-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 04 May 2022 22:50:01 +0300
Source: qemu
Architecture: source
Version: 1:5.2+dfsg-11+deb11u2
Distribution: bullseye-security
Urgency: medium
Maintainer: Debian QEMU Team <
pkg-qemu-devel@lists.alioth.debian.org> Changed-By: Michael Tokarev <
mjt@tls.msk.ru>
Changes:
qemu (1:5.2+dfsg-11+deb11u2) bullseye-security; urgency=medium
.
* virtio-net-fix-map-leaking-on-error-during-receive-CVE-2022-26353.patch
fix memory leak after fix for CVE-2021-3748
* vhost-vsock-detach-the-virqueue-element-on-error-CVE-2022-26354.patch
vhost-sock device was not detaching invalid element from
the virtqueue on error
* ui-cursor-fix-integer-overflow-in-cursor_alloc-CVE-2021-4206.patch,
display-qxl-render-fix-race-condition-in-qxl_cursor-CVE-2021-4207.patch
two flaws can lead to allocation of small cursor object followed by a
subsequent heap-based buffer overflow with a potential for executing
arbitrary code within the context of QEMU process
* virtiofsd-drop-membership-of-all-supplementary-group-CVE-2022-0358.patch
potential group escalation allowed by virtiofsd
Checksums-Sha1:
d3d88738d0ae4893edd1d96b854d8f5aad5c8f40 6636 qemu_5.2+dfsg-11+deb11u2.dsc
03264bd6f417b16c6f87874a3c4840381005946d 125164 qemu_5.2+dfsg-11+deb11u2.debian.tar.xz
fb3605462e1c72f67e660b03c9a769adb5bf6cbf 12418 qemu_5.2+dfsg-11+deb11u2_source.buildinfo
Checksums-Sha256:
6c3675cb803c23c1c2133e7c0bafccb8e9bd4a752c969f483cfc76583181f3d7 6636 qemu_5.2+dfsg-11+deb11u2.dsc
6204ddd09ec5965120bcf10a464dca9558f14ed3da83f00b6db141c85cd71cc6 125164 qemu_5.2+dfsg-11+deb11u2.debian.tar.xz
a94f1a1eefd43cc417a6eadf274c434b04659feb5494a8fb11824f9628a27d82 12418 qemu_5.2+dfsg-11+deb11u2_source.buildinfo
Files:
33f16747ad236e046439bb123ebe5bd3 6636 otherosfs optional qemu_5.2+dfsg-11+deb11u2.dsc
ea8c9aa3537c62419f24c66eb7956a09 125164 otherosfs optional qemu_5.2+dfsg-11+deb11u2.debian.tar.xz
8db623b19b0d9d602b745e2be0bab539 12418 otherosfs optional qemu_5.2+dfsg-11+deb11u2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQFDBAEBCAAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAmJ1Ju0PHG1qdEB0bHMu bXNrLnJ1AAoJEHAbT2saaT5ZAEkIAI/QmqyCETqJ6LjCoOG8icxLoDwkN/v+FfFA ORN70wS1cm6tDfzwT8oruyjbIVx3kVGvqgIajvbd7DetfGkch/ZMMWEAgjxl6EfO tmLXYn6epNGlRqbPIH9UIOG6Xw6B4gkH6Ty8H4886OT2NIE0OBUysUbkYcZkXsig c6aQCFU8x83zGbBm7rQet1h8+DKlxZtEH2Flxo1jjUiMPmLuXJTNip+wJqcgs83q 0ftYtuh7E6PKZ/EaEXIKz5V8XMws7tneP1JwF9wauFSoeWmMMQK4qogba/V1cmFH 5cmGxd3Nu5njPmF8BbOOF/aRkY4Ww8qKAjLy38xpe+8+3IfAY8M=
=B5gp
-----END PGP SIGNATURE-----
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)