Source: qemu Version: 0.6.1-1 Severity: grave Tags: security patch upstream squeeze wheezy jessie sid
This is a guest-triggerable buffer overrun in virtio-net device in qemu. The relevant code has been added to qemu in version 0.6, which means it is in all versions of debian. The network device is one of the most important network devices which qemu implements, so impact might be very high. Upstream commit fixing this issue: http://thread.gmane.org/gmane.comp.emulators.qemu/266713 Thanks, /mjt _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
