[ubuntu/xenial-proposed] qemu 1:2.4+dfsg-4ubuntu3 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Tue Dec 1 21:00:18 UTC 2015 

qemu (1:2.4+dfsg-4ubuntu3) xenial; urgency=medium

  * SECURITY UPDATE: loopback mode heap overflow vulnerability in pcnet
    - debian/patches/CVE-2015-7504.patch: leave room for CRC code in
      hw/net/pcnet.c.
    - CVE-2015-7504
  * SECURITY UPDATE: non-loopback mode buffer overflow in pcnet
    - debian/patches/CVE-2015-7512.patch: check packet length in
      hw/net/pcnet.c.
    - CVE-2015-7512
  * SECURITY UPDATE: infinite loop in eepro100
    - debian/patches/CVE-2015-8345.patch: prevent endless loop in
      hw/net/eepro100.c.
    - CVE-2015-8345

Date: Tue, 01 Dec 2015 13:36:40 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/qemu/1:2.4+dfsg-4ubuntu3
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 01 Dec 2015 13:36:40 -0500
Source: qemu
Binary: qemu qemu-system qemu-block-extra qemu-system-common qemu-system-misc qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc qemu-system-x86 qemu-user qemu-user-static qemu-user-binfmt qemu-utils qemu-guest-agent qemu-kvm libcacard0 libcacard-dev libcacard-tools qemu-system-aarch64
Architecture: source
Version: 1:2.4+dfsg-4ubuntu3
Distribution: xenial
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
 libcacard-dev - Virtual Common Access Card (CAC) Emulator (development files)
 libcacard-tools - Virtual Common Access Card (CAC) Emulator (tools)
 libcacard0 - Virtual Common Access Card (CAC) Emulator (runtime library)
 qemu       - fast processor emulator
 qemu-block-extra - extra block backend modules for qemu-system and qemu-utils
 qemu-guest-agent - Guest-side qemu-system agent
 qemu-kvm   - QEMU Full virtualization
 qemu-system - QEMU full system emulation binaries
 qemu-system-aarch64 - QEMU full system emulation binaries (aarch64)
 qemu-system-arm - QEMU full system emulation binaries (arm)
 qemu-system-common - QEMU full system emulation binaries (common files)
 qemu-system-mips - QEMU full system emulation binaries (mips)
 qemu-system-misc - QEMU full system emulation binaries (miscelaneous)
 qemu-system-ppc - QEMU full system emulation binaries (ppc)
 qemu-system-sparc - QEMU full system emulation binaries (sparc)
 qemu-system-x86 - QEMU full system emulation binaries (x86)
 qemu-user  - QEMU user mode emulation binaries
 qemu-user-binfmt - QEMU user mode binfmt registration for qemu-user
 qemu-user-static - QEMU user mode emulation binaries (static version)
 qemu-utils - QEMU utilities
Changes:
 qemu (1:2.4+dfsg-4ubuntu3) xenial; urgency=medium
 .
   * SECURITY UPDATE: loopback mode heap overflow vulnerability in pcnet
     - debian/patches/CVE-2015-7504.patch: leave room for CRC code in
       hw/net/pcnet.c.
     - CVE-2015-7504
   * SECURITY UPDATE: non-loopback mode buffer overflow in pcnet
     - debian/patches/CVE-2015-7512.patch: check packet length in
       hw/net/pcnet.c.
     - CVE-2015-7512
   * SECURITY UPDATE: infinite loop in eepro100
     - debian/patches/CVE-2015-8345.patch: prevent endless loop in
       hw/net/eepro100.c.
     - CVE-2015-8345
Checksums-Sha1:
 e3657a364d80c8524a992fd4e404ac1e8a464361 6778 qemu_2.4+dfsg-4ubuntu3.dsc
 aaf09689dffe0a570cd3793acf7feb7db488841a 96924 qemu_2.4+dfsg-4ubuntu3.debian.tar.xz
Checksums-Sha256:
 97fda90d8dee24c7eb9bf99fba8d78c4b4fc9541086c469d3cbc71c37ebe0f07 6778 qemu_2.4+dfsg-4ubuntu3.dsc
 36ca415de1f64d5d2e86ea6a12f1eea7430a8a9234881cd16725ad3702d6f930 96924 qemu_2.4+dfsg-4ubuntu3.debian.tar.xz
Files:
 3c62b4ad3b68c8ab26313487573ade0a 6778 otherosfs optional qemu_2.4+dfsg-4ubuntu3.dsc
 f5445d9b2e1e8c8acec18c94cda43bd3 96924 otherosfs optional qemu_2.4+dfsg-4ubuntu3.debian.tar.xz
Original-Maintainer: Debian QEMU Team <pkg-qemu-devel at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJWXgk0AAoJEGVp2FWnRL6TNGYP/iBbueZJALMkmiqhynjCzVMX
9T4C1b57ltE+UvmzgmKI3W0FSn/fm5DbB3RHB1KlEZT1ImQrd300oXjGzeB/EhmE
abDydnCzB+INxKIG/L5yWBX8l2J8/JpK2J69AoZfSHZZwepnqx0vSMDYYewx0E8D
Ivb6DCqGjgHEc7n8MOwpwtyD91W82R8nhmkvXeSV4vLWbzHQ3z6IVwxhIAn2UUJl
3rjbNlt6N6J/om5YSPt9MB2Ev6eCyL2vk+BkjBqqhnfDBfosKlnl8XtjMFWZkDUl
IVjyZbcsTF410/Mj/7IEZF1nsOXKxVmVxb9CIpDCIpPB3oHtZrHR1WAIWnNknVXm
ARFId+O5DOj/bDKeL2HiL2WlOYFmbF8y1174U1dLizVzEhkCnbRi0SRQALD0iRvg
ovwD63cR2Rpwa4hhVhuZsMfbCpa50qAkYjoFxBJadI9lHrSI7x3f7Q4Ozhd90/bF
wvI+bM935hJcPSPcy2ECKZkNRV4MpwwHT4moTY0ZSIn16m6D89ERldILYGlmih+5
cyAiNASk82lxqDG7gie2VyhbfhOGyE5dT1qBsNOnB+3UwUkdfNsLvVXCjSVW6Z9e
6YfSNkN2pSx+V/lz/xs5I/Lm+oJPdsbmK+cXy/wIr1VBGBanWNcbDDEB/i7VawAF
9XrpzhNwTAGnaoxN+cCA
=jL3P
-----END PGP SIGNATURE-----

More information about the Xenial-changes mailing list