04.10.2014 23:27, Moritz Muehlenhoff wrote: > ------------------------------------------------------------------------- > Debian Security Advisory DSA-3045-1 [email protected] > http://www.debian.org/security/ Moritz Muehlenhoff > October 04, 2014 http://www.debian.org/security/faq > ------------------------------------------------------------------------- > > Package : qemu > CVE ID : CVE-2014-0142 CVE-2014-0143 CVE-2014-0144 CVE-2014-0145 > CVE-2014-0146 CVE-2014-0147 CVE-2014-0222 CVE-2014-0223 > CVE-2014-3615 CVE-2014-3640 > > Several vulnerabilities were discovered in qemu, a fast processor > emulator: > > * Various security issues have been found in the block qemu drivers. > Malformed disk images might result in the execution of arbitrary code. > * A NULL pointer dereference in SLIRP may result in denial of service > * An information leak was discovered in the VGA emulation > > For the stable distribution (wheezy), these problems have been fixed in > version 1.1.2+dfsg-6a+deb7u4. > > For the unstable distribution (sid), these problems will be fixed soon.
Hmm? For unstable (and testing), this has been fixed in 2.1-5... ;) I even uploaded fixed version to wheezy-backports already.. FWIW. Thanks, /mjt -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
