Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted qemu 1:2.8+dfsg-6+deb9u14 (source) into oldstable
Date: Sat, 10 Apr 2021 19:00:12 +0000
Signed by: Markus Koschany <apo@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 10 Apr 2021 16:38:50 +0200
Source: qemu
Binary: qemu qemu-system qemu-block-extra qemu-system-common qemu-system-misc qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc qemu-system-x86 qemu-user qemu-user-static qemu-user-binfmt qemu-utils qemu-guest-agent qemu-kvm
Architecture: source
Version: 1:2.8+dfsg-6+deb9u14
Distribution: stretch-security
Urgency: high
Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 qemu       - fast processor emulator
 qemu-block-extra - extra block backend modules for qemu-system and qemu-utils
 qemu-guest-agent - Guest-side qemu-system agent
 qemu-kvm   - QEMU Full virtualization on x86 hardware
 qemu-system - QEMU full system emulation binaries
 qemu-system-arm - QEMU full system emulation binaries (arm)
 qemu-system-common - QEMU full system emulation binaries (common files)
 qemu-system-mips - QEMU full system emulation binaries (mips)
 qemu-system-misc - QEMU full system emulation binaries (miscellaneous)
 qemu-system-ppc - QEMU full system emulation binaries (ppc)
 qemu-system-sparc - QEMU full system emulation binaries (sparc)
 qemu-system-x86 - QEMU full system emulation binaries (x86)
 qemu-user  - QEMU user mode emulation binaries
 qemu-user-binfmt - QEMU user mode binfmt registration for qemu-user
 qemu-user-static - QEMU user mode emulation binaries (static version)
 qemu-utils - QEMU utilities
Changes:
 qemu (1:2.8+dfsg-6+deb9u14) stretch-security; urgency=high
 .
   * Non-maintainer upload by the LTS team.
   * Fix CVE-2021-20257:
     net: e1000: infinite loop while processing transmit descriptors
   * Fix CVE-2021-20255:
     A stack overflow via an infinite recursion vulnerability was found in the
     eepro100 i8255x device emulator of QEMU. This issue occurs while processing
     controller commands due to a DMA reentry issue. This flaw allows a guest
     user or process to consume CPU cycles or crash the QEMU process on the
     host, resulting in a denial of service.
   * Fix CVE-2021-20203:
     An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU
     for versions up to v5.2.0. It may occur if a guest was to supply invalid
     values for rx/tx queue size or other NIC parameters. A privileged guest
     user may use this flaw to crash the QEMU process on the host resulting in
     DoS scenario.
   * Fix CVE-2021-3416:
     A potential stack overflow via infinite loop issue was found in various NIC
     emulators of QEMU in versions up to and including 5.2.0. The issue occurs
     in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A
     guest user/process may use this flaw to consume CPU cycles or crash the
     QEMU process on the host resulting in DoS scenario.
   * Fix CVE-2021-3409/CVE-2020-17380:
     The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective,
     thus making QEMU vulnerable to the out-of-bounds read/write access issues
     previously found in the SDHCI controller emulation code. This flaw allows a
     malicious privileged guest to crash the QEMU process on the host, resulting
     in a denial of service or potential code execution.
   * Fix CVE-2021-3392:
     A use-after-free flaw was found in the MegaRAID emulator of QEMU. This issue
     occurs while processing SCSI I/O requests in the case of an error
     mptsas_free_request() that does not dequeue the request object 'req' from
     a pending requests queue. This flaw allows a privileged guest user to
     crash the QEMU process on the host, resulting in a denial of service.
Checksums-Sha1:
 4ec58df3545e39927f04e68511c3f21df6cbd4c7 6059 qemu_2.8+dfsg-6+deb9u14.dsc
 440256943a956e799ab42bb5171235b6a90e6977 199752 qemu_2.8+dfsg-6+deb9u14.debian.tar.xz
 c741331822f770d93f6bfe33ae59540f0a12aca2 22405 qemu_2.8+dfsg-6+deb9u14_amd64.buildinfo
Checksums-Sha256:
 a35890ec1fbde3474b0fff007cf5e6ac2e1bbc6c444aeba265051e49037edb52 6059 qemu_2.8+dfsg-6+deb9u14.dsc
 07f5bb1c6f0469d966f323ccdd0a49bc859379e4848ee6cb45d5b79bc4f5e327 199752 qemu_2.8+dfsg-6+deb9u14.debian.tar.xz
 068f8128280c392a12df82a684860cd9828c919b91fb6fe986ac6dbe2b277db9 22405 qemu_2.8+dfsg-6+deb9u14_amd64.buildinfo
Files:
 ebd5f2b41cf2064a4fb49b11dcaf5c75 6059 otherosfs optional qemu_2.8+dfsg-6+deb9u14.dsc
 d070d9f98cd1a81143cac033b54a7813 199752 otherosfs optional qemu_2.8+dfsg-6+deb9u14.debian.tar.xz
 25e2e036fa988e1774d84465a8cf76bb 22405 otherosfs optional qemu_2.8+dfsg-6+deb9u14_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmBx8cFfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkVLsQAK35/i/LiLhKbqjzNaI+xFXV1mYEXpsah7D4
24ZraUu6H/BaHvuZhj0ptKXoKSaPpOzKgg1+FVK4a69hQ4cJTGvLObbNvHs+Z62I
LRitFk45mJNATNnnp5iawm1AKwoMo5Y0Cnir4AeeZ1x2Otu/DizFKNXIZR8Qyy87
lbtepaId2b/UBcLaR63Lw3G0ImsFONyQwsrjiV/T4afx8JxhesFA1PZbWMKEvBx5
mrWeL9wIxnMPt72rzGbd5fAROCuaiC+xCNThrjaMEsto2agu77+5zDQ300K2gjNo
/kt2/WjiYdYlSk5sGBA8MY3DoUgHZScWyPI7f150YljsU9dnuDkdsstljzqaxBsU
9MaatMi/YEPEtLKppSj85hA3vEQxXTPqgm0V1B2ArIl9rsfeisQuSFXPKDaAEa3M
+S/p/+ikcVNI4grbrQAjlZ+chIT+WLsWVG4CthHpICqY3kp6BWKLaSEM36Vw4IMx
G0FpPdK8v8m3jAv9yF5LVuk3DnbFZ/f4KNjq3I6gZia6yJI4pR0FtXsv5ucP0NDv
IUcVLUtzyDZL2ht4r/yFScJ7JagOgQa89wymAetmLUAYSOyxhlLPFfKr08YSI7UW
IeGdsSC+FyKpB3Y5uI/AZc8r9MYng4SgrmY4ZjHZpmlbHFgajpWhLY62Q9it+dpy
664SusBe
=tyWs
-----END PGP SIGNATURE-----
News for package qemu
