-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 02 Dec 2018 19:10:27 +0300 Source: qemu Binary: qemu qemu-system qemu-block-extra qemu-system-data qemu-system-common qemu-system-gui qemu-system-misc qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc qemu-system-x86 qemu-user qemu-user-static qemu-user-binfmt qemu-utils qemu-guest-agent qemu-kvm Architecture: source Version: 1:3.1+dfsg-1 Distribution: unstable Urgency: medium Maintainer: Debian QEMU Team <pkg-qemu-de...@lists.alioth.debian.org> Changed-By: Michael Tokarev <m...@tls.msk.ru> Description: qemu - fast processor emulator, dummy package qemu-block-extra - extra block backend modules for qemu-system and qemu-utils qemu-guest-agent - Guest-side qemu-system agent qemu-kvm - QEMU Full virtualization on x86 hardware qemu-system - QEMU full system emulation binaries qemu-system-arm - QEMU full system emulation binaries (arm) qemu-system-common - QEMU full system emulation binaries (common files) qemu-system-data - QEMU full system emulation (data files) qemu-system-gui - QEMU full system emulation binaries (user interface and audio sup qemu-system-mips - QEMU full system emulation binaries (mips) qemu-system-misc - QEMU full system emulation binaries (miscellaneous) qemu-system-ppc - QEMU full system emulation binaries (ppc) qemu-system-sparc - QEMU full system emulation binaries (sparc) qemu-system-x86 - QEMU full system emulation binaries (x86) qemu-user - QEMU user mode emulation binaries qemu-user-binfmt - QEMU user mode binfmt registration for qemu-user qemu-user-static - QEMU user mode emulation binaries (static version) qemu-utils - QEMU utilities Closes: 795486 813658 901017 902501 902725 907500 908682 910431 911468 911469 911470 911499 912535 914599 914604 914727 915884 Changes: qemu (1:3.1+dfsg-1) unstable; urgency=medium . * new upstream release (3.1) * Security bugs fixed by upstream: Closes: #910431, CVE-2018-10839: integer overflow leads to buffer overflow issue Closes: #911468, CVE-2018-17962 pcnet: integer overflow leads to buffer overflow Closes: #911469, CVE-2018-17963 net: ignore packets with large size Closes: #908682, CVE-2018-3639 qemu should be able to pass the ssbd cpu flag Closes: #901017, CVE-2018-11806 m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams Closes: #902725, CVE-2018-12617 qmp_guest_file_read in qemu-ga has an integer overflow Closes: #907500, CVE-2018-15746 qemu-seccomp might allow local OS guest users to cause a denial of service Closes: #915884, CVE-2018-16867 dev-mtp: path traversal in usb_mtp_write_data of the MTP Closes: #911499, CVE-2018-17958 Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used Closes: #911470, CVE-2018-18438 integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value Closes: #912535, CVE-2018-18849 lsi53c895a: OOB msg buffer access leads to DoS Closes: #914604, CVE-2018-18954 pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu before 3.1 allows out-of-bounds write or read access to PowerNV memory Closes: #914599, CVE-2018-19364 Use-after-free due to race condition while updating fid path Closes: #914727, CVE-2018-19489 9pfs: crash due to race condition in renaming files * remove patches which were applied upstream * add new manpage qemu-cpu-models.7 * qemu-system-ppcemb is gone, use qemu-system-ppc[64] * do-not-link-everything-with-xen.patch (trivial) * get-orig-source: handle 3.x and 4.x, and remove roms again, as upstream wants us to use separate source packages for that stuff * move generated data from qemu-system-data back to qemu-system-common * d/control: enable spice on arm64 (Closes: #902501) (probably should enable on all) * d/control: change git@salsa urls to https * add qemu-guest-agent.service (Closes: #795486) * enable opengl support and virglrenderer (Closes: #813658) * simplify d/rules just a little bit * build-depend on libudev-dev, for qga Checksums-Sha1: a65a31436ea02a77c21bff8f7afa02ae05938a26 5967 qemu_3.1+dfsg-1.dsc b6a6c31d146b13e14af253d6dc25f16ccad7d060 8705368 qemu_3.1+dfsg.orig.tar.xz a07b0298ac2fe6be7ee5e9540fd6fc6d9c1b20ee 72160 qemu_3.1+dfsg-1.debian.tar.xz 2233f07915fcbb0daa421fca2674a139941f832b 16084 qemu_3.1+dfsg-1_source.buildinfo Checksums-Sha256: c1b9ec8e25ff07877505291d8c0ef235f7b81117a9a706bdf76deba857c09484 5967 qemu_3.1+dfsg-1.dsc 2f277942759dd3eed21f7e00edfeab52b4f58d6f2f22d4f7e1a8aa4dc54c80d7 8705368 qemu_3.1+dfsg.orig.tar.xz 62ccd57796c3a43d99aac37ffac4b24b7188216f719ff50b0e1ce84f058ccca5 72160 qemu_3.1+dfsg-1.debian.tar.xz 4f53f5acac8637a3716dbd1ea4380d7c08a8c1d15a1de581095963b1e76b560b 16084 qemu_3.1+dfsg-1_source.buildinfo Files: 059657635379ae27ba846df240e16b54 5967 otherosfs optional qemu_3.1+dfsg-1.dsc b17f33786c89d547150490811a40f0b2 8705368 otherosfs optional qemu_3.1+dfsg.orig.tar.xz 62ef7391f798ccbd2b4d5f7928033522 72160 otherosfs optional qemu_3.1+dfsg-1.debian.tar.xz 13fd8a8bb95fc80a05de9f1cb33a50ce 16084 otherosfs optional qemu_3.1+dfsg-1_source.buildinfo
-----BEGIN PGP SIGNATURE----- iQFDBAEBCAAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAlwQzGwPHG1qdEB0bHMu bXNrLnJ1AAoJEHAbT2saaT5Z+zUH/1AG3gTlCfodSE7V0FW8268LUMpsJS7mpZ/p 4K8GUdAXtH6TWN1n4vfbUeCaO+dJYHT2g0dTFqwKhJoLElhcCFH8F2pcVQPJfPQQ YLYQIR/5Mijs+cHIpbzc7KO4Jj2umLOe0GZtEnmbXvBNGRf9/KImb8nRzSitVJSX qlRSLsr5tLVIgBxGJynPCWYLzwAnvv6chSNBT7e/1vBvo87B1l3gL7ibRdIF3CFJ s4mYqyYQvIwlEgOE1UKswSunQjcbjZY2ATy0DAxZw5E0ec8etX3cl/tCH8Hq6aSZ lpDOsBZu/rRukrF3Rt7GSSPCsoLXwWUYa9mRnEsTBWzcw0pJKmc= =1I7Y -----END PGP SIGNATURE-----