Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <>
Subject: Accepted qemu 1:5.2+dfsg-11+deb11u1 (source) into stable-security->embargoed, stable-security
Date: Sun, 03 Oct 2021 18:22:55 +0000
Signed by: Michael Tokarev <mjt@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 29 Sep 2021 13:14:52 +0300
Source: qemu
Architecture: source
Version: 1:5.2+dfsg-11+deb11u1
Distribution: bullseye-security
Urgency: medium
Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>
Changed-By: Michael Tokarev <mjt@tls.msk.ru>
Closes: 988174 989042 991911 992726 992727 993401
Changes:
 qemu (1:5.2+dfsg-11+deb11u1) bullseye-security; urgency=medium
 .
   [ Michael Tokarev ]
   * usbredir-fix-free-call-CVE-2021-3682.patch
     Closes: #991911, CVE-2021-3682: wrong free in usbredir in bufp_alloc()
   * uas-add-stream-number-sanity-checks-CVE-2021-3713.patch
     Closes: #992727, CVE-2021-3713: an OOB write to UASDevice fields
      in UAS device emulation code
   * virtio-net-fix-use-after-unmap-free-for-sg-CVE-2021-3748.patch
     Closes: #993401, CVE-2021-3748: use-after-free in virtio_net_receive_rcu
   * ati_2d-fix-buffer-overflow-in-ati_2d_blt-CVE-2021-3638.patch
     Closes: #992726, CVE-2021-3638:
      inconsistent check in ati_2d_blt() may lead to out-of-bounds write
   * vhost-user-gpu fixes from upstream, 7 patches:
      CVE-2021-3544: multiple memory leaks
      CVE-2021-3545: information disclosure due to uninitialized memory reads
      CVE-2021-3546: out-of-bounds write in virgl_cmd_get_capset()
      Closes: #989042, CVE-2021-3544, CVE-2021-3545, CVE-2021-3546
 .
   [ Cyril Brulebois ]
   * linux-user-elfload-fix-address-calculation-in-fallback.patch
     This fixes problems with some access to an unmounted /proc, as seen
     while building images for the Raspberry Pi devices. With thanks to
     Diederik de Haas for the report and to Bernhard Übelacker for
     pinpointing the upstream fix to backport. (Closes: #988174)
Checksums-Sha1:
 f5368915217bef0116032710a0bf149384e2094a 6636 qemu_5.2+dfsg-11+deb11u1.dsc
 e8eb0f04f1c0926a4e6285e897581080346c3344 19661072 qemu_5.2+dfsg.orig.tar.xz
 ba3b53e4884a1a69e29de81ed162bd27e1a4e980 122260 qemu_5.2+dfsg-11+deb11u1.debian.tar.xz
 4e3b73b7d178e2640871dd52ed16f38a8f933db9 10911 qemu_5.2+dfsg-11+deb11u1_source.buildinfo
Checksums-Sha256:
 6359cc007ca984647e7dad426f254dc6133fcb0020a9839221415b8577544486 6636 qemu_5.2+dfsg-11+deb11u1.dsc
 be5ae7ddc88d68af81c7b2435b95c1cad4e9416c9a1426ee5a6a4b9a9c0bf87e 19661072 qemu_5.2+dfsg.orig.tar.xz
 e93e31688aa45b055a7200af2ebc764988482a0c7470abfbf4e60de5626c37ea 122260 qemu_5.2+dfsg-11+deb11u1.debian.tar.xz
 adf023c84464b444d970983a3c5f40b10f238e0e44e62b2c08b89e01fc6c3ca7 10911 qemu_5.2+dfsg-11+deb11u1_source.buildinfo
Files:
 dca448577f930997f4e8dd373833969f 6636 otherosfs optional qemu_5.2+dfsg-11+deb11u1.dsc
 02abb3409bd2475287bb122ee8b0f99c 19661072 otherosfs optional qemu_5.2+dfsg.orig.tar.xz
 dd853c6aad3f4dc31d2dcdff5cc9ce8a 122260 otherosfs optional qemu_5.2+dfsg-11+deb11u1.debian.tar.xz
 b703f8ea0ecee69aa7f6def4106d22bd 10911 otherosfs optional qemu_5.2+dfsg-11+deb11u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQFDBAEBCAAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAmFWzPMPHG1qdEB0bHMu
bXNrLnJ1AAoJEHAbT2saaT5ZdA8H/3Qeu+GkSS92p7doEXUcmXjrr9Gb5ACOSDdU
ze1hQUU3+ty8fzcZTKLL97Gij2+ktSSugOEfjCv2kCl7hC/YC1ySjxdE5Azj8x5U
h+Mpd7f+dNOCTsqYENa3VNDOAqLXyD4XbZD2K/bWenWr2I3p75Pn7CwfnZorpZMU
TBF+hKpkyCcpDL2bH4/+oxYSequ6RxgjGroRAQ0RdmzqcRMJGAn05yaNaSrte/EN
w4VHnV0qnJ8PKQCEUASDpn58aswdiMOsyTiomG4IDaZvwoaJwYxe0lJL5/d0F68a
a6DAl4gHhi033tWJ+/Ct8VQ+PYPE+6MO01ZaHplD2ywx2HfyA0I=
=N5PN
-----END PGP SIGNATURE-----
News for package qemu
