-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Thu, 24 May 2007 19:04:58 +0200 Source: qemu Binary: qemu Architecture: source i386 Version: 0.8.2-5lenny1 Distribution: testing-security Urgency: high Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org> Changed-By: Stefan Fritsch <sf@debian.org> Description: qemu - fast processor emulator Changes: qemu (0.8.2-5lenny1) testing-security; urgency=high . [ Stefan Fritsch ] * Non-maintainer upload by the security team * Port security fixes from 0.8.2-4etch1 to testing . [ Guillem Jover ] * Fix several security issues found by Tavis Ormandy <taviso@google.com>: - Cirrus LGD-54XX "bitblt" Heap Overflow. CVE-2007-1320 - NE2000 "mtu" heap overflow. - QEMU "net socket" heap overflow. - QEMU NE2000 "receive" integer signedness error. CVE-2007-1321 - Infinite loop in the emulated SB16 device. - Unprivileged "aam" instruction does not correctly handle the undocumented divisor operand. CVE-2007-1322 - Unprivileged "icebp" instruction will halt emulation. CVE-2007-1322 - debian/patches/90_security.patch: New file. Files: ffc8b26899ef74e09dff887e979f19e8 1124 misc optional qemu_0.8.2-5lenny1.dsc 40da8bf4469d8e02431293b51a5db1fe 66146 misc optional qemu_0.8.2-5lenny1.diff.gz 38833607a2c2b3c5c6a17ad6251f8ba2 3677960 misc optional qemu_0.8.2-5lenny1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGVdQIbxelr8HyTqQRAqCpAJ9WnOSH5BaZhXxQas8hw5JFng+01wCghZzD WJIQ4Q1WTf6OjUBZDQrRRtk= =6/4F -----END PGP SIGNATURE----- Accepted: qemu_0.8.2-5lenny1.diff.gz to pool/main/q/qemu/qemu_0.8.2-5lenny1.diff.gz qemu_0.8.2-5lenny1.dsc to pool/main/q/qemu/qemu_0.8.2-5lenny1.dsc qemu_0.8.2-5lenny1_i386.deb to pool/main/q/qemu/qemu_0.8.2-5lenny1_i386.deb