1366+2893.patch
based on 90_security.patch from qemu 0.9.1-1ubuntu1. Please note that
CVE-2007-2893 is also known as CVE-2007-1323, and CVE-2007-5729 and
CVE-2007-5730 are known as CVE-2007-1321 in Debian. This patch addresses
the following:
- Cirrus LGD-54XX "bitblt" heap overflow.
- NE2000 "mtu" heap overflow.
- QEMU "net socket" heap overflow.
- QEMU NE2000 "receive" integer signedness error.
- Infinite loop in the emulated SB16 device.
- Unprivileged "aam" instruction does not correctly handle the
undocumented divisor operand.
- Unprivileged "icebp" instruction will halt emulation.
* debian/patches/SECURITY_CVE-2008-0928.patch: perform range checks on
block device read and write requests
* References
CVE-2007-1320
CVE-2007-1321
CVE-2007-1322
CVE-2007-1323
CVE-2007-1366
CVE-2007-2893
CVE-2007-5729
CVE-2007-5730
CVE-2008-0928
.
[ Soren Hansen ]
* debian/patches/extboot-geometry.patch:
- Apply extboot patch from Anthony Liguori that fixes CHS information
being calculated incorrectly, which seems to upset grub from time to time.
Files:
1bbfc9bd512ecc7fb4aa51ade27bc640 1023 misc optional kvm_62+dfsg-0ubuntu3.dsc
12578ca8be9c95b8ebb2d4a770ab13d9 34090 misc optional kvm_62+dfsg-0ubuntu3.diff.gz
Original-Maintainer: Jan Luebbe <jluebbe at debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFH/tbGonjfXui9pOMRAht2AJ0QXy8/9atTuUYntyhV2Vo3znIU3ACdFJo+
Nby7vHjJdvgfpLrGX/oq6K8=
=ax5R
-----END PGP SIGNATURE-----
More information about the Hardy-changes
mailing list