Package: qemu-system, qemu-kvm Version: 1.1.2+dfsg-1 Severity: serious Tags: security upstream patch wheezy jessie
CVE-2014-2894, a guest-triggerable out of bounds memory access using IDE SMART commands. This can lead to qemu process memory corruption and potentially (unlikely) to invalid code execution with host qemu process privileges. Introduced past 2009. Qemu 0.12 (on squeeze, oldstable) is not affected, wheezy/stable and current testing are affected, fixed in upstream 2.0 which is currently in sid. /mjt _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
