[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Accepted kvm 66+dfsg-1.1 (source all i386)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 20 May 2008 13:28:14 +0000
Source: kvm
Binary: kvm kvm-data kvm-source
Architecture: source all i386
Version: 66+dfsg-1.1
Distribution: unstable
Urgency: high
Maintainer: Jan Lübbe <jluebbe@debian.org>
Changed-By: Steffen Joeris <white@debian.org>
Description: 
 kvm        - Full virtualization on x86 hardware
 kvm-data   - Data files for the KVM package
 kvm-source - Source for the KVM driver
Closes: 480011 481204
Changes: 
 kvm (66+dfsg-1.1) unstable; urgency=high
 .
   * Non-maintainer upload by the security team
   * Merge the fixes for the security issues in the embedded qemu
     version (Closes: #480011) Thanks to Jamie Strandboge
    - Add CVE-2007-1320+1321+1322+1366+2893.patch from from qemu 0.9.1-1
      to address the following issues:
     - Cirrus LGD-54XX "bitblt" heap overflow.
     - NE2000 "mtu" heap overflow.
     - QEMU "net socket" heap overflow.
     - QEMU NE2000 "receive" integer signedness error.
     - Infinite loop in the emulated SB16 device.
     - Unprivileged "aam" instruction does not correctly handle the
       undocumented divisor operand.
     - Unprivileged "icebp" instruction will halt emulation.
   * Include patch which defaults to existing behaviour (probing based on file
     contents), so it still requires the mgmt app (e.g. libvirt xml) to
     pass a new "format=raw" parameter for raw disk images
     - Fixes possible privilege escalation, which could allow guest users
       to read arbitrary files on the host by modifying the header to identify
       a different format (Closes: #481204) Fixes: CVE-2008-2004
Checksums-Sha1: 
 91a99c6cd0fb41e7ce54e413f1d8b1ca939f9347 1308 kvm_66+dfsg-1.1.dsc
 d03b192d199763803083e1c88d3fbe7ac80f35c5 34347 kvm_66+dfsg-1.1.diff.gz
 3b32e47d274d621c760209cc686a14a232295e6e 186850 kvm-data_66+dfsg-1.1_all.deb
 7d84ae37e8f8fb08e49efed0f9f659a18acee34d 158952 kvm-source_66+dfsg-1.1_all.deb
 917f2b97235de8ee38254f42b1a428208fada0d5 632944 kvm_66+dfsg-1.1_i386.deb
Checksums-Sha256: 
 a66a2f026ba401e7a0115b1923bd86e52390e2015a58ceb4637b4f5e18abc1ce 1308 kvm_66+dfsg-1.1.dsc
 0d65d3c69bf308ddce0f37c23e36fb1a3a69ed245729646293932e54b248deff 34347 kvm_66+dfsg-1.1.diff.gz
 f25066a3281482ae0f2c043a954c1b566d39a66a3b5eac5e9aec35ff9f6456b8 186850 kvm-data_66+dfsg-1.1_all.deb
 37934401158248b77f3daa3ed9fdf1aa1ba268efc7491788eafbc39bc7fa538e 158952 kvm-source_66+dfsg-1.1_all.deb
 f4c635a3927c2b19d1c3fafe4df16096a54113144c4e149fc9960562195657bf 632944 kvm_66+dfsg-1.1_i386.deb
Files: 
 23def165ed98f21c558245099146b41d 1308 misc optional kvm_66+dfsg-1.1.dsc
 5d3bf47baebe9a89d771b30830c9df92 34347 misc optional kvm_66+dfsg-1.1.diff.gz
 6b0557c6e139d5803f0878438d49a281 186850 misc optional kvm-data_66+dfsg-1.1_all.deb
 0528a7efdd3d30b8d28c4e0674ec28c1 158952 misc optional kvm-source_66+dfsg-1.1_all.deb
 202bae86a7d24a0d3270fd91c440922e 632944 misc optional kvm_66+dfsg-1.1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFIMuDa62zWxYk/rQcRAhzzAKCtHxSlNFh0pwUMOb8jHmMkmRY3owCfWCiJ
Nd8wh9rdLpYp6KU6pkcSqD0=
=H9hM
-----END PGP SIGNATURE-----


Accepted:
kvm-data_66+dfsg-1.1_all.deb
  to pool/main/k/kvm/kvm-data_66+dfsg-1.1_all.deb
kvm-source_66+dfsg-1.1_all.deb
  to pool/main/k/kvm/kvm-source_66+dfsg-1.1_all.deb
kvm_66+dfsg-1.1.diff.gz
  to pool/main/k/kvm/kvm_66+dfsg-1.1.diff.gz
kvm_66+dfsg-1.1.dsc
  to pool/main/k/kvm/kvm_66+dfsg-1.1.dsc
kvm_66+dfsg-1.1_i386.deb
  to pool/main/k/kvm/kvm_66+dfsg-1.1_i386.deb
Reply to: