-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 29 Jul 2016 16:32:58 +0200 Source: qemu-kvm Binary: qemu-kvm qemu-kvm-dbg kvm Architecture: source amd64 Version: 1.1.2+dfsg-6+deb7u14 Distribution: wheezy-security Urgency: medium Maintainer: Michael Tokarev <mjt@tls.msk.ru> Changed-By: Guido Günther <agx@sigxcpu.org> Description: kvm - dummy transitional package from kvm to qemu-kvm qemu-kvm - Full virtualization on x86 hardware qemu-kvm-dbg - Debugging info for qemu-kvm Closes: 832767 Changes: qemu-kvm (1.1.2+dfsg-6+deb7u14) wheezy-security; urgency=medium . * Non-maintainer upload by the LTS team. * CVE-2016-5403: virtio: error out if guest exceeds virtqueue size (Closes: #832767) * CVE-2016-4439, CVE-2016-6351, CVE-2016-6351: several issue in the 53C9X Fast SCSI Controller * CVE-2016-4020: The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR). * CVE-2016-2857: The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet. * CVE-2015-5239: Integer overflow in vnc_client_read() and protocol_client_msg() Checksums-Sha1: 55b5958cb052410320b76c49f23c94efcc202b38 2471 qemu-kvm_1.1.2+dfsg-6+deb7u14.dsc 345ad82cfe41c4b584ba36e45918cbaeef6f3c64 128457 qemu-kvm_1.1.2+dfsg-6+deb7u14.debian.tar.gz 4b158fc59b8b4d85775bb96f10dee1ea52670ec8 1682278 qemu-kvm_1.1.2+dfsg-6+deb7u14_amd64.deb 2927e1fa1b5ea80452efb73d121b90ba677cd15d 5277662 qemu-kvm-dbg_1.1.2+dfsg-6+deb7u14_amd64.deb 97534db21940cd4fafee2d435a1476f2ce591c10 25672 kvm_1.1.2+dfsg-6+deb7u14_amd64.deb Checksums-Sha256: 89d567c61df07c96fca17da857b7ca9a9dfd36eea3212eda253e4c12585473fa 2471 qemu-kvm_1.1.2+dfsg-6+deb7u14.dsc 141ce80a6d54ff7e953ed21e96f5ff16bbdbabc2df963f356109518ffde1b0c0 128457 qemu-kvm_1.1.2+dfsg-6+deb7u14.debian.tar.gz 57385cb443185ac77f30c03bbde0fa61653f02c70bf4a7f948a907ac9e9de705 1682278 qemu-kvm_1.1.2+dfsg-6+deb7u14_amd64.deb f82507c84dd249fbe37b74747ca053fa8c2e11401b6d445d63b308e13dbac60b 5277662 qemu-kvm-dbg_1.1.2+dfsg-6+deb7u14_amd64.deb 89995f0a705bfad97faa3ae84e6f6ae27c1116dfb0fa965182ac489cdaf72eeb 25672 kvm_1.1.2+dfsg-6+deb7u14_amd64.deb Files: 0a1505ffa5ac686918c1872c6619d44c 2471 misc optional qemu-kvm_1.1.2+dfsg-6+deb7u14.dsc 54d90987d263bdad22934387dd2a3531 128457 misc optional qemu-kvm_1.1.2+dfsg-6+deb7u14.debian.tar.gz 12ebd25d808efcc780f857aa887cee3b 1682278 misc optional qemu-kvm_1.1.2+dfsg-6+deb7u14_amd64.deb 84f0ec9e483810a5936040302046ecb3 5277662 debug extra qemu-kvm-dbg_1.1.2+dfsg-6+deb7u14_amd64.deb 510b68dcccf03cb26ffd0861b0c2a604 25672 oldlibs extra kvm_1.1.2+dfsg-6+deb7u14_amd64.deb -----BEGIN PGP SIGNATURE----- iQIcBAEBCAAGBQJXm3pAAAoJEAe4t7DqmBILM6QQAMkucpe+5bKht1PqGOj1KH6u rkPz2iXlBC8cuXqU7iWR8FibMhlybyt/kJ4Gm7s+wM7Ydg61kI1oyqnwCX41B5aU 7v3LN4brS0Znfozc5Na+ws1SVXDrocwk0hMRiktCVbvUJDAikyKs8qI2JAcZik5m I8OhLEBY+stx0f/IvdueAnfkP33+9Lg4W91S/lGcER73DGAjzHazGfDEIUHsQ/Ei OrBa4Ah/EpBd4+NSRf8ffnZi+Rkz4/PkiF3yOIHlYh1dVdWuBASMLDkPoO9AfVC8 ksemxY1UsJW8o50QT7onzu2f8nLvnamQxlPDYNiNFxS/z4OoSGZ41AdUhvTVYgpf AkSOSuwbuACjV9ezGcb8/CqdFLSGx6jYtAi2xnva5WJ+TzqDtJWb2cPbw4xKsgkl eq+HmzYNztYP4qunZ50XIL+y8NVjW9FCxRXnfJCDnBN6ve+Z/zJ8+9c8yk067msA CzfLgCHPHw0RCODq4kOsIU8AubuMFtmbMUeLtQIVT+gmrgXEWAy6jvVzinYzrAm5 lL7KeL5pUeuvXr0YlWrFpMM0hB9cmLpXeQ13lKFSOSoJw5RP8CFdnFB0lAMdJFbT koqKVWwMJelr0tKkBbeqcabhaIVSuG+hCfhfHMBD1wcjohrhAOcwR6z5CAdrPw9Q lzAgPx+G+/MXc0bnH64R =VUYa -----END PGP SIGNATURE-----