-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 15 Aug 2025 12:54:40 +0300
Source: qemu
Architecture: source
Version: 1:10.0.2+ds-2+deb13u1
Distribution: trixie-security
Urgency: medium
Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>
Changed-By: Michael Tokarev <mjt@tls.msk.ru>
Closes: 1109989
Changes:
qemu (1:10.0.2+ds-2+deb13u1) trixie-security; urgency=medium
.
* d/binfmt-install: stop using C (Credentials) flag for binfmt_misc
registration. qemu-user binaries were never meant to be used in
suid/sgid scenarios, but was used in debian since late 2009. Any
foreign suid/sgid binary accessible to the users, in presence of
qemu-user binfmt, is trivially exploitable to gain elevated privileges.
This change might break existing setups since for many years people
relied on qemu-user binfmt working with suid binaries, but this is
a situation where it is definitely better be safe than sorry.
* pcie_sriov-Fix-configuration-and-state-synchronizati.patch
(Closes: #1109989, CVE-2025-54566, CVE-2025-54567)
Checksums-Sha1:
0fb120292fc6c74a4c2035bea94bd5b1992b8d12 12455 qemu_10.0.2+ds-2+deb13u1.dsc
0da721835b445ce31e3d69631ac878ebe218a6af 39449628 qemu_10.0.2+ds.orig.tar.xz
759580a21004aea649a42789c1a2de75cfd80a0a 139060 qemu_10.0.2+ds-2+deb13u1.debian.tar.xz
3ff3c108eaa1155c243ed73014836e75bb520694 7565 qemu_10.0.2+ds-2+deb13u1_source.buildinfo
Checksums-Sha256:
b61a67c1b580435742e42613fa8d4d38f9abaa75fc9c034f7e650e62ed97720a 12455 qemu_10.0.2+ds-2+deb13u1.dsc
0901da33844a331bf8b3602b9c1fbd178e60b737c8e3ade678255bd090c9b9f1 39449628 qemu_10.0.2+ds.orig.tar.xz
7d77c31eaff3ce9ef265a9dbba0b5b05508003aad9a8d41cc7999063b671dd8f 139060 qemu_10.0.2+ds-2+deb13u1.debian.tar.xz
87d0ee897cce710d82f3077bea4cac389f354f83ed2e06385fcd2341f37af508 7565 qemu_10.0.2+ds-2+deb13u1_source.buildinfo
Files:
5891b15bfd0c8293134c785ae71bc44e 12455 otherosfs optional qemu_10.0.2+ds-2+deb13u1.dsc
ab6f1a263053221b049421b31f683047 39449628 otherosfs optional qemu_10.0.2+ds.orig.tar.xz
9845432790844d8e7a3c1f3ae7e81c9f 139060 otherosfs optional qemu_10.0.2+ds-2+deb13u1.debian.tar.xz
2266abbc4d5d97c2f288183f35847a9a 7565 otherosfs optional qemu_10.0.2+ds-2+deb13u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEZKoqtTHVaQM2a/75gqpKJDselHgFAmifmcYACgkQgqpKJDse
lHg8WA/+JKNjfF6w5YN6nwUh5BTu6TcwWsCVebE58P50nb6acBiqMlFThTke+rH3
4PlDpgyv1fNFho2k0981aV3onvEJ8QuV3ZZEF0DxGW78CAJatHlOaDT/Xm3zde61
kD8kbvzn2hFz9OfSS+LG2QjADvqql8jOCOi9zmrTpppjuOowijCw5lzLG4NwOIQb
JXROzMuRhNVTy9RDL3nySvUli/JhofL4MBsDvor/GbShZOg5Z/wcsNTowi8e79Lg
Q+WZM9Zc8uXRgJ0HahDuVtTGTCpwbUTevhC5sCd1BRAfgDSmFjNcdJNnc+j/3iDw
oEypSzQ74G4qce9lrmAq9JQf0GlE5y0TsG9DCbsCj2dVsHizwT7mnfs2ER2pBdc1
wKgxBISEW0kvfZkoAXJ7zVazAdoCFCK60oYd8VlWTBvB8hWTKdOQrQvyg2yfdEa4
31D6PEGF8VoSa2EmC5arVysHkJ/OkzYtuXgqIF3JqVHWA/JAjo3HBpDCWWsgsZCj
K5rezyl+rUe4QSEreJfugJ73n7AxlIWufZ1wbUnfGfeDWHq7B1cuVIDtWffbfLez
2hkcc4Olw0+rUXwN5xMUlpIIR2PHU7YrRdvxpmosD8m2EmBYL70Kkd1p1D7NP7Hf
6Tthiibka6qaZNjEWsx7xCV21n8PPF+EYFJupvNOSV6DcPhYzNM=
=C28a
-----END PGP SIGNATURE-----
Attachment:
pgpy3XK15B4tk.pgp
Description: PGP signature