-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 01 Oct 2021 19:10:39 +0300 Source: libslirp Architecture: source Version: 4.4.0-1+deb11u2 Distribution: bullseye Urgency: medium Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org> Changed-By: Michael Tokarev <mjt@tls.msk.ru> Closes: 989993 989994 989995 989996 Changes: libslirp (4.4.0-1+deb11u2) bullseye; urgency=medium . * fix-DHCP-broken-in-libslirp-v4.6.0.patch from upstream this fixes previous change in this area (bootp-limit-vendor-area-to-input-packet-CVE-2021-3592.patch). https://gitlab.freedesktop.org/slirp/libslirp/-/issues/48 . libslirp (4.4.0-1+deb11u1) bullseye; urgency=medium . * import a few patches from upstream to fix 4 security issues: - add-mtod_check.patch (preparational) - bootp-limit-vendor-area-to-input-packet-CVE-2021-3592.patch, bootp-check-bootp_input-buffer-size-CVE-2021-3592.patch Closes: #989993, CVE-2021-3592: invalid pointer init in bootp_init() - tftp-check-tftp_input-buffer-size-CVE-2021-3595.patch, tftp-introduce-a-header-structure-CVE-2021-3595.patch Closes: #989996, CVE-2021-3595: invalid pointer init in tftp_input() - udp-check-upd_input-buffer-size-CVE-2021-3594.patch Closes: #989995, CVE-2021-3594: invalid pointer init in udp_input() - upd6-check-udp6_input-buffer-size-CVE-2021-3593.patch Closes: #989994, CVE-2021-3593: invalid pointer init in udp6_input() Checksums-Sha1: c801321aeeb1f979a086e8b9b6abaa52cacb35e9 1721 libslirp_4.4.0-1+deb11u2.dsc 36cdf7a9a4c4af7404a55c040903076bac52f10c 8756 libslirp_4.4.0-1+deb11u2.debian.tar.xz 5924db43445d1c23a85b95e032c1dc78a6ca73e0 6982 libslirp_4.4.0-1+deb11u2_source.buildinfo Checksums-Sha256: 38ecb306fa8bc2ef94029b0de0e2caff41e9f58c4a00eb419ff3fda0745ab8d8 1721 libslirp_4.4.0-1+deb11u2.dsc 533e72fc5454a413acaf06c124f1faa18eb69ec25793d08aa8f7b327f16c8307 8756 libslirp_4.4.0-1+deb11u2.debian.tar.xz 7451836f1bbe0d5356cf8400a8aef977a836292cfad8893ab5887270c5b3c529 6982 libslirp_4.4.0-1+deb11u2_source.buildinfo Files: 8763e05fad0a2f1d644cefe4bf5c2a0d 1721 net optional libslirp_4.4.0-1+deb11u2.dsc 4d494afe5fc68feaefd368b10943159e 8756 net optional libslirp_4.4.0-1+deb11u2.debian.tar.xz f1c5dbe8b7ec0fc4e2e8e1b3dd4e17f0 6982 net optional libslirp_4.4.0-1+deb11u2_source.buildinfo -----BEGIN PGP SIGNATURE----- iQFDBAEBCAAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAmFXNDAPHG1qdEB0bHMu bXNrLnJ1AAoJEHAbT2saaT5ZW68IAJ8OS02+W6115eqA5pQCowgQ+i5ToY0mZIir EPlMv1x6ZwdhyO4XJuuC5akfa3uVscujKoBSFnupWtATTreT8FsERYso8WRaa3VQ tsRLZfyILAPfiX36QUnK1uZF6ks+tk7EveQC/7sQaaEg16zeP+3Of0lyy2yClFGn WrV7iGaAjKZYFu5+aLGpl3+oDj/xOJ7vSEq2X8oMRP2ooIp+8UxIRdmG8NZlKZ7P YoNMNkAe2v/0mu/2+jsCOUrUDGYza6LI7DdZJDydCSWMxJwioDdfF+Tz366ScJwx 6ng9oeLDSoaJ3zklq4gXVNx7w2nwtYzpE6Q96xzUuytWFgj67Jo= =Uj0n -----END PGP SIGNATURE-----