[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

qemu: request for testing


A proposed security upload is available at:

I would welcome testing, even if just one feature you use (qemu's
feature set is large).
I intend to upload within a week.


 qemu (1:2.1+dfsg-12+deb8u12) UNRELEASED-security; urgency=medium
   * Non-maintainer upload by the LTS team.
   [Mike Gabriel]
   * CVE-2017-9375: Track xhci_kick_ep processing being active in a
     Check the variable at the beginning of xhci_kick_ep. Add an assert
     before processing the kick.
   * CVE-2019-12155: qxl: Check release info object. When releasing spice
     resources in release_resource() routine, if release info object
     'ext.info' is null, it leads to null pointer dereference. Add check
     to avoid it.
   * CVE-2016-5403: virtio: error out if guest exceeds virtqueue size. Plus
     set vq->inuse correctly at various places.
   * CVE-2016-5126: block/iscsi: avoid potential overflow of acb->task->cdb.
   * Remove unused/redundant patch files.
   [Sylvain Beucler]
   * CVE-2019-12068: scsi: lsi: exit infinite loop while executing script
   * CVE-2019-13164: qemu-bridge-helper.c in QEMU 4.0.0 does not ensure
     that a network interface name (obtained from bridge.conf or a
     --br=bridge option) is limited to the IFNAMSIZ size, which can
     lead to an ACL bypass.
   * CVE-2019-14378: ip_reass in ip_input.c in libslirp has a
     heap-based buffer overflow via a large packet because it
     mishandles a case involving the first fragment.
   * CVE-2019-15890: libslirp has a use-after-free in ip_reass in

Reply to: