[ubuntu/wily-proposed] qemu 1:2.3+dfsg-5ubuntu3 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Mon Jul 27 15:48:15 UTC 2015 

qemu (1:2.3+dfsg-5ubuntu3) wily; urgency=medium

  * SECURITY UPDATE: out-of-bounds memory access in pit_ioport_read()
    - debian/patches/CVE-2015-3214.patch: ignore read in hw/timer/i8254.c.
    - CVE-2015-3214
  * SECURITY UPDATE: heap overflow when processing ATAPI commands
    - debian/patches/CVE-2015-5154.patch: check bounds and clear DRQ in
      hw/ide/core.c, make sure command is completed in hw/ide/atapi.c.
    - CVE-2015-5154
  * SECURITY UPDATE: buffer overflow in scsi_req_parse_cdb
    - debian/patches/CVE-2015-5158.patch: check length in
      hw/scsi/scsi-bus.c.
    - CVE-2015-5158

Date: Mon, 27 Jul 2015 10:07:05 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/qemu/1:2.3+dfsg-5ubuntu3
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 27 Jul 2015 10:07:05 -0400
Source: qemu
Binary: qemu qemu-system qemu-block-extra qemu-system-common qemu-system-misc qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc qemu-system-x86 qemu-user qemu-user-static qemu-user-binfmt qemu-utils qemu-guest-agent qemu-kvm libcacard0 libcacard-dev libcacard-tools qemu-system-aarch64
Architecture: source
Version: 1:2.3+dfsg-5ubuntu3
Distribution: wily
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
 libcacard-dev - Virtual Common Access Card (CAC) Emulator (development files)
 libcacard-tools - Virtual Common Access Card (CAC) Emulator (tools)
 libcacard0 - Virtual Common Access Card (CAC) Emulator (runtime library)
 qemu       - fast processor emulator
 qemu-block-extra - extra block backend modules for qemu-system and qemu-utils
 qemu-guest-agent - Guest-side qemu-system agent
 qemu-kvm   - QEMU Full virtualization
 qemu-system - QEMU full system emulation binaries
 qemu-system-aarch64 - QEMU full system emulation binaries (aarch64)
 qemu-system-arm - QEMU full system emulation binaries (arm)
 qemu-system-common - QEMU full system emulation binaries (common files)
 qemu-system-mips - QEMU full system emulation binaries (mips)
 qemu-system-misc - QEMU full system emulation binaries (miscelaneous)
 qemu-system-ppc - QEMU full system emulation binaries (ppc)
 qemu-system-sparc - QEMU full system emulation binaries (sparc)
 qemu-system-x86 - QEMU full system emulation binaries (x86)
 qemu-user  - QEMU user mode emulation binaries
 qemu-user-binfmt - QEMU user mode binfmt registration for qemu-user
 qemu-user-static - QEMU user mode emulation binaries (static version)
 qemu-utils - QEMU utilities
Changes:
 qemu (1:2.3+dfsg-5ubuntu3) wily; urgency=medium
 .
   * SECURITY UPDATE: out-of-bounds memory access in pit_ioport_read()
     - debian/patches/CVE-2015-3214.patch: ignore read in hw/timer/i8254.c.
     - CVE-2015-3214
   * SECURITY UPDATE: heap overflow when processing ATAPI commands
     - debian/patches/CVE-2015-5154.patch: check bounds and clear DRQ in
       hw/ide/core.c, make sure command is completed in hw/ide/atapi.c.
     - CVE-2015-5154
   * SECURITY UPDATE: buffer overflow in scsi_req_parse_cdb
     - debian/patches/CVE-2015-5158.patch: check length in
       hw/scsi/scsi-bus.c.
     - CVE-2015-5158
Checksums-Sha1:
 79319b659f0f014616906393695a8f6a425f9829 6791 qemu_2.3+dfsg-5ubuntu3.dsc
 5b85a653a87aaad48e0a45db64e5054075e42312 86732 qemu_2.3+dfsg-5ubuntu3.debian.tar.xz
Checksums-Sha256:
 587863aa1b99807a21ea2511462912af765053865b8e72ec76a7e08cc496cb9a 6791 qemu_2.3+dfsg-5ubuntu3.dsc
 56a8041d710d1abe91723535283732edc3aa37e9ec7050f2a4b0f3e8210721cc 86732 qemu_2.3+dfsg-5ubuntu3.debian.tar.xz
Files:
 f444d618b22c1ba8bb778b29bf24af4a 6791 otherosfs optional qemu_2.3+dfsg-5ubuntu3.dsc
 0ded9ed40bc33dec824d580aedcaaad9 86732 otherosfs optional qemu_2.3+dfsg-5ubuntu3.debian.tar.xz
Original-Maintainer: Debian QEMU Team <pkg-qemu-devel at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJVtlIgAAoJEGVp2FWnRL6TJakP/1OI9WnERxM2J46UdoPYgRtk
4o8AV4JS8bYKU0UYx8RgKTBfE8dbPTn5PeXvlqhKDHlJENM4KaB4LoZgBToah3PC
GXZ0sYLEvsyTPhxMHb25XJns8VnWv8DzuSvCka788JitvsxC1y9rFNu3QSNUDWKW
+zf84u1kaXmi4cBPiwXt69EFGEYO7g3u85777lziK96rVy6CWvwjs9JaEklqOtJu
GXALzyTzB43hsjAhOVfarPACBF1rOtmjN6F9IKCmXceSoIUtXnWFDTJeNlOO5eBs
bcB6zGfp4Wp4fKhS9Y3AQk9jRh2TQKKyxgWXIu5nwT9f9y3vg2u6lbKiEP1oWyvV
rQtR3lSwTdC03efVV7X8qLjQMNdUNQrk3nGgL2NxaWh8xJqsKYsHLcWCzI+H1hWP
30deP51Fw+8u4GVjOu7nrW+ZrVbpw13qaVSMQcM2l8tQBMmy+fsyAZs76eLtMIXV
ckeH8W4QkqB82XhVZ/Qtmcsky1DMSuvqufhDmQOsXaSmvj1hZF+amtQMJociOy0I
vMZAHs4PPX0/jYufJnabDBlMS8DGs54y5yXZ5oPOfL5AGuaVPSyjqn0jvksnVMFU
N8IuTbIwQNiShKGBWelp8cOVODV2iIp3gjzNOgae365ZSH89e2mrcK4wUrO4KuHt
wBtLrvmbWqRdPalDlkmW
=Fw71
-----END PGP SIGNATURE-----

More information about the Wily-changes mailing list