-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 29 Apr 2021 14:14:13 +0200 Source: edk2 Binary: ovmf qemu-efi Architecture: source Version: 0~20161202.7bbe0b3e-1+deb9u2 Distribution: stretch-security Urgency: high Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: ovmf - UEFI firmware for 64-bit x86 virtual machines qemu-efi - UEFI firmware for 64-bit ARM virtual machines Changes: edk2 (0~20161202.7bbe0b3e-1+deb9u2) stretch-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2019-0161, CVE-2019-14558, CVE-2019-14559, CVE-2019-14562, CVE-2019-14563, CVE-2019-14575, CVE-2019-14584, CVE-2019-14586, CVE-2019-14587, CVE-2021-28210 and CVE-2021-28211. Several security vulnerabilities have been discovered in edk2, firmware for virtual machines. Integer and stack overflows and uncontrolled resource consumption may lead to a denial-of-service or in a worst case scenario, allow an authenticated local user to potentially enable escalation of privilege. Checksums-Sha1: 0f2de2a9c5f2da3eff0776dcd31515f731dfe302 2362 edk2_0~20161202.7bbe0b3e-1+deb9u2.dsc f14783c6e10ea1c9624b06c7b19ac1bbe08aa310 14801028 edk2_0~20161202.7bbe0b3e.orig.tar.xz ae07ef8dfb8a120c367fa4441fd14f465349d049 30928 edk2_0~20161202.7bbe0b3e-1+deb9u2.debian.tar.xz 98933709b6bae73735f06d9a68052e4d71ebc71a 7610 edk2_0~20161202.7bbe0b3e-1+deb9u2_amd64.buildinfo Checksums-Sha256: f2d3b62415d530b9b724ee06ee267c05266a600b510671ad6333da8c1f30a7f7 2362 edk2_0~20161202.7bbe0b3e-1+deb9u2.dsc 6035657959398dc123630c6a71696cc816f309de4502466015b14ca3244ee146 14801028 edk2_0~20161202.7bbe0b3e.orig.tar.xz 20726ff1f308bf26f88d2366f3a45e29735aff1ae2f34e56124d8450e09a930b 30928 edk2_0~20161202.7bbe0b3e-1+deb9u2.debian.tar.xz 2e32c587f73222729c3e1cecf1083469f1ee0cca6431e38c170820582a10b59e 7610 edk2_0~20161202.7bbe0b3e-1+deb9u2_amd64.buildinfo Files: 528f0cf246f153155c8cbfa4f6b1960d 2362 misc extra edk2_0~20161202.7bbe0b3e-1+deb9u2.dsc b80560dc0da5c113f2243b2f9e1698f7 14801028 misc extra edk2_0~20161202.7bbe0b3e.orig.tar.xz 69f69b98a0258400ee329f7bab8d74f2 30928 misc extra edk2_0~20161202.7bbe0b3e-1+deb9u2.debian.tar.xz 51b51ac57f091684c78d571fc17ef705 7610 misc extra edk2_0~20161202.7bbe0b3e-1+deb9u2_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmCKvXRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkPR4P/16vT2MdU9NuBIpgSFzwaLccOJBesbHZsoHE TxfueguG/fvTjX7lNUZlW0/OE2BZImICHD1B7NZgVeZg6G/PEyFKdv6NBI+EXJUh YY4H++fIpF1b5m4l+qOtlWpB1uikdJwQU8W6mMHmZhg0NFpNCp8Jq0PR3Rsrv96w Ct61OiOQLowStCOeP/qQw2YSnj0s2zupn6BJNCgCw/hAzCXHoUzbr1lYfYBerhjk M6Spxf1XA1XttX40PEtO7vwA+ykWeNJYMu9n0KEhqyDQhUOK13gEuSY0NR57qKRA vGcHeGPE6q5juoEvaVDD6Q0DgwqVpi++1+kjH31Jz6k/oJrOIxj8ZxBeXkFw84S8 l8Kqc+MR53mN2coVv3iU7q1nnYkIkmViZzJdI4Z8KJBt0YoVzL2RZ0dJNzDpcg/L gQTpwstEYGxEF4jH71y8yj7puWKYIKPffSSAAKtO71HVOncUkvaj1uYAQszp1TPn qWA5pOKU+FXj7xxGVDZszVZPnRBAK0161+mvReEVY0w3Sdnnr8IgOlYz+hEFj/8y 0L8FL0FexnPT6G+Qbh72XplIg7l8ZJba5tYVcisp4blLOQyYxJ8rrSqvwGFibnzh iAWr23mn0ieHN4pP6GwEnjHwxdkexchwgqNXxNHFr1fmjcsvSC8LY1QYhgh5k4fl y2vFg7Tc =1vdX -----END PGP SIGNATURE-----