-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 04 Jul 2020 13:17:32 +0300 Source: qemu Architecture: source Version: 1:3.1+dfsg-8+deb10u6 Distribution: buster-security Urgency: high Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org> Changed-By: Michael Tokarev <mjt@tls.msk.ru> Closes: 961887 961888 Changes: qemu (1:3.1+dfsg-8+deb10u6) buster-security; urgency=high . * revert-memory-accept-mismatching-sizes-in-memory_region_access_valid...patch Closes: CVE-2020-13754, possible OOB memory accesses in a bunch of qemu devices which uses min_access_size and max_access_size Memory API fields. Also closes: CVE-2020-13791 * acpi-tmr-allow-2-byte-reads.patch - fix an issue in MacOS exposed by the previous "revert-.." change (#964247) * exec-set-map-length-to-zero-when-returning-NULL-CVE-2020-13659.patch CVE-2020-13659: address_space_map in exec.c can trigger a NULL pointer dereference related to BounceBuffer * megasas-use-unsigned-type-for-reply_queue_head-and-check-index...patch Closes: #961887, CVE-2020-13362, megasas_lookup_frame in hw/scsi/megasas.c has an OOB read via a crafted reply_queue_head field from a guest OS user * megasas-use-unsigned-type-for-positive-numeric-fields.patch fix other possible cases like in CVE-2020-13362 (#961887) * megasas-fix-possible-out-of-bounds-array-access.patch Some tracepoints use a guest-controlled value as an index into the mfi_frame_desc[] array. Thus a malicious guest could cause a very low impact OOB errors here * es1370-check-total-frame-count-against-current-frame-CVE-2020-13361.patch Closes: #961888, CVE-2020-13361, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation * slirp-drop-bogus-IPv6-messages-CVE-2020-10756.patch Closes: CVE-2020-10756, possible OOB read in icmp6_send_echoreply() Checksums-Sha1: e5a9eaea0356e4e73d98cb9924a90228c62f8c67 6155 qemu_3.1+dfsg-8+deb10u6.dsc 8fef37f6415522375209c0b109b0b1e8af1473a9 108880 qemu_3.1+dfsg-8+deb10u6.debian.tar.xz 0ca040287d62909aa33fd3ea042be80be05da0e8 8663 qemu_3.1+dfsg-8+deb10u6_source.buildinfo Checksums-Sha256: 5456c3ee75220ebc7f51a85f1ea12ac0679913f86da262f5963aa64b6d5bf34b 6155 qemu_3.1+dfsg-8+deb10u6.dsc 1bf29191828888ea47829972ac6053013b4c21dc9f2707ef7d35c956039d1d3a 108880 qemu_3.1+dfsg-8+deb10u6.debian.tar.xz e2a674391acb25f5f2a259239e7b7b694a87287c4e01c9695e7b20af512b1ae6 8663 qemu_3.1+dfsg-8+deb10u6_source.buildinfo Files: 84bf6cd780f4c36fe48d69416fef2ecf 6155 otherosfs optional qemu_3.1+dfsg-8+deb10u6.dsc 7b23cb41b4ad1d09e4d5b5c38ec5fd96 108880 otherosfs optional qemu_3.1+dfsg-8+deb10u6.debian.tar.xz 7b6058ee8e6bdf9eb8b92dddcda80c9d 8663 otherosfs optional qemu_3.1+dfsg-8+deb10u6_source.buildinfo -----BEGIN PGP SIGNATURE----- iQFDBAEBCAAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAl8NjTkPHG1qdEB0bHMu bXNrLnJ1AAoJEHAbT2saaT5ZProIAJ5pq7aoDUWKfNO8u02m8Xut/88PI/cgYa9I inck/BvYFDRYKnZXyrPw4BVKaHkmKVSj+O/k5ZAGjnhZdKOeicZ4Ww9QQ5fNADZ2 XMB2/YFkCp3BZrJgNQgcjg48uOwaeommXwmaGjGubI5BQ6C/9gpzzoaTe7aJp/Ef GGjc0bNq5v1Ks26ZU/oB/eaeetPOwL//cNj1sQxOoItohccAfe3/F0IpEjMZ6rhB TvmlTDSFinrZZfpp34bVvSHvtrYD/SrDpPmimX2xAd7+Je2unqDXhIQj9sdAMix7 Z4B6+52zDgcbOJTfWQbIMPDepbJFPLBZuU0YG94vCv9CVc25dMg= =GCc2 -----END PGP SIGNATURE-----