[ubuntu/wily-proposed] qemu 1:2.2+dfsg-5expubuntu10 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Wed May 13 16:52:13 UTC 2015 

qemu (1:2.2+dfsg-5expubuntu10) wily; urgency=medium

  * SECURITY UPDATE: denial of service in vnc web
    - debian/patches/CVE-2015-1779-1.patch: incrementally decode websocket
      frames in ui/vnc-ws.c, ui/vnc-ws.h, ui/vnc.h.
    - debian/patches/CVE-2015-1779-2.patch: limit size of HTTP headers from
      websockets clients in ui/vnc-ws.c.
    - CVE-2015-1779
  * SECURITY UPDATE: host code execution via floppy device (VEMON)
    - debian/patches/CVE-2015-3456.patch: force the fifo access to be in
      bounds of the allocated buffer in hw/block/fdc.c.
    - CVE-2015-3456

Date: Wed, 13 May 2015 07:25:59 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/qemu/1:2.2+dfsg-5expubuntu10
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 13 May 2015 07:25:59 -0400
Source: qemu
Binary: qemu qemu-system qemu-system-common qemu-system-misc qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc qemu-system-x86 qemu-user qemu-user-static qemu-user-binfmt qemu-utils qemu-guest-agent qemu-kvm qemu-system-aarch64
Architecture: source
Version: 1:2.2+dfsg-5expubuntu10
Distribution: wily
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
 qemu       - fast processor emulator
 qemu-guest-agent - Guest-side qemu-system agent
 qemu-kvm   - QEMU Full virtualization
 qemu-system - QEMU full system emulation binaries
 qemu-system-aarch64 - QEMU full system emulation binaries (aarch64)
 qemu-system-arm - QEMU full system emulation binaries (arm)
 qemu-system-common - QEMU full system emulation binaries (common files)
 qemu-system-mips - QEMU full system emulation binaries (mips)
 qemu-system-misc - QEMU full system emulation binaries (miscelaneous)
 qemu-system-ppc - QEMU full system emulation binaries (ppc)
 qemu-system-sparc - QEMU full system emulation binaries (sparc)
 qemu-system-x86 - QEMU full system emulation binaries (x86)
 qemu-user  - QEMU user mode emulation binaries
 qemu-user-binfmt - QEMU user mode binfmt registration for qemu-user
 qemu-user-static - QEMU user mode emulation binaries (static version)
 qemu-utils - QEMU utilities
Changes:
 qemu (1:2.2+dfsg-5expubuntu10) wily; urgency=medium
 .
   * SECURITY UPDATE: denial of service in vnc web
     - debian/patches/CVE-2015-1779-1.patch: incrementally decode websocket
       frames in ui/vnc-ws.c, ui/vnc-ws.h, ui/vnc.h.
     - debian/patches/CVE-2015-1779-2.patch: limit size of HTTP headers from
       websockets clients in ui/vnc-ws.c.
     - CVE-2015-1779
   * SECURITY UPDATE: host code execution via floppy device (VEMON)
     - debian/patches/CVE-2015-3456.patch: force the fifo access to be in
       bounds of the allocated buffer in hw/block/fdc.c.
     - CVE-2015-3456
Checksums-Sha1:
 09ae12d0ec671c982a038f31d8d26631a6075f43 5902 qemu_2.2+dfsg-5expubuntu10.dsc
 b50c8cfa37b61d8c7464a7f92c2716defd45845d 75804 qemu_2.2+dfsg-5expubuntu10.debian.tar.xz
Checksums-Sha256:
 9fd171d9a5a2886a6101788a05e35f15358aaf344c2a07554057f3aac6131d73 5902 qemu_2.2+dfsg-5expubuntu10.dsc
 e2a0e1f7eafee97fff8bf2249790b2f887950d9358860b8e8de7d82858180e60 75804 qemu_2.2+dfsg-5expubuntu10.debian.tar.xz
Files:
 131ee71894dd9e09b18f2e3275737bb9 5902 otherosfs optional qemu_2.2+dfsg-5expubuntu10.dsc
 af808c7ed7c21741c3a24703116e4b4a 75804 otherosfs optional qemu_2.2+dfsg-5expubuntu10.debian.tar.xz
Original-Maintainer: Debian QEMU Team <pkg-qemu-devel at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJVU4BsAAoJEGVp2FWnRL6TcacP+gPKfJvkOqBjT861bwND9/6K
GDMNiTyUYFWCxP3ODa44OlnRZePCH9Y2AIl2e3ZLpFKZXXC6HBn1GsrSpFLFoHsL
gVtxeXi3L6S2K/E3RqmnYeSvhd7QBt3Gselw/SubO8pL4kxvlbKgOXs6bWi4AfhZ
BHVDSeLtiJiFywbufbrJD5NGdAuc80wP28/utclsnE6nImEN5DEmM2rf+vf0a8iF
EsFiQ4Hf7J2V4DYXJhQVPE2t9NCGZ5sATMzSOLIov6iLVCowMvy/alXEqRidPuCR
L+DcvMGEGnfCbEFBiATG4RgIZV8fNVqGoWolsqqbFnZ/AKIqAG4YQQm80zIa1z9E
55C5pBI7O2MS16AyQOgK4FTf0oK0BRm/+n0S5uuv17yDk6jl4lhqAl3JGEnDMSIM
oUyiVBeYrV2dboHKyy5LR7S/hxYUnIsGiPWMlPPY8zt9IXCJLWzey6/A3ysNkxv1
ql0xe9OEnMq3mWBRZDy9+EuuG3XR3+vnoY9UJfPVK7aF3ybAuXYxBw/X+QMPdGtE
8Vh8p81IrkqXockxtb8PdwdqvmiabKJocTsK9Ct6iY1DCXglsCSaruynaWQM6Lw1
6CYpSqghnFS/WVrBk8uidpxQVNfIc/bXEBrS28LjRK5f2GYhK+pr/EKpuWHpn67a
MzXedB164fx1zB+tN6I8
=W/jV
-----END PGP SIGNATURE-----

More information about the Wily-changes mailing list