On 25/04/2019 03:54, Emilio Pozuelo Monfort wrote: > Hi, > > I prepared an update for qemu, with the following fixes: > > * CVE-2018-20815: information disclosure in tcp_emu(). > * CVE-2019-9824: heap buffer overflow in load_device_tree(). > * CVE-2018-11806: heap-based buffer overflow via incoming fragmented > datagrams (Closes: #901017). > * CVE-2018-18849: out-of-bounds access by triggering an invalid msg_len > value in the lsi53c895a host bus adapter (Closes: #912535). > > I have updated source plus amd64 binaries to: > > https://people.debian.org/~pochu/lts/qemu/ > > I would appreciate some extra testing. I plan to upload it on Monday as the > latest, depending on the received feedback.
This took longer than I expected due to some travelling, but is now done. Cheers, Emilio