-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 09 Aug 2019 13:41:43 +0300 Source: qemu Architecture: source Version: 1:2.8+dfsg-6+deb9u8 Distribution: stretch-security Urgency: medium Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org> Changed-By: Michael Tokarev <mjt@tls.msk.ru> Closes: 873012 931351 933741 Changes: qemu (1:2.8+dfsg-6+deb9u8) stretch-security; urgency=medium . [ Michal Arbet ] * Fix improper backport of CVE-2017-9524 fix that caused NBD connections to hang (Closes: #873012). Thanks to Geoffrey Thomas. - nbd-fully-initialize-client-in-case-of-failed-negotiation-CVE-2017-9524.patch: Don't move nbd_set_handlers before nbd_negotiate. - nbd-fix-regression-on-resiliency-to-port-scan-CVE-2017-9524.patch: Refresh. . [ Michael Tokarev ] * slirp-fix-heap-overflow-in-ip_reass-on-big-packet-input-CVE-2019-14378.patch bugfix in user-level networking Closes: #933741, CVE-2019-14378 * qemu-bridge-helper-restrict-interface-name-to-IFNAMSIZ-CVE-2019-13164.patch Closes: #931351, CVE-2019-13164 * integrate fix-md-clear-backport.patch into enable-md-clear.patch Thanks Moritz Mühlenhoff and Vincent Tondellier * device_tree-dont-use-load_image-CVE-2018-20815.patch fix unlikely overflow via saved image file size Closes: CVE-2018-20815 Checksums-Sha1: 8fbeafc7c10912d1e137d6697b609f768b3232aa 5579 qemu_2.8+dfsg-6+deb9u8.dsc 30ed9844cd7b60441d5532b4a7ff5bfcc04baebb 162212 qemu_2.8+dfsg-6+deb9u8.debian.tar.xz 351e1efe0fef0262cf2a2013aa0215679c2815af 7869 qemu_2.8+dfsg-6+deb9u8_source.buildinfo Checksums-Sha256: 0a4987c1ba44baa25341ea25c3e3ac06358994abc662a7db5ed1545a191048c1 5579 qemu_2.8+dfsg-6+deb9u8.dsc e3c0cd85409403824efe9ead0d5f110f2943c82986e460d5e3bb37bdb71d7fbb 162212 qemu_2.8+dfsg-6+deb9u8.debian.tar.xz 67b01392505ec7e5664968ba798324212027e9fca92f989e62f3580f9d1bc77c 7869 qemu_2.8+dfsg-6+deb9u8_source.buildinfo Files: 0bf19074279779e05fe2bd9233a77409 5579 otherosfs optional qemu_2.8+dfsg-6+deb9u8.dsc 15c10c07febb626168caff7f2e20f56e 162212 otherosfs optional qemu_2.8+dfsg-6+deb9u8.debian.tar.xz 12fc5e4ac1ad9c7754054a5c4bee85a0 7869 otherosfs optional qemu_2.8+dfsg-6+deb9u8_source.buildinfo -----BEGIN PGP SIGNATURE----- iQFDBAEBCAAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAl1fod4PHG1qdEB0bHMu bXNrLnJ1AAoJEHAbT2saaT5ZNlcIAMAc64zOaMb6Yvuln+EvTTgXVLO5RIxH8e92 a7bA87TF9h98s2FeOabcIhno3b3kDZX0rjB+yFRPItQHPYwtY8YTSW6kLUb8q2Ds 9xh7RFMlEKfd1AHsRf3eeWCrxxNib0nqsUqaG5ZSEc8U8BANXwSP8Z8A2DR4/AE8 NveJZ8zaQy53RSNPjo9Sd3PlUcKTPW568QABfbkIQ43uVoXwsf8FiifhrN/LY8nD GrygXNiYpTDjS4Uvkhvjt+RMAxCvfRzlfLeMm2BEv/PFDHtOWqDsF+9m7hLaEMre 45CYUECpxZn22UDvT/L7K/7CFTy+ocwvSgqbKE6h0gqwADB8MR0= =GR5X -----END PGP SIGNATURE-----