-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Wed, 16 May 2007 08:08:31 +0300 Source: qemu Binary: qemu Architecture: source i386 Version: 0.9.0-2 Distribution: unstable Urgency: high Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org> Changed-By: Guillem Jover <guillem@debian.org> Description: qemu - fast processor emulator Closes: 411780 411910 412212 414799 414809 419170 424070 Changes: qemu (0.9.0-2) unstable; urgency=high . [ Guillem Jover ] * Fix several security issues. (Closes: #424070) Thanks to Tavis Ormandy <taviso@google.com>. - Cirrus LGD-54XX "bitblt" heap overflow. CVE-2007-1320 - NE2000 "mtu" heap overflow. - QEMU "net socket" heap overflow. - QEMU NE2000 "receive" integer signedness error. CVE-2007-1321 - Infinite loop in the emulated SB16 device. - Unprivileged "aam" instruction does not correctly handle the undocumented divisor operand. CVE-2007-1322 - Unprivileged "icebp" instruction will halt emulation. CVE-2007-1322 - debian/patches/90_security.patch: New file. * Enable adlib audio emulation. (Closes: #419170) * Fix structure padding for target_eabi_flock64 when built for a 64 bit architecture. (Closes: #414799) Thanks to Stuart Anderson <anderson@netsweng.com>. - debian/patches/44_arm_eabi_built_on_64bit_arches.patch: New file. * Fix qemu to be able to use LinuxBios. (Closes: #412212) Thanks to Ed Swierk <eswierk@cs.stanford.edu>. - debian/patches/50_linuxbios_isa_bios_ram.patch: New file. - 51_linuxbios_piix_ram_size.patch: Likewise. * Fix segfault when booting a Linux kernel w/o a disk image, by not exiting but clarifying the message, as to use '/dev/null'. (Closes: #411780) Thanks to Robert Millan <rmh@aybabtu.com>. - debian/patches/05_non-fatal_if_linux_hd_missing.patch: Updated. * Fix segfault by using addrlen instead of target_addrlen in do_getpeername()/do_getsockname(). (Closes: #411910) Thanks to Stuart Anderson <anderson@netsweng.com>. - debian/patches/35_syscall_sockaddr.patch: Updated. * Fix semctl() for 32 bit targets on 64 bit hosts. (Closes: #414809) Thanks to Stuart Anderson <anderson@netsweng.com>. - debian/patches/38_syscall_semctl.patch: New file. * Remove Elrond from Uploaders with consent, always welcome to join back anytime. Files: b0efbea7fcd880e1719e0f256de99883 1105 misc optional qemu_0.9.0-2.dsc bd9bb50493fc6f49fbb17fa438e43e21 63449 misc optional qemu_0.9.0-2.diff.gz 4e1ccf6726037f96b0e92a8064439249 4246062 misc optional qemu_0.9.0-2_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGSpViuW9ciZ2SjJsRAk1aAKCYQ5pwUwhV+Aah1qB0uzvJ01JmtgCghG03 gQRP830zze+9YYsgCgX1ylc= =WDt/ -----END PGP SIGNATURE----- Accepted: qemu_0.9.0-2.diff.gz to pool/main/q/qemu/qemu_0.9.0-2.diff.gz qemu_0.9.0-2.dsc to pool/main/q/qemu/qemu_0.9.0-2.dsc qemu_0.9.0-2_i386.deb to pool/main/q/qemu/qemu_0.9.0-2_i386.deb