Re: [SECURITY] [DSA 3045-1] qemu security update

To: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 3045-1] qemu security update
From: Michael Tokarev <mjt@tls.msk.ru>
Date: Sun, 05 Oct 2014 00:09:41 +0400
Message-id: <[🔎] 54305405.80606@msgid.tls.msk.ru>
In-reply-to: <20141004192738.GB7152@pisco.westfalen.local>
References: <20141004192738.GB7152@pisco.westfalen.local>

04.10.2014 23:27, Moritz Muehlenhoff wrote:
> -------------------------------------------------------------------------
> Debian Security Advisory DSA-3045-1                   security@debian.org
> http://www.debian.org/security/                        Moritz Muehlenhoff
> October 04, 2014                       http://www.debian.org/security/faq
> -------------------------------------------------------------------------
> 
> Package        : qemu
> CVE ID         : CVE-2014-0142 CVE-2014-0143 CVE-2014-0144 CVE-2014-0145
>                  CVE-2014-0146 CVE-2014-0147 CVE-2014-0222 CVE-2014-0223
>                  CVE-2014-3615 CVE-2014-3640
> 
> Several vulnerabilities were discovered in qemu, a fast processor
> emulator:
> 
> * Various security issues have been found in the block qemu drivers.
>   Malformed disk images might result in the execution of arbitrary code.
> * A NULL pointer dereference in SLIRP may result in denial of service
> * An information leak was discovered in the VGA emulation
> 
> For the stable distribution (wheezy), these problems have been fixed in
> version 1.1.2+dfsg-6a+deb7u4.
> 
> For the unstable distribution (sid), these problems will be fixed soon.

Hmm?  For unstable (and testing), this has been fixed in 2.1-5... ;)
I even uploaded fixed version to wheezy-backports already..

FWIW.

Thanks,

/mjt

Reply to:

Prev by Date: Re: about bash and Debian Lenny
Next by Date: Re: about bash and Debian Lenny
Previous by thread: Re: about bash and Debian Lenny
Next by thread: Rubberhose filesystem for Wheezy
Index(es):
- Date
- Thread