Debian Package Tracker

general

source: qemu (main)
version: 1:5.0-6
maintainer: Debian QEMU Team (archive) (DMD)
uploaders: Riku Voipio [DMD] – Michael Tokarev [DMD]
arch: all any
std-ver: 3.9.8
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1:2.1+dfsg-12+deb8u6
o-o-sec: 1:2.1+dfsg-12+deb8u15
oldstable: 1:2.8+dfsg-6+deb9u8
old-sec: 1:2.8+dfsg-6+deb9u9
old-p-u: 1:2.8+dfsg-6+deb9u9
stable: 1:3.1+dfsg-8+deb10u5
stable-sec: 1:3.1+dfsg-8+deb10u5
testing: 1:5.0-5
unstable: 1:5.0-6

versioned links

1:2.1+dfsg-12+deb8u6: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:2.1+dfsg-12+deb8u15: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:2.8+dfsg-6+deb9u8: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:2.8+dfsg-6+deb9u9: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:3.1+dfsg-8+deb10u5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:5.0-5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:5.0-6: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

qemu (37 bugs: 0, 13, 24, 0)
qemu-block-extra
qemu-guest-agent (1 bugs: 0, 1, 0, 0)
qemu-kvm (31 bugs: 0, 6, 25, 0)
qemu-system (8 bugs: 0, 2, 6, 0)
qemu-system-arm (2 bugs: 0, 1, 1, 0)
qemu-system-common (5 bugs: 0, 0, 5, 0)
qemu-system-data (4 bugs: 0, 4, 0, 0)
qemu-system-gui (4 bugs: 0, 3, 1, 0)
qemu-system-mips
qemu-system-misc
qemu-system-ppc (2 bugs: 0, 2, 0, 0)
qemu-system-sparc
qemu-system-x86 (22 bugs: 0, 18, 4, 0)
qemu-user (2 bugs: 0, 2, 0, 0)
qemu-user-binfmt (1 bugs: 0, 1, 0, 0)
qemu-user-static (22 bugs: 0, 19, 3, 0)
qemu-utils (4 bugs: 0, 2, 2, 0)

action needed

12 security issues in buster high

There are 12 open security issues in buster.

4 important issues:

CVE-2020-13754: hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access via a crafted address in an msi-x mmio operation.
CVE-2020-13362: In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS user.
CVE-2020-13765: rom_copy() in hw/core/loader.c in QEMU 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation.
CVE-2020-13361: In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation.

8 issues skipped by the security teams:

CVE-2020-10756:
CVE-2020-15469: In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference.
CVE-2020-8608: In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.
CVE-2019-12067:
CVE-2020-13659: address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer.
CVE-2020-13253: sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations. A guest OS user can crash the QEMU process.
CVE-2020-12829:
CVE-2019-8934: hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest.

Please fix them.

Created: 2019-01-22 Last update: 2020-07-04 06:04

11 security issues in bullseye high

There are 11 open security issues in bullseye.

11 important issues:

CVE-2020-13754: hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access via a crafted address in an msi-x mmio operation.
CVE-2020-15469: In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference.
CVE-2019-12067:
CVE-2020-13800: ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mm_index value during an ati_mm_read or ati_mm_write call.
CVE-2020-13659: address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer.
CVE-2020-13253: sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations. A guest OS user can crash the QEMU process.
CVE-2020-13362: In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS user.
CVE-2020-12829:
CVE-2020-10761: An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1. This flaw occurs when an nbd-client sends a spec-compliant request that is near the boundary of maximum permitted request length. A remote nbd-client could use this flaw to crash the qemu-nbd server resulting in a denial of service.
CVE-2020-13361: In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation.
CVE-2020-13791: hw/pci/pci.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access by providing an address near the end of the PCI configuration space.

Please fix them.

Created: 2019-07-07 Last update: 2020-07-04 06:04

3 security issues in sid high

There are 3 open security issues in sid.

3 important issues:

CVE-2020-15469: In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference.
CVE-2019-12067:
CVE-2020-12829:

Please fix them.

Created: 2019-02-18 Last update: 2020-07-04 06:04

17 security issues in jessie high

There are 17 open security issues in jessie.

6 important issues:

CVE-2020-13754: hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access via a crafted address in an msi-x mmio operation.
CVE-2020-10756:
CVE-2020-15469: In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference.
CVE-2020-13659: address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer.
CVE-2020-13253: sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations. A guest OS user can crash the QEMU process.
CVE-2020-12829:

11 issues skipped by the security teams:

CVE-2019-20382: QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEnd.
CVE-2018-15746: qemu-seccomp.c in QEMU might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread.
CVE-2017-15124: VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host.
CVE-2017-11334: The address_space_write_continue function in exec.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area.
CVE-2016-9923: Quick Emulator (Qemu) built with the 'chardev' backend support is vulnerable to a use after free issue. It could occur while hotplug and unplugging the device in the guest. A guest user/process could use this flaw to crash a Qemu process on the host resulting in DoS.
CVE-2019-12067:
CVE-2015-8817: QEMU (aka Quick Emulator) built to use 'address_space_translate' to map an address to a MemoryRegionSection is vulnerable to an OOB r/w access issue. It could occur while doing pci_dma_read/write calls. Affects QEMU versions >= 1.6.0 and <= 2.3.1. A privileged user inside guest could use this flaw to crash the guest instance resulting in DoS.
CVE-2017-13672: QEMU (aka Quick Emulator), when built with the VGA display emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update.
CVE-2018-19665: The Bluetooth subsystem in QEMU mishandles negative values for length variables, leading to memory corruption.
CVE-2018-18438: Qemu has integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value.
CVE-2019-8934: hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest.

Please fix them.

Created: 2015-09-05 Last update: 2020-07-04 06:04

21 security issues in stretch high

There are 21 open security issues in stretch.

5 important issues:

CVE-2020-13754: hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access via a crafted address in an msi-x mmio operation.
CVE-2020-1983: A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service.
CVE-2020-13362: In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS user.
CVE-2020-13765: rom_copy() in hw/core/loader.c in QEMU 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation.
CVE-2020-13361: In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation.

16 issues skipped by the security teams:

CVE-2019-20382: QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEnd.
CVE-2020-1711: An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote user could use this flaw to crash the QEMU process, resulting in a denial of service or potential execution of arbitrary code with privileges of the QEMU process on the host.
CVE-2020-10756:
CVE-2020-15469: In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference.
CVE-2018-15746: qemu-seccomp.c in QEMU might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread.
CVE-2020-8608: In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.
CVE-2019-5008: hw/sparc64/sun4u.c in QEMU 3.1.50 is vulnerable to a NULL pointer dereference, which allows the attacker to cause a denial of service via a device driver.
CVE-2017-9503: QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving megasas command processing.
CVE-2019-12067:
CVE-2020-13659: address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer.
CVE-2020-13253: sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations. A guest OS user can crash the QEMU process.
CVE-2018-19665: The Bluetooth subsystem in QEMU mishandles negative values for length variables, leading to memory corruption.
CVE-2020-12829:
CVE-2018-18438: Qemu has integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value.
CVE-2019-8934: hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest.
CVE-2019-12068: In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances 's->dsp' index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.

Please fix them.

Created: 2017-05-31 Last update: 2020-07-04 06:04

Standards version of the package is outdated. high

The package is severely out of date with respect to the Debian Policy. The package should be updated to follow the last version of Debian Policy (Standards-Version 4.5.0 instead of 3.9.8).

Created: 2017-07-21 Last update: 2020-07-04 01:34

10 bugs tagged patch in the BTS normal

The BTS contains patches fixing 10 bugs, consider including or untagging them.

Created: 2020-06-28 Last update: 2020-07-04 18:02

Depends on packages which need a new maintainer normal

The packages that qemu depends on which need a new maintainer are:

spice-protocol (#911429)
- Build-Depends: libspice-protocol-dev
usbredir (#911431)
- Build-Depends: libusbredirparser-dev
- Depends: libusbredirparser1 libusbredirparser1 libusbredirparser1 libusbredirparser1 libusbredirparser1 libusbredirparser1

Created: 2019-11-22 Last update: 2020-07-04 17:04

Fails to build during reproducibility testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2020-05-14 Last update: 2020-07-04 15:35

2 new commits since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit eec490e8d4c893e681003b8dc2751b9fbf67ae9b
Author: Michael Tokarev <mjt@tls.msk.ru>
Date:   Fri Jul 3 20:48:52 2020 +0300

    Revert "d/rules: report config log from the correct subdir - microvm build"
    
    we used 'cd' to the right subdir already

commit 9850695d6ab42eb57289ed983aa5cfbb60656b59
Author: Michael Tokarev <mjt@tls.msk.ru>
Date:   Fri Jul 3 20:47:39 2020 +0300

    Revert "d/rules: report config log from the correct subdir - base build"
    
    we used 'cd' to the right subdir already

Created: 2020-05-02 Last update: 2020-07-04 13:38

Multiarch hinter reports 2 issue(s) low

There are issues with the multiarch metadata for this package.

qemu could be converted to Architecture: all and marked Multi-Arch: foreign
qemu-system could be converted to Architecture: all and marked Multi-Arch: foreign

Created: 2020-05-14 Last update: 2020-07-04 16:35

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2020-07-04 Last update: 2020-07-04 08:01

testing migrations

This package will soon be part of the auto-nettle transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
This package will soon be part of the auto-capstone transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
excuses:
- Migrates after: glib2.0
- Migration status for qemu (1:5.0-5 to 1:5.0-6): BLOCKED: Rejected/violates migration policy/introduces a regression
- Issues preventing migration:
- autopkgtest for systemd/245.6-1: amd64: Pass, arm64: Regression ♻ (reference ♻)
- Too young, only 0 of 5 days old
- Built-Using: qemu glib2.0
- Additional info:
- Piuparts tested OK - https://piuparts.debian.org/sid/source/q/qemu.html
- Not considered

news

[rss feed]

[2020-07-03] Accepted qemu 1:5.0-6 (source) into unstable (Michael Tokarev)
[2020-06-29] Accepted qemu 1:2.1+dfsg-12+deb8u15 (source amd64) into oldoldstable (Adrian Bunk)
[2020-05-18] qemu 1:5.0-5 MIGRATED to testing (Debian testing watch)
[2020-05-13] Accepted qemu 1:5.0-5 (source) into unstable (Michael Tokarev)
[2020-05-12] qemu 1:5.0-4 MIGRATED to testing (Debian testing watch)
[2020-05-01] Accepted qemu 1:5.0-4 (source) into unstable (Michael Tokarev)
[2020-04-30] Accepted qemu 1:5.0-3 (source) into unstable (Michael Tokarev)
[2020-04-29] Accepted qemu 1:5.0-2 (source) into unstable (Michael Tokarev)
[2020-04-29] Accepted qemu 1:5.0-1 (source) into unstable (Michael Tokarev)
[2020-04-28] Accepted qemu 1:3.1+dfsg-8+deb10u5 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Michael Tokarev)
[2020-04-27] Accepted qemu 1:3.1+dfsg-8+deb10u5 (source) into stable->embargoed, stable (Debian FTP Masters) (signed by: Michael Tokarev)
[2020-04-26] qemu 1:4.2-7 MIGRATED to testing (Debian testing watch)
[2020-04-20] Accepted qemu 1:4.2-7 (source) into unstable (Michael Tokarev)
[2020-04-20] qemu 1:4.2-6 MIGRATED to testing (Debian testing watch)
[2020-04-14] Accepted qemu 1:4.2-6 (source) into unstable (Michael Tokarev)
[2020-04-14] Accepted qemu 1:4.2-5 (source) into unstable (Michael Tokarev)
[2020-04-14] Accepted qemu 1:4.2-4 (source) into unstable (Michael Tokarev)
[2020-03-16] Accepted qemu 1:2.1+dfsg-12+deb8u14 (source amd64) into oldoldstable (Emilio Pozuelo Monfort)
[2020-02-08] Accepted qemu 1:2.8+dfsg-6+deb9u9 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Michael Tokarev)
[2020-02-08] Accepted qemu 1:3.1+dfsg-8+deb10u4 (source) into proposed-updates->stable-new, proposed-updates (Michael Tokarev)
[2020-02-07] qemu 1:4.2-3 MIGRATED to testing (Debian testing watch)
[2020-02-02] Accepted qemu 1:3.1+dfsg-8+deb10u4 (source) into stable->embargoed, stable (Michael Tokarev)
[2020-02-02] Accepted qemu 1:2.8+dfsg-6+deb9u9 (source) into oldstable->embargoed, oldstable (Michael Tokarev)
[2020-02-01] Accepted qemu 1:4.2-3 (source) into unstable (Michael Tokarev)
[2020-02-01] Accepted qemu 1:4.2-2 (source) into unstable (Michael Tokarev)
[2020-01-31] Accepted qemu 1:2.1+dfsg-12+deb8u13 (source amd64) into oldoldstable (Utkarsh Gupta)
[2020-01-05] qemu 1:4.2-1 MIGRATED to testing (Debian testing watch)
[2019-12-14] Accepted qemu 1:4.2-1 (source) into unstable (Michael Tokarev)
[2019-12-07] qemu 1:4.1-3 MIGRATED to testing (Debian testing watch)
[2019-12-02] Accepted qemu 1:4.1-3 (source) into unstable (Michael Tokarev)

bugs [bug history graph]

all: 148 160
RC: 0
I&N: 80 83
M&W: 68 77
F&P: 0
patch: 10

links

homepage
buildd: logs, checks, clang, reproducibility, cross
popcon
browse source code
edit tags
security tracker
screenshots
l10n (-, 85)

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1:4.2-3ubuntu9
63 bugs (2 patches)