Accepted qemu 1:2.1+dfsg-12+deb8u4~bpo70+1 (source) into wheezy-backports->backports-policy, wheezy-backports
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 11 Oct 2015 16:37:54 +0300
Source: qemu
Binary: qemu qemu-system qemu-system-common qemu-system-misc qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc qemu-system-x86 qemu-user qemu-user-static qemu-user-binfmt qemu-utils qemu-guest-agent qemu-kvm
Architecture: source
Version: 1:2.1+dfsg-12+deb8u4~bpo70+1
Distribution: wheezy-backports
Urgency: high
Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>
Changed-By: Michael Tokarev <mjt@tls.msk.ru>
Description:
qemu - fast processor emulator
qemu-guest-agent - Guest-side qemu-system agent
qemu-kvm - QEMU Full virtualization on x86 hardware
qemu-system - QEMU full system emulation binaries
qemu-system-arm - QEMU full system emulation binaries (arm)
qemu-system-common - QEMU full system emulation binaries (common files)
qemu-system-mips - QEMU full system emulation binaries (mips)
qemu-system-misc - QEMU full system emulation binaries (miscelaneous)
qemu-system-ppc - QEMU full system emulation binaries (ppc)
qemu-system-sparc - QEMU full system emulation binaries (sparc)
qemu-system-x86 - QEMU full system emulation binaries (x86)
qemu-user - QEMU user mode emulation binaries
qemu-user-binfmt - QEMU user mode binfmt registration for qemu-user
qemu-user-static - QEMU user mode emulation binaries (static version)
qemu-utils - QEMU utilities
Closes: 787547 788460 793811 794610 795087 795461 796465 798101 799073 799074
Changes:
qemu (1:2.1+dfsg-12+deb8u4~bpo70+1) wheezy-backports; urgency=high
.
* Rebuild for wheezy-backports:
- disable seccomp (not in wheezy)
- build-depend on iasl|acpica-tools
- s/python:any/python/ in build-depends
.
qemu (1:2.1+dfsg-12+deb8u4) jessie-security; urgency=high
.
* ne2000-add-checks-to-validate-ring-buffer-pointers-CVE-2015-5279.patch
fix for Heap overflow vulnerability in ne2000_receive() function
(Closes: #799074 CVE-2015-5279)
* ne2000-avoid-infinite-loop-when-receiving-packets-CVE-2015-5278.patch
(Closes: #799073 CVE-2015-5278)
.
qemu (1:2.1+dfsg-12+deb8u3) jessie-security; urgency=high
.
* Acknowlege the previous update. Thank you Salvatore for the hard
work you did fixing so many security issues.
* rename last patches removing numeric prefixes, so that different series
wont intermix with each other, add Bug-Debian: headers.
* Add e1000-avoid-infinite-loop-in-transmit-CVE-2015-6815.patch.
CVE-2015-6815: net: e1000 infinite loop issue in processing transmit
descriptor. (Closes: #798101 CVE-2015-6815)
* Add ide-fix-ATAPI-command-permissions-CVE-2015-6855.patch.
CVE-2015-6855: ide: qemu allows arbitrary commands to be sent to an ATAPI
device from guest, while illegal comands might have security impact,
f.e. WIN_READ_NATIVE_MAX results in divide by zero error.
(Closes: CVE-2015-6855)
.
qemu (1:2.1+dfsg-12+deb8u2) jessie-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Add 0001-i8254-fix-out-of-bounds-memory-access-in-pit_ioport_.patch patch.
CVE-2015-3214: i8254: out-of-bounds memory access in pit_ioport_read
function. (Closes: #795461)
* Add patches to address heap overflow when processing ATAPI commands.
CVE-2015-5154: heap overflow during I/O buffer memory access.
(Closes: #793811)
* Add CVE-2015-5225.patch patch.
CVE-2015-5225: vnc: heap memory corruption in
vnc_refresh_server_surface. (Closes: #796465)
* Add 0001-virtio-serial-fix-ANY_LAYOUT.patch patch.
CVE-2015-5745: buffer overflow in virtio-serial. (Closes: #795087)
* Add patches for CVE-2015-5165.
CVE-2015-5165: rtl8139 uninitialized heap memory information leakage to
guest. (Closes: #794610)
.
qemu (1:2.1+dfsg-12+deb8u1) jessie-security; urgency=high
.
* slirp-use-less-predictable-directory-name-in-tmp-CVE-2015-4037.patch
(Closes: CVE-2015-4037)
* 11 patches for XEN PCI pass-through issues
(Closes: #787547 CVE-2015-4103 CVE-2015-4104 CVE-2015-4105 CVE-2015-4106)
* pcnet-force-buffer-access-to-be-in-bounds-CVE-2015-3209.patch
with preparation bugfix pcnet-fix-negative-array-index-read.patch
from upstream (Closes: #788460 CVE-2015-3209)
Checksums-Sha1:
a98233fd031c926862b72eee349d3e75287ddbd2 5155 qemu_2.1+dfsg-12+deb8u4~bpo70+1.dsc
d4b93f627ee6d42c6eaf3aad49a5d9045f9527c2 115524 qemu_2.1+dfsg-12+deb8u4~bpo70+1.debian.tar.xz
Checksums-Sha256:
c383ce29ead01eca1a69e7a8f2033c865a88a1c7811e9752a27730bcfb94cafd 5155 qemu_2.1+dfsg-12+deb8u4~bpo70+1.dsc
5f0072b9075901337e76403c1179dbf4be0c1061ba5aeceaac91e1638b015d50 115524 qemu_2.1+dfsg-12+deb8u4~bpo70+1.debian.tar.xz
Files:
a5232614cd3cf0cb539849fdae1ca0e6 5155 otherosfs optional qemu_2.1+dfsg-12+deb8u4~bpo70+1.dsc
3ae985a86034fb5d6933dd27e9597456 115524 otherosfs optional qemu_2.1+dfsg-12+deb8u4~bpo70+1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJWGmb8AAoJEL7lnXSkw9fbyNUH/2qcNmhK9YaHFHJ4vBSOxWJK
UeN+MVotdWaBAWmTt8XeO6BUgE12zLORcSAdL2yx0PP/aY4R/O7AkyUmixS1tIZC
K3H7qhdN/pryXKmC5Wvdh1jEv+Fxu5xTnof3iK4i34MntXJFqFeQjeFH5/cCGzW/
Q/UzhjngYTzyHyT1dn3AXtQ0rvokmhe1vDMfapB1iZCSq0MAMwRKBLysIvHEj9w5
FSPq7nZllAZ7Qc6NM07Q5z5K5tlzppVFBemE10evrfuPYvzP84EKcJ7k8Ugw0Gu1
95/FiobvmyE8+XvO22QqRY9PBOhHokTHfjVCjquC4/MhWSKN92GbId3skkUDamc=
=qjOt
-----END PGP SIGNATURE-----
Reply to: