[ubuntu/focal-proposed] qemu 1:4.0+dfsg-0ubuntu11 (Accepted)

Steve Beattie sbeattie at ubuntu.com
Fri Jan 17 19:06:21 UTC 2020 

qemu (1:4.0+dfsg-0ubuntu11) focal; urgency=medium

  * SECURITY UPDATE: infinite loop when executing LSI scsi adapter
    emulator scripts
    - d/p/u/CVE-2019-12068.patch: Move the existing loop exit
    - CVE-2019-12068
  * SECURITY UPDATE: null pointer dereference in qxl display driver
    - d/p/u/CVE-2019-12155.patch: qxl: check release info object
    - CVE-2019-12155
  * SECURITY UPDATE: qemu-bridge-helper interface name buffer overflow
    - d/p/u/CVE-2019-13164.patch: qemu-bridge-helper: restrict
      interface name to IFNAMSIZ
    - CVE-2019-13164
  * SECURITY UPDATE: heap overflow in slirp
    - d/p/u/CVE-2019-14378.patch: slirp: Fix heap overflow in ip_reass
      on big packet input
    - CVE-2019-14378
  * SECURITY UPDATE: use after free vulnerability in slirp
    - d/p/u/CVE-2019-15890.patch: slirp: ip_reass: Fix use after free
    - CVE-2019-15890
  * Add support for exposing "taa-no" flag to guests:
    - d/p/u/CVE-2019-11135-taa-no.patch
    - CVE-2019-11135
  * Add support for exposing "pschange-mc-no" to guests:
    - d/p/u/pschange-mce.patch

Date: Thu, 07 Nov 2019 20:54:32 -0800
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/qemu/1:4.0+dfsg-0ubuntu11
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 07 Nov 2019 20:54:32 -0800
Source: qemu
Architecture: source
Version: 1:4.0+dfsg-0ubuntu11
Distribution: focal
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
Changes:
 qemu (1:4.0+dfsg-0ubuntu11) focal; urgency=medium
 .
   * SECURITY UPDATE: infinite loop when executing LSI scsi adapter
     emulator scripts
     - d/p/u/CVE-2019-12068.patch: Move the existing loop exit
     - CVE-2019-12068
   * SECURITY UPDATE: null pointer dereference in qxl display driver
     - d/p/u/CVE-2019-12155.patch: qxl: check release info object
     - CVE-2019-12155
   * SECURITY UPDATE: qemu-bridge-helper interface name buffer overflow
     - d/p/u/CVE-2019-13164.patch: qemu-bridge-helper: restrict
       interface name to IFNAMSIZ
     - CVE-2019-13164
   * SECURITY UPDATE: heap overflow in slirp
     - d/p/u/CVE-2019-14378.patch: slirp: Fix heap overflow in ip_reass
       on big packet input
     - CVE-2019-14378
   * SECURITY UPDATE: use after free vulnerability in slirp
     - d/p/u/CVE-2019-15890.patch: slirp: ip_reass: Fix use after free
     - CVE-2019-15890
   * Add support for exposing "taa-no" flag to guests:
     - d/p/u/CVE-2019-11135-taa-no.patch
     - CVE-2019-11135
   * Add support for exposing "pschange-mc-no" to guests:
     - d/p/u/pschange-mce.patch
Checksums-Sha1:
 1a1a26b73d1363392f83d6866f570a8d8bee6307 6781 qemu_4.0+dfsg-0ubuntu11.dsc
 4e7acc103c236b3233540964e33b3e09f0f62034 199164 qemu_4.0+dfsg-0ubuntu11.debian.tar.xz
 9f4d68763ed15bdf9faaba2be9f0684bd63783f6 20644 qemu_4.0+dfsg-0ubuntu11_source.buildinfo
Checksums-Sha256:
 668e7a2a05982aed00fcd759bf564c4d1babed3da135107a05a923886c360b60 6781 qemu_4.0+dfsg-0ubuntu11.dsc
 ea72a3c62c35d56629f701cbd0d7d84ead11fea01b94910d56ecc874b36247db 199164 qemu_4.0+dfsg-0ubuntu11.debian.tar.xz
 52497f009ea3b0a5fd99ce543391439483d32c04f9f306a53d237187658fe48e 20644 qemu_4.0+dfsg-0ubuntu11_source.buildinfo
Files:
 6187b8793b1b114a956327116605c878 6781 otherosfs optional qemu_4.0+dfsg-0ubuntu11.dsc
 09814f153fd5f261a089954cb73b0ee5 199164 otherosfs optional qemu_4.0+dfsg-0ubuntu11.debian.tar.xz
 7f2adbeaa2008a121b1a7a31b0578c17 20644 otherosfs optional qemu_4.0+dfsg-0ubuntu11_source.buildinfo
Original-Maintainer: Debian QEMU Team <pkg-qemu-devel at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl4iBGgACgkQZWnYVadE
vpOLQw//QzmITZbo8/3TAeY2sSlHGLGDHxr7ve23w954KYuWHqGnrDbWTpTNF6M6
ourHaeSSCX3FjofFj5q3qKS4BUEyNn2UwvT4kAJzRbL8PFuHfn8VCAjRUAdTm2OA
NklrT+EkUUXEOJ2tGytGzwEqQn9t29iqr1RuUQRokZc7TxOqkEcQo5xo4ZtFGvKQ
Nyfh9ldUCE6cdIj0YofQ2m3F6UovfAqkt+smOlf9E0AXFqxlrqZ13Wpk9HTBzYSX
xjWQ3RXOSqZEPj0mQ2wg0DK7C7U+mzfa9AbVRuG+PZHCMsV8btyrll1iIOrRj/SZ
HglRx0WgmmLvNKOZKjSVX2LcBbXKdvehnrr9SoKBiBojXjAnDmBqUT/AWH9ByXvu
3e4fRZG1v4c3oP9jvYs/tAGMUDXFL8AXmL6rnfbTKR97PL86ufCTdMDPcxv6AYm9
uM29/Lu2bRNyBppKjQUkGNZx606gATJJMRwSiBzyLgDzoDaco7msJgb/rzC7sSrq
zwuoEMprvdPl6Xe7yIrqW/6+eNJCThHukBoMtSJYsiOvwfh3Q5Vt0lQpUURVoVue
gPD2RP7u7vYZZ57mYHorkHrAO3C3TUjsRTBTRf9pO3nyswX9np8nxRKVrla3OHRA
cD0ULSuN2GkM7QXbOu/KaQi3GsZ/SgAjE/9UltHdXYW7tpp9eeM=
=/3OI
-----END PGP SIGNATURE-----

More information about the Focal-changes mailing list