Source: qemu Version: 1:8.2.0+ds-4 Severity: important Tags: security upstream Forwarded: https://lists.nongnu.org/archive/html/qemu-devel/2024-01/msg02382.html X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for qemu. CVE-2023-6683[0]: | A flaw was found in the QEMU built-in VNC server while processing | ClientCutText messages. The qemu_clipboard_request() function can be | reached before vnc_server_cut_text_caps() was called and had the | chance to initialize the clipboard peer, leading to a NULL pointer | dereference. This could allow a malicious authenticated VNC client | to crash QEMU and trigger a denial of service. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-6683 https://www.cve.org/CVERecord?id=CVE-2023-6683 [1] https://lists.nongnu.org/archive/html/qemu-devel/2024-01/msg02382.html Please adjust the affected versions in the BTS as needed. Regards, Salvatore