Univention Bugzilla – Full Text Bug Listing |
Summary: | qemu: Multiple issues (4.3) | ||
---|---|---|---|
Product: | UCS | Reporter: | Quality Assurance <qa> |
Component: | Security updates | Assignee: | Quality Assurance <qa> |
Status: | CLOSED FIXED | QA Contact: | Philipp Hahn <hahn> |
Severity: | normal | ||
Priority: | P3 | ||
Version: | UCS 4.3 | ||
Target Milestone: | UCS 4.3-4-errata | ||
Hardware: | All | ||
OS: | Linux | ||
What kind of report is it?: | Security Issue | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: | 7.8 (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H) | ||
Bug Depends on: | |||
Bug Blocks: | 49713 |
Description
Quality Assurance
2019-06-03 10:44:44 CEST
--- mirror/ftp/4.3/unmaintained/4.3-4/source/qemu_2.8+dfsg-6+deb9u5A~4.3.0.201811261055.dsc +++ apt/ucs_4.3-0-errata4.3-4/source/qemu_2.8+dfsg-6+deb9u6A~4.3.0.201906031137.dsc @@ -1,4 +1,4 @@ -1:2.8+dfsg-6+deb9u5A~4.3.0.201811261055 [Mon, 26 Nov 2018 10:55:43 +0100] Univention builddaemon <buildd@univention.de>: +1:2.8+dfsg-6+deb9u6A~4.3.0.201906031137 [Mon, 03 Jun 2019 11:37:43 +0200] Univention builddaemon <buildd@univention.de>: * UCS auto build. The following patches have been applied to the original source package 0001-Disable-Xen-for-UCS @@ -13,6 +13,42 @@ 1007-0008-x86-Work-around-SMI-migration-breakages 1008-0009-migration-ram.c-do-not-set-postcopy_running-in-POSTC +1:2.8+dfsg-6+deb9u6 [Wed, 29 May 2019 14:39:09 +0300] Michael Tokarev <mjt@tls.msk.ru>: + + [ Moritz Mühlenhoff <jmm@debian.org> ] + * slirp-correct-size-computation-concatenating-mbuf-CVE-2018-11806.patch + (Closes: #901017, CVE-2018-11806) + * qga-check-bytes-count-read-by-guest-file-read-CVE-2018-12617.patch + (Closes: #902725, CVE-2018-12617) + * usb-mtp-use-O_NOFOLLOW-and-O_CLOEXEC-CVE-2018-16872.patch + (Closes: #916397, CVE-2018-16872) + * rtl8139-fix-possible-out-of-bound-access-CVE-2018-17958.patch + (Closes: #911499, CVE-2018-17958) + * lsi53c895a-check-message-length-value-is-valid-CVE-2018-18849.patch + (Closes: #912535, CVE-2018-18849) + * ppc-pnv-check-size-before-data-buffer-access-CVE-2018-18954.patch + (Closes: #914604, CVE-2018-18954) + * 9p-write-lock-path-in-v9fs-co_open2.patch + 9p-take-write-lock-on-fid-path-updates-CVE-2018-19364.patch + (Closes: #914599, CVE-2018-19364) + * 9p-fix-QEMU-crash-when-renaming-files-CVE-2018-19489.patch + (Closes: #914727, CVE-2018-19489) + * i2c-ddc-fix-oob-read-CVE-2019-3812.patch + (Closes: #922635, CVE-2019-3812) + * slirp-check-data-length-while-emulating-ident-function-CVE-2019-6778.patch + (Closes: #921525, CVE-2019-6778) + * slirp-check-sscanf-result-when-emulating-ident-CVE-2019-9824.patch + (Closes: CVE-2019-9824) + + [ Michael Tokarev ] + * enable-md-clear.patch + define new CPUID for MDS + (Closes: #929067) + (Closes: CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091) + * qxl-check-release-info-object-CVE-2019-12155.patch + fixes null-pointer deref in qxl cleanup code + (Closes: #929353, CVE-2019-12155) + 1:2.8+dfsg-6+deb9u5 [Thu, 08 Nov 2018 16:41:45 +0100] Moritz Mühlenhoff <jmm@debian.org>: * Backport SSBD support (Closes: #908682) <http://10.200.17.11/4.3-4/#3705739909493113808> OK: yaml OK: announce_errata OK: patch OK: piuparts OK: diff <(qemu-system-x86_64 -cpu \?) < arat md-clear > arat [4.3-4] 21037aa685 Bug #49584: qemu 1:2.8+dfsg-6+deb9u6A~4.3.4.201906031044 doc/errata/staging/qemu.yaml | 51 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) |