qemu: CVE-2018-17963: net: ignore packets with large size

Debian Bug report logs - #911469
qemu: CVE-2018-17963: net: ignore packets with large size

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: qemu: CVE-2018-17963: net: ignore packets with large size

Date: Sat, 20 Oct 2018 16:44:04 +0200

Source: qemu
Version: 1:2.12+dfsg-3
Severity: important
Tags: security upstream

Hi,

The following vulnerability was published for qemu.

CVE-2018-17963[0]:
| qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes
| greater than INT_MAX, which allows attackers to cause a denial of
| service or possibly have unspecified other impact.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2018-17963
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17963
[1] https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03267.html

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Message #14 received at 911469-close@bugs.debian.org (full text, mbox, reply):

From: Moritz Mühlenhoff <jmm@debian.org>

To: 911469-close@bugs.debian.org

Subject: Bug#911469: fixed in qemu 1:2.8+dfsg-6+deb9u5

Date: Fri, 23 Nov 2018 21:32:54 +0000

Source: qemu
Source-Version: 1:2.8+dfsg-6+deb9u5

We believe that the bug you reported is fixed in the latest version of
qemu, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 911469@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Moritz Mühlenhoff <jmm@debian.org> (supplier of updated qemu package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 08 Nov 2018 16:41:45 +0100
Source: qemu
Binary: qemu qemu-system qemu-block-extra qemu-system-common qemu-system-misc qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc qemu-system-x86 qemu-user qemu-user-static qemu-user-binfmt qemu-utils qemu-guest-agent qemu-kvm
Architecture: source amd64
Version: 1:2.8+dfsg-6+deb9u5
Distribution: stretch-security
Urgency: medium
Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>
Changed-By: Moritz Mühlenhoff <jmm@debian.org>
Description:
 qemu       - fast processor emulator
 qemu-block-extra - extra block backend modules for qemu-system and qemu-utils
 qemu-guest-agent - Guest-side qemu-system agent
 qemu-kvm   - QEMU Full virtualization on x86 hardware
 qemu-system - QEMU full system emulation binaries
 qemu-system-arm - QEMU full system emulation binaries (arm)
 qemu-system-common - QEMU full system emulation binaries (common files)
 qemu-system-mips - QEMU full system emulation binaries (mips)
 qemu-system-misc - QEMU full system emulation binaries (miscellaneous)
 qemu-system-ppc - QEMU full system emulation binaries (ppc)
 qemu-system-sparc - QEMU full system emulation binaries (sparc)
 qemu-system-x86 - QEMU full system emulation binaries (x86)
 qemu-user  - QEMU user mode emulation binaries
 qemu-user-binfmt - QEMU user mode binfmt registration for qemu-user
 qemu-user-static - QEMU user mode emulation binaries (static version)
 qemu-utils - QEMU utilities
Closes: 908682 910431 911468 911469
Changes:
 qemu (1:2.8+dfsg-6+deb9u5) stretch-security; urgency=medium
 .
   * Backport SSBD support (Closes: #908682)
   * CVE-2018-10839 (Closes: #910431)
   * CVE-2018-17962 (Closes: #911468)
   * CVE-2018-17963 (Closes: #911469)
Checksums-Sha1:
 51d9a6ab1938acf80d1c4dda5eccbbbacb196cca 5904 qemu_2.8+dfsg-6+deb9u5.dsc
 43e41704d1befe6ff21fe4c460974938fd1a9d1c 153452 qemu_2.8+dfsg-6+deb9u5.debian.tar.xz
 2bb046d38c6d176249b9faba8578ee458ce2e012 276060 qemu-block-extra-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb
 15061b0a968f84e910391246697ffa138adebc86 105362 qemu-block-extra_2.8+dfsg-6+deb9u5_amd64.deb
 4c29681c0248affe9784649493869a7a6b1b1c00 771368 qemu-guest-agent-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb
 48d4cd0816ed6560f73e2df2b436a37ee2f7d3fe 314908 qemu-guest-agent_2.8+dfsg-6+deb9u5_amd64.deb
 dc30f657ff3fae27899a50d65e0ffbeca0429fce 66802 qemu-kvm_2.8+dfsg-6+deb9u5_amd64.deb
 710b232915152ba891b7fb06ab69c73a94514c8c 33553014 qemu-system-arm-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb
 26ba135064c64507e1f6aa94fefa161b0720436a 5246398 qemu-system-arm_2.8+dfsg-6+deb9u5_amd64.deb
 dae8fa6d5c94b1463d58a925d78279e857d10641 329706 qemu-system-common-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb
 3ca4b1bab999da34a81934783465006e361c6405 501926 qemu-system-common_2.8+dfsg-6+deb9u5_amd64.deb
 9e12e831caf035ad458b41209461708ed66d4f46 57946296 qemu-system-mips-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb
 3f96cdeb30073fcb5d32ab78410293292d471961 8966598 qemu-system-mips_2.8+dfsg-6+deb9u5_amd64.deb
 f4d036baf924c1843222b25a41f0baa8a5f0b1af 151490148 qemu-system-misc-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb
 0a468335fe5e6daaaee2f87ae2c65497b89c2606 13482042 qemu-system-misc_2.8+dfsg-6+deb9u5_amd64.deb
 fba85e85b6504dbe64e41799a55a09c4fb8193c1 44801268 qemu-system-ppc-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb
 c86fe11d348eccce2e5b78be4048f2cdcec4f585 7042832 qemu-system-ppc_2.8+dfsg-6+deb9u5_amd64.deb
 ac5190c581f28dd164be2d828aaf8bce8c9a3c61 22557400 qemu-system-sparc-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb
 90e32e45c805d70fd6f7e57e38186af7ade46e68 2570714 qemu-system-sparc_2.8+dfsg-6+deb9u5_amd64.deb
 6f7aa0ef8c59a362932d4dfb184ad932e3cb76fb 31965916 qemu-system-x86-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb
 eb10aff3207d6967fae13e9c3c996ec5b156eafe 4817648 qemu-system-x86_2.8+dfsg-6+deb9u5_amd64.deb
 a57691dbea42346b6bb40169cdbbeb5cd3d6154a 65838 qemu-system_2.8+dfsg-6+deb9u5_amd64.deb
 e2d7d4c746f2a6b74c2993cbefc536fb2bf1a511 2588 qemu-user-binfmt_2.8+dfsg-6+deb9u5_amd64.deb
 efe854f09281a0df4dbe84357de527661138f8c7 80474330 qemu-user-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb
 d526f35ef4e90561a4f7a02a16e70e8849533fe7 88262500 qemu-user-static-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb
 42754002d1bff2c9855b9f22b85a9968144a09c0 8993782 qemu-user-static_2.8+dfsg-6+deb9u5_amd64.deb
 07da425ef2a22200d10d32bc775275e88f3f0fd3 7943388 qemu-user_2.8+dfsg-6+deb9u5_amd64.deb
 8e9f79e6f795857cff30ecf0d91ba971042e1cce 9734148 qemu-utils-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb
 30c2647917b3fccf67d95b51ee0a1a2e2d1dcc6e 985494 qemu-utils_2.8+dfsg-6+deb9u5_amd64.deb
 8d07e437c28a4dcc685868e3d57f0e99e755cd4a 21852 qemu_2.8+dfsg-6+deb9u5_amd64.buildinfo
 f1928a0766236e80c7a8f599d84761d73901132d 150722 qemu_2.8+dfsg-6+deb9u5_amd64.deb
Checksums-Sha256:
 b1a3c690559f354ff17974f6c76a56158af9176ce977bfe720edc15d09073cac 5904 qemu_2.8+dfsg-6+deb9u5.dsc
 fb2939f9153f36d5943a5b37f931c3b8ec3b93a94643df304b083dd27bcceebd 153452 qemu_2.8+dfsg-6+deb9u5.debian.tar.xz
 273efb5b6ef481fddc5bd810c0f2ffd88497f4e669f57910e05afcc55043788a 276060 qemu-block-extra-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb
 bd2b9d014785bd73351bb0fa82c8ebdd61d6c10cc80352bc2b4c3ad8ea760b20 105362 qemu-block-extra_2.8+dfsg-6+deb9u5_amd64.deb
 d21411c724e98bb4ec4654fc3038d0ba18fc1b9b0f16c7cf11dac149b4abd2e6 771368 qemu-guest-agent-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb
 7a910f7ac850e3265edab430403784d0147d0754da43589910dfe0898c60e478 314908 qemu-guest-agent_2.8+dfsg-6+deb9u5_amd64.deb
 5a18146677b5afee101d04f3ead629edf5a751b0eb6e6c67136bb7ba167a1133 66802 qemu-kvm_2.8+dfsg-6+deb9u5_amd64.deb
 3aa7cd2daecee80fa559c27fb6991f00b99bd9330624d55d92b895adcd1a654b 33553014 qemu-system-arm-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb
 a1ed26cf9702e234080715d3af8bfe9553d29da85e85866bd9fa589f3dac726f 5246398 qemu-system-arm_2.8+dfsg-6+deb9u5_amd64.deb
 8270294b01dbbe90dcd268acbb2a02eaf65488e92c9762c424f6cc0989c5bc3c 329706 qemu-system-common-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb
 d5d69c5e26489b3e29679767c1095cd7a157afcaae7ce057faffd0b3dae42bbb 501926 qemu-system-common_2.8+dfsg-6+deb9u5_amd64.deb
 fab544ae0c40190310b6b29aba6f7e37a4b68579945d8570a55f760053653381 57946296 qemu-system-mips-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb
 07b8a6c8b7cb056fa6cc7075738168243f7e1c50e7dae58c7245b2ed9b277151 8966598 qemu-system-mips_2.8+dfsg-6+deb9u5_amd64.deb
 1df303a274e7e5db427c8c0fb75e249675710881e37d29b7bbed22f538bfb324 151490148 qemu-system-misc-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb
 9b34fb1dcfbfe3cc516c697f1ba1025657537221398a9aabf698a3b36d064a5c 13482042 qemu-system-misc_2.8+dfsg-6+deb9u5_amd64.deb
 c22f89669d247e747b31ab3bb52bcdbd069516b768485e37ebfe1a5a1c1c8748 44801268 qemu-system-ppc-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb
 f52d693ae25c96a1474d9eadc266f61f0ce07bcf551d4d9037682e077b7d55ac 7042832 qemu-system-ppc_2.8+dfsg-6+deb9u5_amd64.deb
 545023f1c32819b47fbf438baec9414c81be2bd61a5eebc26b9389763be6af50 22557400 qemu-system-sparc-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb
 4c6c41dede804fba57895eecb38481d8648dffd1369b03c83a151d60e5bd6e6d 2570714 qemu-system-sparc_2.8+dfsg-6+deb9u5_amd64.deb
 0f236fe193201f945a9e3dbc5fd2fe75f8f6cf18dc8e70564095a8f1a552bdbf 31965916 qemu-system-x86-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb
 7cfc566926a1dc2dc01a852f9c5ddf1b449528a251f2d07bf192c75e4356f573 4817648 qemu-system-x86_2.8+dfsg-6+deb9u5_amd64.deb
 3be6db453b4ef89a768f3371fc40f6183ce901bf2252b106c71c8516709da952 65838 qemu-system_2.8+dfsg-6+deb9u5_amd64.deb
 32cad4078787808803e10041d15f1f0d7feba25cd79bfb6b848816a93b6aa842 2588 qemu-user-binfmt_2.8+dfsg-6+deb9u5_amd64.deb
 ad998e3bafa9d22c42b3667c9bb1eabe0f5a008d9863174662fad599dcab53f1 80474330 qemu-user-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb
 42cbe5bc16c4e3be112283feb6d107e717064598a9226e275f879097fadea4f3 88262500 qemu-user-static-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb
 1a8d04b3a30aad6eee8d54137da542b4991b4e492d37cd3046d4c7f39ff431ed 8993782 qemu-user-static_2.8+dfsg-6+deb9u5_amd64.deb
 f70c02e6c6dc2b5a2db6447cc45afc7360b835b4ec82e2bc263de7bdfcc4a66f 7943388 qemu-user_2.8+dfsg-6+deb9u5_amd64.deb
 5f4d54b003a60dc662a0861e5f03a10ee7550d5bc8ab40710a43f5e48679078b 9734148 qemu-utils-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb
 f4ae199b22bb57dc398a300434471ab0de7739ada0c91a0720810ac70e0fa701 985494 qemu-utils_2.8+dfsg-6+deb9u5_amd64.deb
 cedcebe6c10a80b69beb3118c0484cae938b58189009e83b88ad6d18a00e24c6 21852 qemu_2.8+dfsg-6+deb9u5_amd64.buildinfo
 f09e96992d934eb46496726c7305c09f9876b4993385ae58f9730e1e1c4aadb9 150722 qemu_2.8+dfsg-6+deb9u5_amd64.deb
Files:
 4d4992814e4a14c53490dcdff6ca0678 5904 otherosfs optional qemu_2.8+dfsg-6+deb9u5.dsc
 ef9b3b8adcb621e0fc7c424dfa4ba26f 153452 otherosfs optional qemu_2.8+dfsg-6+deb9u5.debian.tar.xz
 51759a18ee1760d27dbfa878022c0207 276060 debug extra qemu-block-extra-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb
 250b55f1c7d716816b7a8e857606df25 105362 otherosfs optional qemu-block-extra_2.8+dfsg-6+deb9u5_amd64.deb
 1bac8db36c1f174e17297bee7620fe7a 771368 debug extra qemu-guest-agent-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb
 ad7a3b5ae9b54c709f4e25a46660997d 314908 otherosfs optional qemu-guest-agent_2.8+dfsg-6+deb9u5_amd64.deb
 f4252d4164d5999a22c0930fed5604d1 66802 otherosfs optional qemu-kvm_2.8+dfsg-6+deb9u5_amd64.deb
 8b40857666c802bfe6bc1de96a898a65 33553014 debug extra qemu-system-arm-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb
 eeef897e68ab03a521f004dc8ff48b3b 5246398 otherosfs optional qemu-system-arm_2.8+dfsg-6+deb9u5_amd64.deb
 e414abc3be32d382fdd6a8dc314727d6 329706 debug extra qemu-system-common-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb
 d764eec055138aade027dd3a9948d275 501926 otherosfs optional qemu-system-common_2.8+dfsg-6+deb9u5_amd64.deb
 ea0eb531ecdc9a521a32b67024c004b4 57946296 debug extra qemu-system-mips-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb
 2553b28cc3a48c42b4ed6ebedc1771be 8966598 otherosfs optional qemu-system-mips_2.8+dfsg-6+deb9u5_amd64.deb
 1d6eae01d21aead15c45171880454dc8 151490148 debug extra qemu-system-misc-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb
 432bbd8f229424ff4bb4204a8ceee01b 13482042 otherosfs optional qemu-system-misc_2.8+dfsg-6+deb9u5_amd64.deb
 4731599e5a87cd38da088fd3219a692c 44801268 debug extra qemu-system-ppc-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb
 562c4cb8203fbdc735ab1723120faae3 7042832 otherosfs optional qemu-system-ppc_2.8+dfsg-6+deb9u5_amd64.deb
 7ab5fd5eb22dcec82e8289e3047af336 22557400 debug extra qemu-system-sparc-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb
 9d17f54295541bc8d57b376115a14332 2570714 otherosfs optional qemu-system-sparc_2.8+dfsg-6+deb9u5_amd64.deb
 fa5695b12a0ae496c2f98c6270c355ab 31965916 debug extra qemu-system-x86-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb
 2e96ae6d2e68b7de1adbc63291abff92 4817648 otherosfs optional qemu-system-x86_2.8+dfsg-6+deb9u5_amd64.deb
 fc2f16f85401d1871df2c88a12305a58 65838 otherosfs optional qemu-system_2.8+dfsg-6+deb9u5_amd64.deb
 f9e33ecbc76d82054a89c3ea377f42ba 2588 otherosfs optional qemu-user-binfmt_2.8+dfsg-6+deb9u5_amd64.deb
 277dd67abae18e1382d1501e2339cdc3 80474330 debug extra qemu-user-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb
 5b0a018204695e766d64543f2b9bc3a4 88262500 debug extra qemu-user-static-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb
 a26a2fb922219beb0074529a4b8464a5 8993782 otherosfs optional qemu-user-static_2.8+dfsg-6+deb9u5_amd64.deb
 4abe16b99e363731e1a3ac557a7e2d4a 7943388 otherosfs optional qemu-user_2.8+dfsg-6+deb9u5_amd64.deb
 719489e5767390de311d8011ed71904c 9734148 debug extra qemu-utils-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb
 21b82d68d2daff059586c9b4edb46438 985494 otherosfs optional qemu-utils_2.8+dfsg-6+deb9u5_amd64.deb
 7e171c409f2b6b091bb9aba3cad9c501 21852 otherosfs optional qemu_2.8+dfsg-6+deb9u5_amd64.buildinfo
 e9d9bda65fcd91b139afded2dff949b0 150722 otherosfs optional qemu_2.8+dfsg-6+deb9u5_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlvls8gACgkQEMKTtsN8
TjagqBAAknGc2eR71HcWqmVqX+k9OzmMPgqERuRB8oRRzK42iVlqBptb4kaaC49B
rTT+OpXKzUlN6m+klV+fs4axQM3dZDPbJe2W0zBzIPV3zZxsUtbacmBuDKhU7SJO
7KhCWaaStC4gcWPz7nunyv4BuxKWYLcQZHd32YG5nBvDYgnOaiR7DE0pPlF/Ehiv
+y/g1AHR3siWmEeLlFpKFv7yZjFpWbTgUenm4qQ1/Xs5i+S7AY+ZuNnEa+pekGeM
qaoZWX4PsphJ67ZNzhuyb92VaUaJg2JFIctxvdp4nMjgg94vupY+TV05hMJ8aDrL
nakIlDe3K/iy6EAr04FGYv+/TMXMmcIH8FksXRSoaBV0yhszn1aD6+TOzbPb2HKt
N6X5e/h7GFXA7DKCjQuMwDUT5+S1/e8qJJu+BCfz+9gDEDnlBIjQZoDlKUQE5y/2
MENFINcELZgmIT8b+vGJv4mdjN1BxUc54zRD60L5jy+RN4xyy4MX/9rd3/s+msz2
8V3zuSwDvDZ+vOh4Ij0CLIzHrblUyxGjsiwNfKD3bFr2EbQxaCVXcKOVwqc+vypJ
m19FY1XtcNTgAVxyt6LOZ3uZdVtzghqylzOkWaGPXU5SADnRrNy+2IDZ6oJdpYyv
sT6i2gpGnWUnqWxzv5ec7tlBbUDPCHKZLNCCx2pKfioYlqw1Fyo=
=fcYL
-----END PGP SIGNATURE-----

Message #19 received at 911469-close@bugs.debian.org (full text, mbox, reply):

From: Michael Tokarev <mjt@tls.msk.ru>

To: 911469-close@bugs.debian.org

Subject: Bug#911469: fixed in qemu 1:3.1+dfsg-1

Date: Wed, 12 Dec 2018 09:16:37 +0000

Source: qemu
Source-Version: 1:3.1+dfsg-1

We believe that the bug you reported is fixed in the latest version of
qemu, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 911469@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Tokarev <mjt@tls.msk.ru> (supplier of updated qemu package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 02 Dec 2018 19:10:27 +0300
Source: qemu
Binary: qemu qemu-system qemu-block-extra qemu-system-data qemu-system-common qemu-system-gui qemu-system-misc qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc qemu-system-x86 qemu-user qemu-user-static qemu-user-binfmt qemu-utils qemu-guest-agent qemu-kvm
Architecture: source
Version: 1:3.1+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>
Changed-By: Michael Tokarev <mjt@tls.msk.ru>
Description:
 qemu       - fast processor emulator, dummy package
 qemu-block-extra - extra block backend modules for qemu-system and qemu-utils
 qemu-guest-agent - Guest-side qemu-system agent
 qemu-kvm   - QEMU Full virtualization on x86 hardware
 qemu-system - QEMU full system emulation binaries
 qemu-system-arm - QEMU full system emulation binaries (arm)
 qemu-system-common - QEMU full system emulation binaries (common files)
 qemu-system-data - QEMU full system emulation (data files)
 qemu-system-gui - QEMU full system emulation binaries (user interface and audio sup
 qemu-system-mips - QEMU full system emulation binaries (mips)
 qemu-system-misc - QEMU full system emulation binaries (miscellaneous)
 qemu-system-ppc - QEMU full system emulation binaries (ppc)
 qemu-system-sparc - QEMU full system emulation binaries (sparc)
 qemu-system-x86 - QEMU full system emulation binaries (x86)
 qemu-user  - QEMU user mode emulation binaries
 qemu-user-binfmt - QEMU user mode binfmt registration for qemu-user
 qemu-user-static - QEMU user mode emulation binaries (static version)
 qemu-utils - QEMU utilities
Closes: 795486 813658 901017 902501 902725 907500 908682 910431 911468 911469 911470 911499 912535 914599 914604 914727 915884
Changes:
 qemu (1:3.1+dfsg-1) unstable; urgency=medium
 .
   * new upstream release (3.1)
   * Security bugs fixed by upstream:
     Closes: #910431, CVE-2018-10839:
      integer overflow leads to buffer overflow issue
     Closes: #911468, CVE-2018-17962
      pcnet: integer overflow leads to buffer overflow
     Closes: #911469, CVE-2018-17963
      net: ignore packets with large size
     Closes: #908682, CVE-2018-3639
      qemu should be able to pass the ssbd cpu flag
     Closes: #901017, CVE-2018-11806
      m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow
      via incoming fragmented datagrams
     Closes: #902725, CVE-2018-12617
      qmp_guest_file_read in qemu-ga has an integer overflow
     Closes: #907500, CVE-2018-15746
      qemu-seccomp might allow local OS guest users to cause a denial of service
     Closes: #915884, CVE-2018-16867
      dev-mtp: path traversal in usb_mtp_write_data of the MTP
     Closes: #911499, CVE-2018-17958
      Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c
      because an incorrect integer data type is used
     Closes: #911470, CVE-2018-18438
      integer overflows because IOReadHandler and its associated functions
      use a signed integer data type for a size value
     Closes: #912535, CVE-2018-18849
      lsi53c895a: OOB msg buffer access leads to DoS
     Closes: #914604, CVE-2018-18954
      pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu before 3.1
      allows out-of-bounds write or read access to PowerNV memory
     Closes: #914599, CVE-2018-19364
      Use-after-free due to race condition while updating fid path
     Closes: #914727, CVE-2018-19489
      9pfs: crash due to race condition in renaming files
   * remove patches which were applied upstream
   * add new manpage qemu-cpu-models.7
   * qemu-system-ppcemb is gone, use qemu-system-ppc[64]
   * do-not-link-everything-with-xen.patch (trivial)
   * get-orig-source: handle 3.x and 4.x, and remove roms again, as
     upstream wants us to use separate source packages for that stuff
   * move generated data from qemu-system-data back to qemu-system-common
   * d/control: enable spice on arm64 (Closes: #902501)
     (probably should enable on all)
   * d/control: change git@salsa urls to https
   * add qemu-guest-agent.service (Closes: #795486)
   * enable opengl support and virglrenderer (Closes: #813658)
   * simplify d/rules just a little bit
   * build-depend on libudev-dev, for qga
Checksums-Sha1:
 a65a31436ea02a77c21bff8f7afa02ae05938a26 5967 qemu_3.1+dfsg-1.dsc
 b6a6c31d146b13e14af253d6dc25f16ccad7d060 8705368 qemu_3.1+dfsg.orig.tar.xz
 a07b0298ac2fe6be7ee5e9540fd6fc6d9c1b20ee 72160 qemu_3.1+dfsg-1.debian.tar.xz
 2233f07915fcbb0daa421fca2674a139941f832b 16084 qemu_3.1+dfsg-1_source.buildinfo
Checksums-Sha256:
 c1b9ec8e25ff07877505291d8c0ef235f7b81117a9a706bdf76deba857c09484 5967 qemu_3.1+dfsg-1.dsc
 2f277942759dd3eed21f7e00edfeab52b4f58d6f2f22d4f7e1a8aa4dc54c80d7 8705368 qemu_3.1+dfsg.orig.tar.xz
 62ccd57796c3a43d99aac37ffac4b24b7188216f719ff50b0e1ce84f058ccca5 72160 qemu_3.1+dfsg-1.debian.tar.xz
 4f53f5acac8637a3716dbd1ea4380d7c08a8c1d15a1de581095963b1e76b560b 16084 qemu_3.1+dfsg-1_source.buildinfo
Files:
 059657635379ae27ba846df240e16b54 5967 otherosfs optional qemu_3.1+dfsg-1.dsc
 b17f33786c89d547150490811a40f0b2 8705368 otherosfs optional qemu_3.1+dfsg.orig.tar.xz
 62ef7391f798ccbd2b4d5f7928033522 72160 otherosfs optional qemu_3.1+dfsg-1.debian.tar.xz
 13fd8a8bb95fc80a05de9f1cb33a50ce 16084 otherosfs optional qemu_3.1+dfsg-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQFDBAEBCAAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAlwQzGwPHG1qdEB0bHMu
bXNrLnJ1AAoJEHAbT2saaT5Z+zUH/1AG3gTlCfodSE7V0FW8268LUMpsJS7mpZ/p
4K8GUdAXtH6TWN1n4vfbUeCaO+dJYHT2g0dTFqwKhJoLElhcCFH8F2pcVQPJfPQQ
YLYQIR/5Mijs+cHIpbzc7KO4Jj2umLOe0GZtEnmbXvBNGRf9/KImb8nRzSitVJSX
qlRSLsr5tLVIgBxGJynPCWYLzwAnvv6chSNBT7e/1vBvo87B1l3gL7ibRdIF3CFJ
s4mYqyYQvIwlEgOE1UKswSunQjcbjZY2ATy0DAxZw5E0ec8etX3cl/tCH8Hq6aSZ
lpDOsBZu/rRukrF3Rt7GSSPCsoLXwWUYa9mRnEsTBWzcw0pJKmc=
=1I7Y
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.