-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Mon, 30 Apr 2007 06:55:27 +0300 Source: qemu Binary: qemu Architecture: source i386 Version: 0.6.1+20050407-1sarge1 Distribution: oldstable-security Urgency: high Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org> Changed-By: Guillem Jover <guillem@debian.org> Description: qemu - fast processor emulator Changes: qemu (0.6.1+20050407-1sarge1) oldstable-security; urgency=high . [ Guillem Jover ] * Fix several security issues found by Tavis Ormandy <taviso@google.com>: - Cirrus LGD-54XX "bitblt" heap overflow. CVE-2007-1320 - NE2000 "mtu" heap overflow. - QEMU NE2000 "receive" integer signedness error. CVE-2007-1321 - Infinite loop in the emulated SB16 device. - Unprivileged 'aam' instruction does not correctly handle the undocumented divisor operand. CVE-2007-1322 - Unprivileged 'icebp' instruction will halt emulation. CVE-2007-1322 - debian/patches/90_security.patch: New file. Files: 0d4d669e862d4249af1fd6d4e62ed21e 860 misc optional qemu_0.6.1+20050407-1sarge1.dsc a4cb70b9b701668c1c37705f9b5baae6 991912 misc optional qemu_0.6.1+20050407.orig.tar.gz 9940e2b1c7e3edce24a941d79cc45f1c 456776 misc optional qemu_0.6.1+20050407-1sarge1.diff.gz b3fd3a2a4c01ccd3a22ffb079c2da48a 1888278 misc optional qemu_0.6.1+20050407-1sarge1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGNXjHuW9ciZ2SjJsRAhKiAKCTKCiU+vo3ZAKmkd6l1D9NXpw+5QCg8VTc eSqhIhapgMIX5MznVtW622Q= =bHM8 -----END PGP SIGNATURE----- Accepted: qemu_0.6.1+20050407-1sarge1.diff.gz to pool/main/q/qemu/qemu_0.6.1+20050407-1sarge1.diff.gz qemu_0.6.1+20050407-1sarge1.dsc to pool/main/q/qemu/qemu_0.6.1+20050407-1sarge1.dsc qemu_0.6.1+20050407-1sarge1_i386.deb to pool/main/q/qemu/qemu_0.6.1+20050407-1sarge1_i386.deb