-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 29 Jul 2016 16:32:58 +0200 Source: qemu Binary: qemu qemu-keymaps qemu-system qemu-user qemu-user-static qemu-utils Architecture: source all amd64 Version: 1.1.2+dfsg-6+deb7u14 Distribution: wheezy-security Urgency: medium Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org> Changed-By: Guido Günther <agx@sigxcpu.org> Description: qemu - fast processor emulator qemu-keymaps - QEMU keyboard maps qemu-system - QEMU full system emulation binaries qemu-user - QEMU user mode emulation binaries qemu-user-static - QEMU user mode emulation binaries (static version) qemu-utils - QEMU utilities Closes: 832767 Changes: qemu (1.1.2+dfsg-6+deb7u14) wheezy-security; urgency=medium . * Non-maintainer upload by the LTS team. * CVE-2016-5403: virtio: error out if guest exceeds virtqueue size (Closes: #832767) * CVE-2016-4439, CVE-2016-6351, CVE-2016-6351: several issue in the 53C9X Fast SCSI Controller * CVE-2016-4020: The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR). * CVE-2016-2857: The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet. * CVE-2015-5239: Integer overflow in vnc_client_read() and protocol_client_msg() Checksums-Sha1: e95d512d482451ba4ca0d3c4872ddbacaf7bc24c 3456 qemu_1.1.2+dfsg-6+deb7u14.dsc fa2dbfb8f0773468b27a1fb237f06ab489a31745 109052 qemu_1.1.2+dfsg-6+deb7u14.debian.tar.xz e96ec3d4fd99f78f26adb570dbb8132581a0fa26 52348 qemu-keymaps_1.1.2+dfsg-6+deb7u14_all.deb 0966f05a262c04125550c302d5068102991299f2 120176 qemu_1.1.2+dfsg-6+deb7u14_amd64.deb 4ac5e35e40ab745490688ed48508875b5cbbb8d9 27914842 qemu-system_1.1.2+dfsg-6+deb7u14_amd64.deb 57d1e7b8e21e3bc34b87a0a1b0cd311faa7bbe0f 7720588 qemu-user_1.1.2+dfsg-6+deb7u14_amd64.deb f0c1797762a772ebcf437d3ad6b8a93b4db4c48c 16577688 qemu-user-static_1.1.2+dfsg-6+deb7u14_amd64.deb f629ff87c9be7ce289b6ddf0a79a4ac5a6f64ad3 665696 qemu-utils_1.1.2+dfsg-6+deb7u14_amd64.deb Checksums-Sha256: 85605824777dbe43bac8e564307994745db5ea735a11de95e525e81da75e33b3 3456 qemu_1.1.2+dfsg-6+deb7u14.dsc c616a0062f958820879a3fe4bcf42dbf899b8d9075acd510bd1ca2d9523b820d 109052 qemu_1.1.2+dfsg-6+deb7u14.debian.tar.xz 7c9d897e43fba079241c4d28ba97c223197cb28561edbf94e1107ece1c951b85 52348 qemu-keymaps_1.1.2+dfsg-6+deb7u14_all.deb 2767bf6b16f48a40e0803a2b7da6ddd1c707be5beb125df03a982e4b5880c931 120176 qemu_1.1.2+dfsg-6+deb7u14_amd64.deb 8030d7049ab07e686bab18d77153c8f069a90f6eab09cfa9fa3fb91fd8cacc0c 27914842 qemu-system_1.1.2+dfsg-6+deb7u14_amd64.deb dfeb44a8fabfdc10cef17aed255c910b3b6c07e1f841d8521e34525e7d08a876 7720588 qemu-user_1.1.2+dfsg-6+deb7u14_amd64.deb 72a06f491c9517c55fbfd156293afd72e24b64c8fc1b4e92d24ba897c7889df2 16577688 qemu-user-static_1.1.2+dfsg-6+deb7u14_amd64.deb 37a0bf1b4e473339d05371e75a5b1f25f65d6b0e2c93a605c7601e2fd6172b79 665696 qemu-utils_1.1.2+dfsg-6+deb7u14_amd64.deb Files: 403a34c022b0bd1987db68fe2e575a08 3456 misc optional qemu_1.1.2+dfsg-6+deb7u14.dsc f5b41d82b7227486905a13c6c260ac4d 109052 misc optional qemu_1.1.2+dfsg-6+deb7u14.debian.tar.xz 60e5d42424ffeaeb1969ea4246ea7edd 52348 misc optional qemu-keymaps_1.1.2+dfsg-6+deb7u14_all.deb cad39f0f9cdb7e36b93b5a97c7d472b2 120176 misc optional qemu_1.1.2+dfsg-6+deb7u14_amd64.deb e71664060f9258a957fb9c2c7b169c82 27914842 misc optional qemu-system_1.1.2+dfsg-6+deb7u14_amd64.deb fab1ddc4c159981f58f3112373910275 7720588 misc optional qemu-user_1.1.2+dfsg-6+deb7u14_amd64.deb 0f788a72ec154a8d5800e385f16bd21a 16577688 misc optional qemu-user-static_1.1.2+dfsg-6+deb7u14_amd64.deb 2e8a31c869f0dd9002d4f0e4bf879d64 665696 misc optional qemu-utils_1.1.2+dfsg-6+deb7u14_amd64.deb -----BEGIN PGP SIGNATURE----- iQIcBAEBCAAGBQJXm5yWAAoJEAe4t7DqmBILbl0QALF7hReRpxgkm/WYAVr1sfQg I6cNeqlaN+nHtoSkAvMcTUkqYMFhu/ko/N6J36RGIEVvjaUE5wKEIZVS9JZ2f+Gn irrkUisJ09NIgBRGWpzSqPjT9g2GIk41oJJv7RTjuJ9bq7BiM5QOd6hLoxk1pCi0 NNHJ++nuiTZdTYpNwGCVyTn5e6iRNdrPPpJsoTK38sNoW7qCBL1C8v8jovn2gYHj ppRtSyVcFS9QTNmKNey6arqCY26fOWPDm7iVOExD8Jgv9t2rbzKoHWZl/UjbrZ55 +b4B0lMtoscT0aLod59Gi7PAbUmMNkOjvDsIYRa2W8C9uBIDqcNjuwbGkv1nViBJ MH9plAIA+fLICw3nbdk0UYP1G2kBZnhVktVf1CxNZXVty1rLrqNHJk1IHpOEE51Q VNQ9EUrJc+CPXWh3+zH4Col3ncXEPhRZYKOkNqNRRa+4w/y6OV0BM+ZDqD85EM2v goT4vVW8QRMo/BeevRe4H7gY4ogl8Nvete5AObpl86F4lgask0Ua95nn5vmsKcqk aj5jHW+sKouEUhNXh9oR6zh1qgEyM48HsEPhuKR89n9uroz1Vb6F7Cwstpxu2pUf pc6+F5NoQW9PXbySVIuVV7TrnKnuGf2RLNXiXsYrpc8gdk/YVtQkB68bx8I9/8bz 2o2orxPLv0wGqwWagw9M =ShcH -----END PGP SIGNATURE-----