[ubuntu-cloud-archive/queens-proposed] qemu (Accepted)

[Corey Bryant]

 qemu (1:2.11+dfsg-1ubuntu7.12~cloud0) xenial-queens; urgency=medium
 .
   * New update for the Ubuntu Cloud Archive.
 .
 qemu (1:2.11+dfsg-1ubuntu7.12) bionic-security; urgency=medium
 .
   [ Marc Deslauriers ]
   * SECURITY UPDATE: TOCTTOU in MTP
     - debian/patches/CVE-2018-16872.patch: use O_NOFOLLOW and O_CLOEXEC in
       hw/usb/dev-mtp.c.
     - CVE-2018-16872
   * SECURITY UPDATE: race during file renaming in v9fs_wstat
     - debian/patches/CVE-2018-19489.patch: add locks to hw/9pfs/9p.c.
     - CVE-2018-19489
   * SECURITY UPDATE: out-of-bounds read via i2 commands
     - debian/patches/CVE-2019-3812.patch: add bounds check to
       hw/i2c/i2c-ddc.c.
     - CVE-2019-3812
   * SECURITY UPDATE: heap based buffer overflow in slirp
     - debian/patches/CVE-2019-6778.patch: check data length while emulating
       ident function in slirp/tcp_subr.c.
     - CVE-2019-6778
 .
   [ Christian Ehrhardt ]
   * fix crash when performing block pull on partial cluster (LP: #1818264)
     - d/p/ubuntu/lp-1818264-block-Fix-copy-on-read-crash-with-partial.patch
   * qemu-guest-agent: fix path of fsfreeze-hook (LP: #1820291)
     - d/qemu-guest-agent.install: use correct path for fsfreeze-hook
     - d/qemu-guest-agent.pre{rm|inst}/.postrm: special handling for
       mv_conffile since the new path is a directory in the old package
       version which can not be handled by mv_conffile

Date: Thu, 28 Mar 2019 04:24:49 +0000
Changed-By: Openstack Ubuntu Testing Bot <openstack-testing-bot at ubuntu.com>
Signed-By: Openstack Ubuntu Testing Bot
Published-By: Corey Bryant <corey.bryant at canonical.com>