qemu (1:2.5+dfsg-5ubuntu10.14) xenial-security; urgency=medium

  * SECURITY UPDATE: denial of service via leak in virtFS
    - debian/patches/CVE-2017-7377.patch: fix file descriptor leak in
      hw/9pfs/virtio-9p.c.
    - CVE-2017-7377
  * SECURITY UPDATE: denial of service in cirrus_vga
    - debian/patches/CVE-2017-7718.patch: check parameters in
      hw/display/cirrus_vga_rop.h.
    - CVE-2017-7718
  * SECURITY UPDATE: code execution via cirrus_vga OOB r/w
    - debian/patches/CVE-2017-7980-1.patch: handle negative pitch in
      hw/display/cirrus_vga.c.
    - debian/patches/CVE-2017-7980-2.patch: allow zero source pitch in
      hw/display/cirrus_vga.c.
    - debian/patches/CVE-2017-7980-3.patch: fix blit address mask handling
      in hw/display/cirrus_vga.c.
    - debian/patches/CVE-2017-7980-4.patch: fix patterncopy checks in
      hw/display/cirrus_vga.c.
    - debian/patches/CVE-2017-7980-5.patch: revert allow zero source pitch
      in hw/display/cirrus_vga.c.
    - debian/patches/CVE-2017-7980-6.patch: stop passing around dst
      pointers in hw/display/cirrus_vga.c, hw/display/cirrus_vga_rop.h,
      hw/display/cirrus_vga_rop2.h.
    - debian/patches/CVE-2017-7980-7.patch: stop passing around src
      pointers in hw/display/cirrus_vga.c, hw/display/cirrus_vga_rop.h,
      hw/display/cirrus_vga_rop2.h.
    - debian/patches/CVE-2017-7980-8.patch: fix off-by-one in
      hw/display/cirrus_vga_rop.h.
    - debian/patches/CVE-2017-7980-9.patch: fix cirrus_invalidate_region in
      hw/display/cirrus_vga.c.
    - CVE-2017-7980
  * SECURITY UPDATE: denial of service via memory leak in virtFS
    - debian/patches/CVE-2017-8086.patch: fix leak in
      hw/9pfs/virtio-9p-xattr.c.
    - CVE-2017-8086
  * SECURITY UPDATE: denial of service via leak in audio
    - debian/patches/CVE-2017-8309.patch: release capture buffers in
      audio/audio.c.
    - CVE-2017-8309
  * SECURITY UPDATE: denial of service via leak in keyboard
    - debian/patches/CVE-2017-8379-1.patch: limit kbd queue depth in
      ui/input.c.
    - debian/patches/CVE-2017-8379-2.patch: don't queue delay if paused in
      ui/input.c.
    - CVE-2017-8379
  * SECURITY REGRESSION: Windows 7 VGA compatibility issue (LP: #1581936)
    - debian/patches/lp1581936.patch: add sr_vbe register set to
      hw/display/vga.c, hw/display/vga_int.h.

Date: 2017-05-10 22:55:14.089683+00:00
Changed-By: Marc Deslauriers <marc.deslauri...@canonical.com>
Signed-By: Ubuntu Archive Robot 
<cjwatson+ubuntu-archive-ro...@chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/qemu/1:2.5+dfsg-5ubuntu10.14
Sorry, changesfile not available.
-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

Reply via email to