Hi,

I prepared an update for qemu, with the following fixes:

  * CVE-2018-20815: information disclosure in tcp_emu().
  * CVE-2019-9824: heap buffer overflow in load_device_tree().
  * CVE-2018-11806: heap-based buffer overflow via incoming fragmented
    datagrams (Closes: #901017).
  * CVE-2018-18849: out-of-bounds access by triggering an invalid msg_len
    value in the lsi53c895a host bus adapter (Closes: #912535).

I have updated source plus amd64 binaries to:

https://people.debian.org/~pochu/lts/qemu/

I would appreciate some extra testing. I plan to upload it on Monday as the
latest, depending on the received feedback.

Cheers,
Emilio

Reply via email to