qemu: request for testing
Hi,
A proposed security upload is available at:
https://www.beuc.net/tmp/debian-lts/qemu/
I would welcome testing, even if just one feature you use (qemu's
feature set is large).
I intend to upload within a week.
Cheers!
Sylvain
qemu (1:2.1+dfsg-12+deb8u12) UNRELEASED-security; urgency=medium
.
* Non-maintainer upload by the LTS team.
.
[Mike Gabriel]
* CVE-2017-9375: Track xhci_kick_ep processing being active in a
variable.
Check the variable at the beginning of xhci_kick_ep. Add an assert
right
before processing the kick.
* CVE-2019-12155: qxl: Check release info object. When releasing spice
resources in release_resource() routine, if release info object
'ext.info' is null, it leads to null pointer dereference. Add check
to avoid it.
* CVE-2016-5403: virtio: error out if guest exceeds virtqueue size. Plus
set vq->inuse correctly at various places.
* CVE-2016-5126: block/iscsi: avoid potential overflow of acb->task->cdb.
* Remove unused/redundant patch files.
.
[Sylvain Beucler]
* CVE-2019-12068: scsi: lsi: exit infinite loop while executing script
* CVE-2019-13164: qemu-bridge-helper.c in QEMU 4.0.0 does not ensure
that a network interface name (obtained from bridge.conf or a
--br=bridge option) is limited to the IFNAMSIZ size, which can
lead to an ACL bypass.
* CVE-2019-14378: ip_reass in ip_input.c in libslirp has a
heap-based buffer overflow via a large packet because it
mishandles a case involving the first fragment.
* CVE-2019-15890: libslirp has a use-after-free in ip_reass in
ip_input.c.
Reply to: