-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 02 Aug 2017 16:57:34 +0300 Source: qemu Binary: qemu qemu-system qemu-block-extra qemu-system-common qemu-system-misc qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc qemu-system-x86 qemu-user qemu-user-static qemu-user-binfmt qemu-utils qemu-guest-agent qemu-kvm Architecture: source Version: 1:2.8+dfsg-6+deb9u2 Distribution: stretch-security Urgency: high Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org> Changed-By: Michael Tokarev <mjt@tls.msk.ru> Description: qemu - fast processor emulator qemu-block-extra - extra block backend modules for qemu-system and qemu-utils qemu-guest-agent - Guest-side qemu-system agent qemu-kvm - QEMU Full virtualization on x86 hardware qemu-system - QEMU full system emulation binaries qemu-system-arm - QEMU full system emulation binaries (arm) qemu-system-common - QEMU full system emulation binaries (common files) qemu-system-mips - QEMU full system emulation binaries (mips) qemu-system-misc - QEMU full system emulation binaries (miscellaneous) qemu-system-ppc - QEMU full system emulation binaries (ppc) qemu-system-sparc - QEMU full system emulation binaries (sparc) qemu-system-x86 - QEMU full system emulation binaries (x86) qemu-user - QEMU user mode emulation binaries qemu-user-binfmt - QEMU user mode binfmt registration for qemu-user qemu-user-static - QEMU user mode emulation binaries (static version) qemu-utils - QEMU utilities Closes: 865755 867751 869171 869173 869945 Changes: qemu (1:2.8+dfsg-6+deb9u2) stretch-security; urgency=high . * actually apply the nbd server patches, not only include in debian/patches/ Really closes: #865755, CVE-2017-9524 * slirp-check-len-against-dhcp-options-array-end-CVE-2017-11434.patch Closes: #869171, CVE-2017-11434 * exec-use-qemu_ram_ptr_length-to-access-guest-ram-CVE-2017-11334.patch Closes: #869173, CVE-2017-11334 * usb-redir-fix-stack-overflow-in-usbredir_log_data-CVE-2017-10806.patch Closes: #867751, CVE-2017-10806 * add reference to #869706 to xen-disk-don-t-leak-stack-data-via-response-ring-CVE-2017-10911.patch * disable xhci recursive calls fix for now, as it causes instant crash (xhci-guard-xhci_kick_epctx-against-recursive-calls-CVE-2017-9375.patch) Reopens: #864219, CVE-2017-9375 Closes: #869945 Checksums-Sha1: 1a2314a55308cbd977d6255a00d886c424155c51 5579 qemu_2.8+dfsg-6+deb9u2.dsc e237d980c29f2e0bbd9bdfd81d2c2ecfa8bc84c7 125676 qemu_2.8+dfsg-6+deb9u2.debian.tar.xz 2552189938eb0e241d8f006b3dd5947b7e047272 10780 qemu_2.8+dfsg-6+deb9u2_source.buildinfo Checksums-Sha256: e831a68fee079d0e731dcc259b77067b04e6f0ad13903d4fc7eebdb86b5e27f7 5579 qemu_2.8+dfsg-6+deb9u2.dsc 62e98ed5db40ba75d10cf589fedbf1f47b0d6e27e5457808a03a48a124e579de 125676 qemu_2.8+dfsg-6+deb9u2.debian.tar.xz 3f9cf6d7be6fe32b6bbf5d641b9c871d23a104b1bb5e55d256c1f63312d8f6b6 10780 qemu_2.8+dfsg-6+deb9u2_source.buildinfo Files: 205e0d50a023ddf4a5505991681861c3 5579 otherosfs optional qemu_2.8+dfsg-6+deb9u2.dsc 48289e903387296142e73f37525a02be 125676 otherosfs optional qemu_2.8+dfsg-6+deb9u2.debian.tar.xz 76891081c5865b92a5912d58f0fcb6ea 10780 otherosfs optional qemu_2.8+dfsg-6+deb9u2_source.buildinfo -----BEGIN PGP SIGNATURE----- iQFDBAEBCAAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAlmB4U4PHG1qdEB0bHMu bXNrLnJ1AAoJEHAbT2saaT5ZDf0H/0zW8YtkXgYy+V9emiib1j2J91IHF+YtYrwz Ix89CbkNkCjl7sd1YMiSEb1R2iTR2A4LXE3B6UUmNJ/LWCIVFzJXQz1SzPzqCOeh vz5lAIPhsuYhzw6/jOMiNQLn7iS8TNkyBdWqTeaiLYevDePTyvnPLTnhjXrswINK flCWIfi6esjnk9Rzn87BwVm7k/DclVJt3A+JlrGAkq7vnHCPUnjcUkAGdhl0LMop T/SgJ+Kj0IefuLRvSEQOd287cT+INEK1mQf0uuOLoxy4gTQNkKNAWhb6fUwes/z8 YNWkxwWwVQ5ypfitM24+Lq3s+BNiNXdpktO2xDtfghi0OthoAnM= =nmt+ -----END PGP SIGNATURE-----