On 25/04/2019 03:54, Emilio Pozuelo Monfort wrote:
> Hi,
> 
> I prepared an update for qemu, with the following fixes:
> 
>   * CVE-2018-20815: information disclosure in tcp_emu().
>   * CVE-2019-9824: heap buffer overflow in load_device_tree().
>   * CVE-2018-11806: heap-based buffer overflow via incoming fragmented
>     datagrams (Closes: #901017).
>   * CVE-2018-18849: out-of-bounds access by triggering an invalid msg_len
>     value in the lsi53c895a host bus adapter (Closes: #912535).
> 
> I have updated source plus amd64 binaries to:
> 
> https://people.debian.org/~pochu/lts/qemu/
> 
> I would appreciate some extra testing. I plan to upload it on Monday as the
> latest, depending on the received feedback.

This took longer than I expected due to some travelling, but is now done.

Cheers,
Emilio

Reply via email to