found 526013 0.9.1-5 thanks On Tue, Apr 28, 2009 at 01:05:31PM -0400, Michael S. Gilbert wrote: > Package: qemu > Severity: important > Tags: security > Fixed: 0.9.1-5 > > Hi, > > The following CVE (Common Vulnerabilities & Exposures) id was > published for qemu. > > CVE-2008-1945[0]: > | QEMU 0.9.0 does not properly handle changes to removable media, which > | allows guest OS users to read arbitrary files on the host OS by using > | the diskformat: parameter in the -usbdevice option to modify the > | disk-image header to identify a different format, a related issue to > | CVE-2008-2004. > > This is already fixed in version 0.9.1-5 in unstable. Please > coordinate with the security team ([email protected]) to prepare > packages for the stable releases. >
This bug is actually present in 0.9.1-5. CVE-2008-2004 has been fixed, but not CVE-2008-1945. I am working on a fix. -- Aurelien Jarno GPG: 1024D/F1BCDB73 [email protected] http://www.aurel32.net -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
