Accepted qemu 0.8.2-5lenny1 (source i386)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Thu, 24 May 2007 19:04:58 +0200
Source: qemu
Binary: qemu
Architecture: source i386
Version: 0.8.2-5lenny1
Distribution: testing-security
Urgency: high
Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>
Changed-By: Stefan Fritsch <sf@debian.org>
Description:
qemu - fast processor emulator
Changes:
qemu (0.8.2-5lenny1) testing-security; urgency=high
.
[ Stefan Fritsch ]
* Non-maintainer upload by the security team
* Port security fixes from 0.8.2-4etch1 to testing
.
[ Guillem Jover ]
* Fix several security issues found by Tavis Ormandy <taviso@google.com>:
- Cirrus LGD-54XX "bitblt" Heap Overflow. CVE-2007-1320
- NE2000 "mtu" heap overflow.
- QEMU "net socket" heap overflow.
- QEMU NE2000 "receive" integer signedness error. CVE-2007-1321
- Infinite loop in the emulated SB16 device.
- Unprivileged "aam" instruction does not correctly handle the
undocumented divisor operand. CVE-2007-1322
- Unprivileged "icebp" instruction will halt emulation. CVE-2007-1322
- debian/patches/90_security.patch: New file.
Files:
ffc8b26899ef74e09dff887e979f19e8 1124 misc optional qemu_0.8.2-5lenny1.dsc
40da8bf4469d8e02431293b51a5db1fe 66146 misc optional qemu_0.8.2-5lenny1.diff.gz
38833607a2c2b3c5c6a17ad6251f8ba2 3677960 misc optional qemu_0.8.2-5lenny1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGVdQIbxelr8HyTqQRAqCpAJ9WnOSH5BaZhXxQas8hw5JFng+01wCghZzD
WJIQ4Q1WTf6OjUBZDQrRRtk=
=6/4F
-----END PGP SIGNATURE-----
Accepted:
qemu_0.8.2-5lenny1.diff.gz
to pool/main/q/qemu/qemu_0.8.2-5lenny1.diff.gz
qemu_0.8.2-5lenny1.dsc
to pool/main/q/qemu/qemu_0.8.2-5lenny1.dsc
qemu_0.8.2-5lenny1_i386.deb
to pool/main/q/qemu/qemu_0.8.2-5lenny1_i386.deb
Reply to: