-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 29 Sep 2021 13:14:52 +0300
Source: qemu
Architecture: source
Version: 1:5.2+dfsg-11+deb11u1
Distribution: bullseye-security
Urgency: medium
Maintainer: Debian QEMU Team <
pkg-qemu-devel@lists.alioth.debian.org> Changed-By: Michael Tokarev <
mjt@tls.msk.ru>
Closes: 988174 989042 991911 992726 992727 993401
Changes:
qemu (1:5.2+dfsg-11+deb11u1) bullseye-security; urgency=medium
.
[ Michael Tokarev ]
* usbredir-fix-free-call-CVE-2021-3682.patch
Closes: #991911, CVE-2021-3682: wrong free in usbredir in bufp_alloc()
* uas-add-stream-number-sanity-checks-CVE-2021-3713.patch
Closes: #992727, CVE-2021-3713: an OOB write to UASDevice fields
in UAS device emulation code
* virtio-net-fix-use-after-unmap-free-for-sg-CVE-2021-3748.patch
Closes: #993401, CVE-2021-3748: use-after-free in virtio_net_receive_rcu
* ati_2d-fix-buffer-overflow-in-ati_2d_blt-CVE-2021-3638.patch
Closes: #992726, CVE-2021-3638:
inconsistent check in ati_2d_blt() may lead to out-of-bounds write
* vhost-user-gpu fixes from upstream, 7 patches:
CVE-2021-3544: multiple memory leaks
CVE-2021-3545: information disclosure due to uninitialized memory reads
CVE-2021-3546: out-of-bounds write in virgl_cmd_get_capset()
Closes: #989042, CVE-2021-3544, CVE-2021-3545, CVE-2021-3546
.
[ Cyril Brulebois ]
* linux-user-elfload-fix-address-calculation-in-fallback.patch
This fixes problems with some access to an unmounted /proc, as seen
while building images for the Raspberry Pi devices. With thanks to
Diederik de Haas for the report and to Bernhard Übelacker for
pinpointing the upstream fix to backport. (Closes: #988174) Checksums-Sha1:
f5368915217bef0116032710a0bf149384e2094a 6636 qemu_5.2+dfsg-11+deb11u1.dsc
e8eb0f04f1c0926a4e6285e897581080346c3344 19661072 qemu_5.2+dfsg.orig.tar.xz
ba3b53e4884a1a69e29de81ed162bd27e1a4e980 122260 qemu_5.2+dfsg-11+deb11u1.debian.tar.xz
4e3b73b7d178e2640871dd52ed16f38a8f933db9 10911 qemu_5.2+dfsg-11+deb11u1_source.buildinfo
Checksums-Sha256:
6359cc007ca984647e7dad426f254dc6133fcb0020a9839221415b8577544486 6636 qemu_5.2+dfsg-11+deb11u1.dsc
be5ae7ddc88d68af81c7b2435b95c1cad4e9416c9a1426ee5a6a4b9a9c0bf87e 19661072 qemu_5.2+dfsg.orig.tar.xz
e93e31688aa45b055a7200af2ebc764988482a0c7470abfbf4e60de5626c37ea 122260 qemu_5.2+dfsg-11+deb11u1.debian.tar.xz
adf023c84464b444d970983a3c5f40b10f238e0e44e62b2c08b89e01fc6c3ca7 10911 qemu_5.2+dfsg-11+deb11u1_source.buildinfo
Files:
dca448577f930997f4e8dd373833969f 6636 otherosfs optional qemu_5.2+dfsg-11+deb11u1.dsc
02abb3409bd2475287bb122ee8b0f99c 19661072 otherosfs optional qemu_5.2+dfsg.orig.tar.xz
dd853c6aad3f4dc31d2dcdff5cc9ce8a 122260 otherosfs optional qemu_5.2+dfsg-11+deb11u1.debian.tar.xz
b703f8ea0ecee69aa7f6def4106d22bd 10911 otherosfs optional qemu_5.2+dfsg-11+deb11u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQFDBAEBCAAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAmFWzPMPHG1qdEB0bHMu bXNrLnJ1AAoJEHAbT2saaT5ZdA8H/3Qeu+GkSS92p7doEXUcmXjrr9Gb5ACOSDdU ze1hQUU3+ty8fzcZTKLL97Gij2+ktSSugOEfjCv2kCl7hC/YC1ySjxdE5Azj8x5U h+Mpd7f+dNOCTsqYENa3VNDOAqLXyD4XbZD2K/bWenWr2I3p75Pn7CwfnZorpZMU TBF+hKpkyCcpDL2bH4/+oxYSequ6RxgjGroRAQ0RdmzqcRMJGAn05yaNaSrte/EN w4VHnV0qnJ8PKQCEUASDpn58aswdiMOsyTiomG4IDaZvwoaJwYxe0lJL5/d0F68a a6DAl4gHhi033tWJ+/Ct8VQ+PYPE+6MO01ZaHplD2ywx2HfyA0I=
=N5PN
-----END PGP SIGNATURE-----
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)