-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 26 May 2018 13:06:04 +0300 Source: qemu Binary: qemu qemu-system qemu-block-extra qemu-system-common qemu-system-misc qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc qemu-system-x86 qemu-user qemu-user-static qemu-user-binfmt qemu-utils qemu-guest-agent qemu-kvm Architecture: source Version: 1:2.8+dfsg-6+deb9u4 Distribution: stretch-security Urgency: high Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org> Changed-By: Michael Tokarev <mjt@tls.msk.ru> Description: qemu - fast processor emulator qemu-block-extra - extra block backend modules for qemu-system and qemu-utils qemu-guest-agent - Guest-side qemu-system agent qemu-kvm - QEMU Full virtualization on x86 hardware qemu-system - QEMU full system emulation binaries qemu-system-arm - QEMU full system emulation binaries (arm) qemu-system-common - QEMU full system emulation binaries (common files) qemu-system-mips - QEMU full system emulation binaries (mips) qemu-system-misc - QEMU full system emulation binaries (miscellaneous) qemu-system-ppc - QEMU full system emulation binaries (ppc) qemu-system-sparc - QEMU full system emulation binaries (sparc) qemu-system-x86 - QEMU full system emulation binaries (x86) qemu-user - QEMU user mode emulation binaries qemu-user-binfmt - QEMU user mode binfmt registration for qemu-user qemu-user-static - QEMU user mode emulation binaries (static version) qemu-utils - QEMU utilities Closes: 877890 880832 880836 882136 883399 883625 884806 886532 887392 892041 Changes: qemu (1:2.8+dfsg-6+deb9u4) stretch-security; urgency=high . * CVE-2017-5715 (spectre/meltdown) fixes for i386 and s390x: CVE-2017-5715/i386-increase-X86CPUDefinition-model_id-to-49.patch CVE-2017-5715/i386-add-support-for-SPEC_CTRL-MSR.patch CVE-2017-5715/i386-add-spec-ctrl-CPUID-bit.patch CVE-2017-5715/i386-add-FEAT_8000_0008_EBX-CPUID-feature-word.patch CVE-2017-5715/i386-add-new-IBRS-versions-of-Intel-CPU-models.patch CVE-2017-5715/s390x-kvm-introduce-branch-prediction-blocking-contr.patch CVE-2017-5715/s390x-kvm-handle-bpb-feature.patch Closes: #886532, CVE-2017-5715 * multiboot-bss_end_addr-can-be-zero-CVE-2018-7550.patch Closes: #892041, CVE-2018-7550 * vga-check-the-validation-of-memory-addr-when-draw-text-CVE-2018-5683.patch Closes: #887392, CVE-2018-5683 * osdep-fix-ROUND_UP-64-bit-32-bit-CVE-2017-18043.patch Closes: CVE-2017-18043 * virtio-check-VirtQueue-Vring-object-is-set-CVE-2017-17381.patch Closes: #883625, CVE-2017-17381 * ps2-check-PS2Queue-pointers-in-post_load-routine-CVE-2017-16845.patch Closes: #882136, CVE-2017-16845 * cirrus-fix-oob-access-in-mode4and5-write-functions-CVE-2017-15289.patch Closes: #880832, CVE-2017-15289 * io-monitor-encoutput-buffer-size-from-websocket-GSource-CVE-2017-15268.patch Closes: #880836, CVE-2017-15268 * nbd-server-CVE-2017-15119-Reject-options-larger-than-32M.patch Closes: #883399, CVE-2017-15119 * 9pfs-use-g_malloc0-to-allocate-space-for-xattr-CVE-2017-15038.patch Closes: #877890, CVE-2017-15038 * CVE-2017-15124 (VNC server unbounded memory usage) fixes: CVE-2017-15124/01-ui-remove-sync-parameter-from-vnc_update_client.patch CVE-2017-15124/02-ui-remove-unreachable-code-in-vnc_update_client.patch CVE-2017-15124/03-ui-remove-redundant-indentation-in-vnc_client_update.patch CVE-2017-15124/04-ui-avoid-pointless-VNC-updates-if-framebuffer-isn-t-.patch CVE-2017-15124/05-ui-track-how-much-decoded-data-we-consumed-when-doin.patch CVE-2017-15124/06-ui-introduce-enum-to-track-VNC-client-framebuffer-up.patch CVE-2017-15124/07-ui-correctly-reset-framebuffer-update-state-after-pr.patch CVE-2017-15124/08-ui-refactor-code-for-determining-if-an-update-should.patch CVE-2017-15124/09-ui-fix-VNC-client-throttling-when-audio-capture-is-a.patch CVE-2017-15124/10-ui-fix-VNC-client-throttling-when-forced-update-is-r.patch CVE-2017-15124/11-ui-place-a-hard-cap-on-VNC-server-output-buffer-size.patch CVE-2017-15124/12-ui-add-trace-events-related-to-VNC-client-throttling.patch CVE-2017-15124/13-ui-mix-misleading-comments-return-types-of-VNC-I-O-h.patch Closes: #884806, CVE-2017-15124 Checksums-Sha1: 3eaadd4404ea50f67274eb28d97037825a1b2869 5579 qemu_2.8+dfsg-6+deb9u4.dsc ade882b6e42713bd6f4094c8eeb636a918dac5f9 151696 qemu_2.8+dfsg-6+deb9u4.debian.tar.xz 39ef066f758beadcbde371f43e60ffa095ddd247 11987 qemu_2.8+dfsg-6+deb9u4_source.buildinfo Checksums-Sha256: be323ab557fed1ae4f615c4c19e3ae7abe9b94f0281119721e019cbb5123f909 5579 qemu_2.8+dfsg-6+deb9u4.dsc 34b2b6da67ffa71f1e70d6d0f836aa27a840e767d2c3c7bc1734ae2814b52f94 151696 qemu_2.8+dfsg-6+deb9u4.debian.tar.xz 437b71b24b8da96278ffafb8a2a98887827b5e1706ecef207825059b4ba666b1 11987 qemu_2.8+dfsg-6+deb9u4_source.buildinfo Files: 6e3771006299c70b45f37ad8c8c27605 5579 otherosfs optional qemu_2.8+dfsg-6+deb9u4.dsc 9654bc03a47e11d133ae87d1e0fdbe52 151696 otherosfs optional qemu_2.8+dfsg-6+deb9u4.debian.tar.xz 3b009fc18d489fad8c1a1623e669931a 11987 otherosfs optional qemu_2.8+dfsg-6+deb9u4_source.buildinfo -----BEGIN PGP SIGNATURE----- iQFDBAEBCAAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAlsJMcwPHG1qdEB0bHMu bXNrLnJ1AAoJEHAbT2saaT5Z3mUH/A8PPA4y5oHpa5wUQqpGyAWhhPMN+dmJkGnl aygGdg05ggGbRM4wZW6KhlCGHXq6v42M9kufA3wvuQ9Db7UtjjeB6Rf47RgPr8f9 ZX3IZjSWFR0nmYofcxo6a+bzulKcKbOmO/BAj53p7j5R+qT/WyzXgHarHajfGD+B oykXsqrwE6EiWn/yQxU9omKiOU2L56q8fFBjxak4dHMEDWGXDOpdOJ8/aVc0lFu4 6NA5Q62VKBdpk0JaLxxsn/tz/MWH2SiQMBUTV/yB2nx/ZJMzHFOqOFEfrzARzDGa xp7fkkErWSkQiT7kklX3ZucZ44TwBG7bwJ9b/vsaj/7HzWpOIOY= =Veds -----END PGP SIGNATURE-----