-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 30 Sep 2021 21:08:51 +0300 Source: libslirp Architecture: source Version: 4.4.0-1+deb11u1 Distribution: bullseye Urgency: medium Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org> Changed-By: Michael Tokarev <mjt@tls.msk.ru> Closes: 989993 989994 989995 989996 Changes: libslirp (4.4.0-1+deb11u1) bullseye; urgency=medium . * import a few patches from upstream to fix 4 security issues: - add-mtod_check.patch (preparational) - bootp-limit-vendor-area-to-input-packet-CVE-2021-3592.patch, bootp-check-bootp_input-buffer-size-CVE-2021-3592.patch Closes: #989993, CVE-2021-3592: invalid pointer init in bootp_init() - tftp-check-tftp_input-buffer-size-CVE-2021-3595.patch, tftp-introduce-a-header-structure-CVE-2021-3595.patch Closes: #989996, CVE-2021-3595: invalid pointer init in tftp_input() - udp-check-upd_input-buffer-size-CVE-2021-3594.patch Closes: #989995, CVE-2021-3594: invalid pointer init in udp_input() - upd6-check-udp6_input-buffer-size-CVE-2021-3593.patch Closes: #989994, CVE-2021-3593: invalid pointer init in udp6_input() Checksums-Sha1: 85d70f8a76cf1cd76f26120e5bc2395fe36b278b 1721 libslirp_4.4.0-1+deb11u1.dsc 6f6585a6a2d28b5ba71a597dd5b524d03c4fb69e 8428 libslirp_4.4.0-1+deb11u1.debian.tar.xz 95f423f3ec14a779b4e778aecdcf9eed9fcd3e3b 6982 libslirp_4.4.0-1+deb11u1_source.buildinfo Checksums-Sha256: 0c230ef42fb1e861caf601be0aa576f25e5308da669f25aea3265f7c152edb35 1721 libslirp_4.4.0-1+deb11u1.dsc 714c3f00be2ea9524329d6d7d1411399999493255d779297a4ecd0025b2e5270 8428 libslirp_4.4.0-1+deb11u1.debian.tar.xz e39e65b58be64e6e7b7d238b2f55ebe764286c24c84b5cd1c2e96d96d2462757 6982 libslirp_4.4.0-1+deb11u1_source.buildinfo Files: ec5bf1811b2bdf42e11229c6132725b0 1721 net optional libslirp_4.4.0-1+deb11u1.dsc a119327bf2ae6e739683477899e68b6a 8428 net optional libslirp_4.4.0-1+deb11u1.debian.tar.xz 478769e019ab1a805298549fadc96992 6982 net optional libslirp_4.4.0-1+deb11u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQFDBAEBCAAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAmFW1OwPHG1qdEB0bHMu bXNrLnJ1AAoJEHAbT2saaT5ZEdAIAIFVrfF6s0liI4y5O6PjQDQfGz9ycZ2mlkLv lD7hkv7JU6Q7kmLNF6Gk7hoJnkYfhrjOS2uhCikP5OIFQ9Kmm6sz2X9x5wak/mDB LrYM3hmIWdc7XOfwOPJEjaknAshWHTnHdruko+lRGGjb6EW0vLrVhJtrKfGSySP1 Oga5XG8hJd6l1Lp4CtBkxBc+g0c2K6We/EzdoRSlfrli9RbV/URiXt/7fcDKDn6M uDzgbWof1cIIlz4ZDyPd10p4BPD+tmK0vscF1QcVGmR35E96u5+Eqv8mUwOOmHMi QOl18GeFyKzsZS2+diOC47mSfBcbAY9boUHdQBV3n17a1EvdAy0= =EA/9 -----END PGP SIGNATURE-----