Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted qemu 1:2.8+dfsg-6+deb9u13 (source) into oldstable
Date: Thu, 18 Feb 2021 11:20:12 +0000
Signed by: Holger Levsen <holger@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 12 Feb 2021 14:11:25 +0100
Source: qemu
Binary: qemu qemu-system qemu-block-extra qemu-system-common qemu-system-misc qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc qemu-system-x86 qemu-user qemu-user-static qemu-user-binfmt qemu-utils qemu-guest-agent qemu-kvm
Architecture: source
Version: 1:2.8+dfsg-6+deb9u13
Distribution: stretch-security
Urgency: medium
Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>
Changed-By: Sylvain Beucler <beuc@debian.org>
Description:
 qemu       - fast processor emulator
 qemu-block-extra - extra block backend modules for qemu-system and qemu-utils
 qemu-guest-agent - Guest-side qemu-system agent
 qemu-kvm   - QEMU Full virtualization on x86 hardware
 qemu-system - QEMU full system emulation binaries
 qemu-system-arm - QEMU full system emulation binaries (arm)
 qemu-system-common - QEMU full system emulation binaries (common files)
 qemu-system-mips - QEMU full system emulation binaries (mips)
 qemu-system-misc - QEMU full system emulation binaries (miscellaneous)
 qemu-system-ppc - QEMU full system emulation binaries (ppc)
 qemu-system-sparc - QEMU full system emulation binaries (sparc)
 qemu-system-x86 - QEMU full system emulation binaries (x86)
 qemu-user  - QEMU user mode emulation binaries
 qemu-user-binfmt - QEMU user mode binfmt registration for qemu-user
 qemu-user-static - QEMU user mode emulation binaries (static version)
 qemu-utils - QEMU utilities
Changes:
 qemu (1:2.8+dfsg-6+deb9u13) stretch-security; urgency=medium
 .
   * Non-maintainer upload by the LTS Security Team.
   * CVE-2020-15469: a MemoryRegionOps object may lack read/write callback
     methods, leading to a NULL pointer dereference.
   * CVE-2020-15859: QEMU has a use-after-free in hw/net/e1000e_core.c
     because a guest OS user can trigger an e1000e packet with the data's
     address set to the e1000e's MMIO address.
   * CVE-2020-25084: QEMU has a use-after-free in hw/usb/hcd-xhci.c because
     the usb_packet_map return value is not checked.
   * CVE-2020-28916: hw/net/e1000e_core.c has an infinite loop via an RX
     descriptor with a NULL buffer address.
   * CVE-2020-29130: slirp.c has a buffer over-read because it tries to
     read a certain amount of header data even if that exceeds the total
     packet length.
   * CVE-2020-29443: ide_atapi_cmd_reply_end in hw/ide/atapi.c allows
     out-of-bounds read access because a buffer index is not validated.
   * CVE-2021-20181: 9pfs: ZDI-CAN-10904: QEMU Plan 9 file system TOCTOU
     privilege escalation vulnerability.
   * CVE-2021-20221: aarch64: GIC: out-of-bound heap buffer access via an
     interrupt ID field.
Checksums-Sha1:
 c59c74ef060c495969e595b2c69f0703770baeff 5908 qemu_2.8+dfsg-6+deb9u13.dsc
 e5260b5946216a4d6be887686c0bcc32a4381684 195144 qemu_2.8+dfsg-6+deb9u13.debian.tar.xz
 e309ca908c54de6c139b133541cec531adc443b0 21985 qemu_2.8+dfsg-6+deb9u13_amd64.buildinfo
Checksums-Sha256:
 bf83601387a5883454044b771ba721cf34c194923c4c320baf1dfe7599a73542 5908 qemu_2.8+dfsg-6+deb9u13.dsc
 550f5ad09a9ad2bf5c30993656d02bb7aca5cc49e990ab80e3b770a12c544e4e 195144 qemu_2.8+dfsg-6+deb9u13.debian.tar.xz
 eae8a88b13ee5e3fcae79343a3acd371dc80aee5f53b1b9dacb40b42ccd36223 21985 qemu_2.8+dfsg-6+deb9u13_amd64.buildinfo
Files:
 72c41be97bb5ff130e50389230948b26 5908 otherosfs optional qemu_2.8+dfsg-6+deb9u13.dsc
 a5e911f16822ae8c74579798269a8259 195144 otherosfs optional qemu_2.8+dfsg-6+deb9u13.debian.tar.xz
 aba6c53b30ffd3eba408d00904cf2500 21985 otherosfs optional qemu_2.8+dfsg-6+deb9u13_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEuL9UE3sJ01zwJv6dCRq4VgaaqhwFAmAuSSUACgkQCRq4Vgaa
qhyfcQ//dL6r4+kUVpKuh9cdyd2ojpGArc0q1pKI1gQwYK5mF+LhGajDrrThnkZ1
7QlQ5/c+NuwsHpKn4Gl9VXy9M8nTPJJXLv68YrZuCR4ajEieQmaz04VsTyn0EAYu
Iw765LXumyOpZcoWrEZlIkOLy77gbl5CPyzrJov20bCY1hjkYXNlUd8gFjLs83Ky
I/YcCbUhS1ZGDi7JSq26WK0E1P9n3XnnuimZQfI2hfTTwssA5ccIokrtuNU21Bbl
xQiKt7w88aiF3JMAClIsvNnV+98W0zHcwx2ufvjeLKk0v8jhP3TGLNr1GVTtQVKP
B0VwUiz6qq4ZBeRBlq0SHktdWl1nAetI9ywZ/8tZcqxoalNoskwqziJ2MCWQoY4b
2Z1hXOP7NI3R7X2hJjYG+HNyu+fS/Ky949anSZlqmjtTZ/iQiF99c5ebCOYESCqn
Gme+Jc85VVYpTkwX7hjunbBesDCPVQkpTJ9SnhbB6XtWQ+RwRI71syPgtCq5Myn2
aw9LfrG+sld8YRL+j9GM9yCoLfXfltvfaEp2lss34SbdLH+8ll0P/f01DjHZgqc1
liw9uKbUQy6R2unEjgEJaM7oVSyqbqlqcWT1qNwZnNEmvUgpiTa2NI77Ak9qF29W
S1Z+FphHbSjm17w9gg4OzH8Ekj5koE00HUpd3vZ8pjr5dLK+D6U=
=Hydj
-----END PGP SIGNATURE-----
News for package qemu
