-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 03 Jul 2020 18:24:48 +0300 Source: qemu Architecture: source Version: 1:5.0-6 Distribution: unstable Urgency: medium Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org> Changed-By: Michael Tokarev <mjt@tls.msk.ru> Closes: 961887 Changes: qemu (1:5.0-6) unstable; urgency=medium . [ Christian Ehrhardt ] * d/control-in: disable pmem on ppc64 as it is currently considered experimental on that architecture * d/rules: makefile definitions can't be recursive - sys_systems for s390x * d/rules: report config log from the correct subdir - base build * d/rules: report config log from the correct subdir - microvm build * d/control-in: disable rbd support unavailable on riscv * fix assert in qemu guest agent that crashes on shutdown (LP: #1878973) * d/control-in: build-dep libcap is no more needed * d/rules: update -spice compat (Ubuntu only) . [ Michael Tokarev ] * save block modules on upgrades (LP: #1847361) After upgrade a still running qemu of a former version can't load the new modules e.g. for extended storage support. Qemu 5.0 has the code to allow defining a path that it will load these modules from. * ati-vga-check-mm_index-before-recursive-call-CVE-2020-13800.patch Closes: CVE-2020-13800, ati-vga allows guest OS users to trigger infinite recursion via a crafted mm_index value during ati_mm_read or ati_mm_write call. * revert-memory-accept-mismatching-sizes-in-memory_region_access_valid...patch Closes: CVE-2020-13754, possible OOB memory accesses in a bunch of qemu devices which uses min_access_size and max_access_size Memory API fields. Also closes: CVE-2020-13791 * exec-set-map-length-to-zero-when-returning-NULL-CVE-2020-13659.patch CVE-2020-13659: address_space_map in exec.c can trigger a NULL pointer dereference related to BounceBuffer * megasas-use-unsigned-type-for-reply_queue_head-and-check-index...patch Closes: #961887, CVE-2020-13362, megasas_lookup_frame in hw/scsi/megasas.c has an OOB read via a crafted reply_queue_head field from a guest OS user * megasas-use-unsigned-type-for-positive-numeric-fields.patch fix other possible cases like in CVE-2020-13362 (#961887) * megasas-fix-possible-out-of-bounds-array-access.patch Some tracepoints use a guest-controlled value as an index into the mfi_frame_desc[] array. Thus a malicious guest could cause a very low impact OOB errors here * nbd-server-avoid-long-error-message-assertions-CVE-2020-10761.patch Closes: CVE-2020-10761, An assertion failure issue in the QEMU NBD Server. This flaw occurs when an nbd-client sends a spec-compliant request that is near the boundary of maximum permitted request length. A remote nbd-client could use this flaw to crash the qemu-nbd server resulting in a DoS. * es1370-check-total-frame-count-against-current-frame-CVE-2020-13361.patch Closes: CVE-2020-13361, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation * sdcard-dont-switch-to-ReceivingData-if-address-is-in...-CVE-2020-13253.patch CVE-2020-13253: sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations. A guest OS user can crash the QEMU process. And a preparational patch, sdcard-update-coding-style-to-make-checkpatch-happy.patch * a few patches from the stable series: - fix-tulip-breakage.patch The tulip network driver in a qemu-system-hppa emulation is broken in the sense that bigger network packages aren't received any longer and thus even running e.g. "apt update" inside the VM fails. Fix this. - 9p-lock-directory-streams-with-a-CoMutex.patch Prevent deadlocks in 9pfs readdir code - net-do-not-include-a-newline-in-the-id-of-nic-device.patch Fix newline accidentally sneaked into id string of a nic - qemu-nbd-close-inherited-stderr.patch - virtio-balloon-fix-free-page-hinting-check-on-unreal.patch - virtio-balloon-fix-free-page-hinting-without-an-iothread.patch - virtio-balloon-unref-the-iothread-when-unrealizing.patch . [ Aurelien Jarno ] * Remove myself from maintainers Checksums-Sha1: 3efc1ed326059f3e36b81453bd9d4e6fba513bf6 6720 qemu_5.0-6.dsc 7e1c42acdb5cfe1230b51c30f217123744cf6f98 102620 qemu_5.0-6.debian.tar.xz c76add30bfde5efff98b24c8ddb1f0f8f928bbf5 9226 qemu_5.0-6_source.buildinfo Checksums-Sha256: 758a10ef8bee0bb1c568865de9be2549cb20968cc7ece36c87259a3523ae210c 6720 qemu_5.0-6.dsc cf1b230efb9167f167e9f6fc2ce923570d8d219633a50b2dd97027607e100ab3 102620 qemu_5.0-6.debian.tar.xz 31020e20e837590c8d24249741c4d9ef9ca22803235e0f003bde9c07a1a56d52 9226 qemu_5.0-6_source.buildinfo Files: 47a7bd3c2a0f3619a6cedd89f0192359 6720 otherosfs optional qemu_5.0-6.dsc 6d6495224f90b82919d0fc4ce7e0884c 102620 otherosfs optional qemu_5.0-6.debian.tar.xz 52ce44ba6abf9d0d7eb20bada52851dc 9226 otherosfs optional qemu_5.0-6_source.buildinfo -----BEGIN PGP SIGNATURE----- iQFDBAEBCAAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAl7/TfIPHG1qdEB0bHMu bXNrLnJ1AAoJEHAbT2saaT5ZrOQH/0r6ZpkyyFUI+VWc74WMJ/zeU3dF+newaua6 j81za0wDhNErEX1zctzzHfN4OrIF13olM0RajnmYJ4Ai/HxLXcXUsc5b4vRyQ56Q YrcJyA9300S8TrcV2CDyFUo4R6aOSD8xFOG8xbritqQOIFfyLykNoOBFUGDjEZ6q n5yrAxVf+4LxnkbJV+TMuisS/k8/psyaInYSUimnkEBdSPtJroZRLZiH6h+ufroi F+lWrFrjjVl83us+ZnxR2d3/1Lr0ik7qeF2GptUA5jvf3kgPKfp/8EcMcnZPW7eM jXN4Yg8zdd0N8CfchrYRLqip712MBvEPjEyVEnwVYSj9DGqHJb8= =KXfv -----END PGP SIGNATURE-----