image format processing issues: lack of input validation

Debian Bug report logs - #742730
image format processing issues: lack of input validation

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Michael Tokarev <mjt@tls.msk.ru>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: image format processing issues: lack of input validation

Date: Wed, 26 Mar 2014 22:19:00 +0400

Package: qemu, qemu-kvm
Version: 1.1.2+dfsg-6
Severity: grave
Tags: security patch upstream

Several flaws were found in guest image format processing in qemu.

CVEs are as follows:
parallels: Sanity check for s->tracks (CVE-2014-0142)
parallels: Fix catalog size integer overflow (CVE-2014-0143)
qcow2: Check maximum L1 size in qcow2_snapshot_load_tmp() (CVE-2014-0143)
qcow2: Fix L1 allocation size in qcow2_snapshot_load_tmp() (CVE-2014-0145)
qcow2: Fix NULL dereference in qcow2_open() error path (CVE-2014-0146)
block: Limit request size (CVE-2014-0143)
dmg: prevent chunk buffer overflow (CVE-2014-0145)
dmg: sanitize chunk length and sectorcount (CVE-2014-0145)
qcow2: Fix new L1 table size check (CVE-2014-0143)
qcow2: Avoid integer overflow in get_refcount (CVE-2014-0143)
qcow2: Don't rely on free_cluster_index in alloc_refcount_block() (CVE-2014-0147)
qcow2: Validate active L1 table offset and size (CVE-2014-0144)
qcow2: Validate snapshot table offset/size (CVE-2014-0144)
qcow2: Check refcount table size (CVE-2014-0144)
qcow2: Check backing_file_offset (CVE-2014-0144)
qcow2: Check header_length (CVE-2014-0144)
curl: check data size before memcpy to local buffer.  (CVE-2014-0144)
vhdx: Bounds checking for block_size and logical_sector_size (CVE-2014-0148)
vdi: add bounds checks for blocks_in_image and disk_size header fields (CVE-2014-0144)
vpc: Validate block size (CVE-2014-0142)
vpc/vhd: add bounds check for max_table_entries and block_size (CVE-2014-0144)
bochs: Check extent_size header field (CVE-2014-0142)
bochs: Check catalog_size header field (CVE-2014-0143)
bochs: Use unsigned variables for offsets and sizes (CVE-2014-0147)
block/cloop: refuse images with bogus offsets (CVE-2014-0144)
block/cloop: refuse images with huge offsets arrays (CVE-2014-0144)
block/cloop: prevent offsets_size integer overflow (CVE-2014-0143)
block/cloop: validate block_size header field (CVE-2014-0144)

Upstream patches:
https://lists.gnu.org/archive/html/qemu-devel/2014-03/msg04994.html

Some of those issues affects wheezy and even squeeze versions of qemu
and qemu-kvm packages, and needs quite some backporting work.

Thanks,

/mjt

Message #10 received at 742730-close@bugs.debian.org (full text, mbox, reply):

From: Michael Tokarev <mjt@tls.msk.ru>

To: 742730-close@bugs.debian.org

Subject: Bug#742730: fixed in qemu 2.0.0~rc1+dfsg-1exp

Date: Sat, 05 Apr 2014 16:20:02 +0000

Source: qemu
Source-Version: 2.0.0~rc1+dfsg-1exp

We believe that the bug you reported is fixed in the latest version of
qemu, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 742730@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Tokarev <mjt@tls.msk.ru> (supplier of updated qemu package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 05 Apr 2014 16:23:48 +0400
Source: qemu
Binary: qemu qemu-keymaps qemu-system qemu-system-common qemu-system-misc qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc qemu-system-x86 qemu-user qemu-user-static qemu-utils qemu-guest-agent qemu-kvm
Architecture: source amd64 all
Version: 2.0.0~rc1+dfsg-1exp
Distribution: experimental
Urgency: low
Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>
Changed-By: Michael Tokarev <mjt@tls.msk.ru>
Description: 
 qemu       - fast processor emulator
 qemu-guest-agent - Guest-side qemu-system agent
 qemu-keymaps - QEMU keyboard maps
 qemu-kvm   - QEMU Full virtualization on x86 hardware (transitional package)
 qemu-system - QEMU full system emulation binaries
 qemu-system-arm - QEMU full system emulation binaries (arm)
 qemu-system-common - QEMU full system emulation binaries (common files)
 qemu-system-mips - QEMU full system emulation binaries (mips)
 qemu-system-misc - QEMU full system emulation binaries (miscelaneous)
 qemu-system-ppc - QEMU full system emulation binaries (ppc)
 qemu-system-sparc - QEMU full system emulation binaries (sparc)
 qemu-system-x86 - QEMU full system emulation binaries (x86)
 qemu-user  - QEMU user mode emulation binaries
 qemu-user-static - QEMU user mode emulation binaries (static version)
 qemu-utils - QEMU utilities
Closes: 714249 739589 742730 743235
Changes: 
 qemu (2.0.0~rc1+dfsg-1exp) experimental; urgency=low
 .
   * new upstream release candidate (2.0-rc1)
     Closes: #742730 -- image format processing issues
     Closes: #739589 -- migration format processing issues
     Closes: #743235
   * refreshed patches:
     02_kfreebsd.patch
     retry-pxe-after-efi.patch
     use-fixed-data-path.patch
   * removed patches applied upstream:
     qemu-1.7.1.diff
     address_space_translate-do-not-cross-page-boundaries.diff
     fix-smb-security-share.patch
     slirp-smb-redirect-port-445-too.patch
     implement-posix-timers.diff
     linux-user-fixed-s390x-clone-argument-order.patch
   * added bios-256k.bin symlink and bump seabios dependency to >= 1.7.4-2
   * recommend ovmf package for qemu-system-x86 to support UEFI boot
     (Closes: #714249)
   * switch from sdl1 to sdl2 (build-depend on libsdl2-dev)
   * output last 50 lines of config.log in case configure failed
Checksums-Sha1: 
 a4c5f268746fbf04286ac827a6710453fdd25ba5 3161 qemu_2.0.0~rc1+dfsg-1exp.dsc
 9a3f4a3a3793a07e599030662aad806e31fb8772 5017888 qemu_2.0.0~rc1+dfsg.orig.tar.xz
 dd4f20d050add89f84e94edbc0ad51982aedaac4 52496 qemu_2.0.0~rc1+dfsg-1exp.debian.tar.xz
 21bd5e082967ea428d93107970d8976e43aded50 206824 qemu_2.0.0~rc1+dfsg-1exp_amd64.deb
 feec15d31cda059e68b558b583d5802a7b14668a 57038 qemu-keymaps_2.0.0~rc1+dfsg-1exp_all.deb
 aaf79c69a0bf0deeca8c2e369383f2c9b86ef28a 45412 qemu-system_2.0.0~rc1+dfsg-1exp_amd64.deb
 cc30c0a4c079fccb4b26099464e3daa23f742996 190568 qemu-system-common_2.0.0~rc1+dfsg-1exp_amd64.deb
 8d7f7517e76ea8cb9e35dcd3fbc05c754aa84e2b 5358306 qemu-system-misc_2.0.0~rc1+dfsg-1exp_amd64.deb
 33122c9920df2bc0ee3fb14527863835955cc441 2231980 qemu-system-arm_2.0.0~rc1+dfsg-1exp_amd64.deb
 a02be625f4ce7c2d90d0e34cec018d363ee1fdd0 2764778 qemu-system-mips_2.0.0~rc1+dfsg-1exp_amd64.deb
 32ab4f232dd6645d95159ab48d1fc63f1ac7f7ec 2792682 qemu-system-ppc_2.0.0~rc1+dfsg-1exp_amd64.deb
 c13bbb5cde84d916fa42c10bc07a4072ff36de82 1645154 qemu-system-sparc_2.0.0~rc1+dfsg-1exp_amd64.deb
 be9f91cdcebd33622a37ff61d2ad892dc88af584 1986470 qemu-system-x86_2.0.0~rc1+dfsg-1exp_amd64.deb
 f8b71ba537034897ae4d14ee91b7a0d486284402 5390042 qemu-user_2.0.0~rc1+dfsg-1exp_amd64.deb
 c766d516d99b47784fbfecb24f79d71b77192a0e 7996052 qemu-user-static_2.0.0~rc1+dfsg-1exp_amd64.deb
 bfd8b98b78769dfc9c3615d9f822fa812698b713 460432 qemu-utils_2.0.0~rc1+dfsg-1exp_amd64.deb
 dc1821a396b28fe6452e626127987332b460ee25 131386 qemu-guest-agent_2.0.0~rc1+dfsg-1exp_amd64.deb
 a61c28baf60a353afa11d8f094233615b243ce30 46400 qemu-kvm_2.0.0~rc1+dfsg-1exp_amd64.deb
Checksums-Sha256: 
 705e9aef4fe868c68655626243591ec9287bc6c01c41a43c8ce53b6288dddac2 3161 qemu_2.0.0~rc1+dfsg-1exp.dsc
 075a04ac8e5e59e7017fb1b3c64ccf161b42d5f4c868f72a60cdf86de7962ed2 5017888 qemu_2.0.0~rc1+dfsg.orig.tar.xz
 3da3626dfae07da5d43cd98f63d0d1cbb5d3fc3b6618cada8ba85d583acc3a8e 52496 qemu_2.0.0~rc1+dfsg-1exp.debian.tar.xz
 d1d4a7e02e2f39bccf89bcdfd7842b1446a0c3e1513b933dc731c83b122d0b84 206824 qemu_2.0.0~rc1+dfsg-1exp_amd64.deb
 62bdf1d3650200dc56ae206d12f622dee0e3bafff66591767901f8217f3c3be3 57038 qemu-keymaps_2.0.0~rc1+dfsg-1exp_all.deb
 cdd97beb74a6561aea359f121b4ff779cc8881eced91cea5119afcef3258508d 45412 qemu-system_2.0.0~rc1+dfsg-1exp_amd64.deb
 87ba0e43b69eb715695eb3ef753cb7fc23c2cad71ff3b56c6a7f69c9889f124f 190568 qemu-system-common_2.0.0~rc1+dfsg-1exp_amd64.deb
 b1a7438144eed83c70c5989479874dd3ba2d1d9dab06e4e41160be92f2d6defb 5358306 qemu-system-misc_2.0.0~rc1+dfsg-1exp_amd64.deb
 19df76cac4548e1d2cdb4bb22737dcd5fc15f0f9049f02dc89483384fd15cab8 2231980 qemu-system-arm_2.0.0~rc1+dfsg-1exp_amd64.deb
 5ef25bee236c80862fc6592981de32307f083dd51d158be293d46e31036000ea 2764778 qemu-system-mips_2.0.0~rc1+dfsg-1exp_amd64.deb
 750430fcfc508f3f5d6f9b963dfb71ae1cde7fbeca23ecdad34e1fa203edaae3 2792682 qemu-system-ppc_2.0.0~rc1+dfsg-1exp_amd64.deb
 ac7ca2981d35c9e988558071bf412d00f4805e51254cb5add4c9993c8ce4d58e 1645154 qemu-system-sparc_2.0.0~rc1+dfsg-1exp_amd64.deb
 29ba8e5956f8ddf8ee983edd16a0e88cfb34a11c7a05855e3088654a988265d3 1986470 qemu-system-x86_2.0.0~rc1+dfsg-1exp_amd64.deb
 9d2552bdc2d1953a78383ac73e66babedd960ca8128f38eff1ec0195b6cfe066 5390042 qemu-user_2.0.0~rc1+dfsg-1exp_amd64.deb
 ab0df57d09c28880afb2ce546925e6579d6ab3fb733b9ee45e469a9a62711bbd 7996052 qemu-user-static_2.0.0~rc1+dfsg-1exp_amd64.deb
 ce24224c83fb50b7b95edf3f05bad721e38088ad8095a2398eaa7d7b686fb878 460432 qemu-utils_2.0.0~rc1+dfsg-1exp_amd64.deb
 b63240c1738c25295cbef9519ce8e7aeaea793cbfc3b73c595bdaf96b3e4ff4b 131386 qemu-guest-agent_2.0.0~rc1+dfsg-1exp_amd64.deb
 b3fa776d5f89cf07206f1a3cc31d59dcc0f9d0d67eee1d2fbd4a70380ece2942 46400 qemu-kvm_2.0.0~rc1+dfsg-1exp_amd64.deb
Files: 
 82b03d028024fa112aecba10d4d8e4af 3161 otherosfs optional qemu_2.0.0~rc1+dfsg-1exp.dsc
 db336863e3c0e14c2aa46e697ff881a8 5017888 otherosfs optional qemu_2.0.0~rc1+dfsg.orig.tar.xz
 156b398e68c43050d1a02f516ae8c394 52496 otherosfs optional qemu_2.0.0~rc1+dfsg-1exp.debian.tar.xz
 a343c02e703bf1a79db7fc6bb94e7cf4 206824 otherosfs optional qemu_2.0.0~rc1+dfsg-1exp_amd64.deb
 1e11ba4f68159b9ceafaeb298c3b7839 57038 otherosfs optional qemu-keymaps_2.0.0~rc1+dfsg-1exp_all.deb
 1fe3e9f407a721604853fb52b4559759 45412 otherosfs optional qemu-system_2.0.0~rc1+dfsg-1exp_amd64.deb
 4226c1720694e7c45978799758e8f7d9 190568 otherosfs optional qemu-system-common_2.0.0~rc1+dfsg-1exp_amd64.deb
 0282ba93e41c5a10c2cc3399611b6d6b 5358306 otherosfs optional qemu-system-misc_2.0.0~rc1+dfsg-1exp_amd64.deb
 2bcc2f254374d35abf9b3bd991477b44 2231980 otherosfs optional qemu-system-arm_2.0.0~rc1+dfsg-1exp_amd64.deb
 b341783c0bc982a2f859dafd235c5125 2764778 otherosfs optional qemu-system-mips_2.0.0~rc1+dfsg-1exp_amd64.deb
 974c420d9b578a8cc896d1d10b370be9 2792682 otherosfs optional qemu-system-ppc_2.0.0~rc1+dfsg-1exp_amd64.deb
 5035399e67103eecc39d7a47f4684cc2 1645154 otherosfs optional qemu-system-sparc_2.0.0~rc1+dfsg-1exp_amd64.deb
 3f10749fe472450b09538ef847655da1 1986470 otherosfs optional qemu-system-x86_2.0.0~rc1+dfsg-1exp_amd64.deb
 1b445d86a286db9e49d563576f656e87 5390042 otherosfs optional qemu-user_2.0.0~rc1+dfsg-1exp_amd64.deb
 c2156101bec56dffb495c1f266231806 7996052 otherosfs optional qemu-user-static_2.0.0~rc1+dfsg-1exp_amd64.deb
 6d361c9f0eb087be580a74b0022ee4a6 460432 otherosfs optional qemu-utils_2.0.0~rc1+dfsg-1exp_amd64.deb
 2c3c9dea19daf07f18b5ce2395ea577a 131386 otherosfs optional qemu-guest-agent_2.0.0~rc1+dfsg-1exp_amd64.deb
 6aede97e6bbe192ca4e3ad4f42cce52a 46400 otherosfs optional qemu-kvm_2.0.0~rc1+dfsg-1exp_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iJwEAQECAAYFAlNAKZMACgkQUlPFrXTwyDha1gQAic2dpwZBrigCn4P1vBuGJDfL
rVPjbZ2aj5fY813ZD8XBSnBWBIyM4w5rltm/K1vsWj6/0eLb7lrjbAkFLHgZ+AdA
pykcz11Z5U4Qa1fVr0IC80OxWgMPAhwTyt9goBt/9ygl6O99LSlO57XpVBmkWFvT
3u+i8bvpV9R6JcUMf+U=
=ZS3q
-----END PGP SIGNATURE-----

Message #17 received at 742730@bugs.debian.org (full text, mbox, reply):

From: Michael Tokarev <mjt@tls.msk.ru>

To: 742730@bugs.debian.org

Cc: team@security.debian.org

Subject: Re: Bug#742730: image format processing issues: lack of input validation

Date: Wed, 14 May 2014 12:04:39 +0400

Control: reopen -1

There are 2 more CVEs assigned to new issues found in qcow1 format processing.
Since there's the same set of isssues, and since the relevant bug has only
been closed for -testing anyway (and needs backporting to -stable and even
maybe -oldstable), I'm adding them here.

CVE-2014-0222 Qemu: qcow1: Validate L2 table size
  Too large L2 table sizes cause unbounded allocations. Images actually
  created by qemu-img only have 512 byte or 4k L2 tables.

  To keep things consistent with cluster sizes, allow ranges between 512
  bytes and 64k (in fact, down to 1 entry = 8 bytes is technically
  working, but L2 table sizes smaller than a cluster don't make a lot of
  sense).

  This also means that the number of bytes on the virtual disk that are
  described by the same L2 table is limited to at most 8k * 64k or 2^29,
  preventively avoiding any integer overflows.

  https://lists.gnu.org/archive/html/qemu-devel/2014-05/msg02155.html


CVE-2014-0223 Qemu: qcow1: Validate image size
  A huge image size could cause s->l1_size to overflow. Make sure that
  images never require a L1 table larger than what fits in s->l1_size.

  This cannot only cause unbounded allocations, but also the allocation of
  a too small L1 table, resulting in out-of-bounds array accesses (both
  reads and writes).

  https://lists.gnu.org/archive/html/qemu-devel/2014-05/msg02156.html

This is qcow1, which is old qemu image format which is very rarely used
nowadays (if at all), but we have other exotic formats in this bug too.

So, with this in place, proposed patches for wheezy needs to be reworked,
adding the new fixes.

Thanks,

/mjt

Message #26 received at 742730-close@bugs.debian.org (full text, mbox, reply):

From: Michael Tokarev <mjt@tls.msk.ru>

To: 742730-close@bugs.debian.org

Subject: Bug#742730: fixed in qemu 2.0.0+dfsg-6

Date: Fri, 23 May 2014 09:24:09 +0000

Source: qemu
Source-Version: 2.0.0+dfsg-6

We believe that the bug you reported is fixed in the latest version of
qemu, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 742730@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Tokarev <mjt@tls.msk.ru> (supplier of updated qemu package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 23 May 2014 12:12:38 +0400
Source: qemu
Binary: qemu qemu-keymaps qemu-system qemu-system-common qemu-system-misc qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc qemu-system-x86 qemu-user qemu-user-static qemu-user-binfmt qemu-utils qemu-guest-agent qemu-kvm
Architecture: source amd64 all
Version: 2.0.0+dfsg-6
Distribution: unstable
Urgency: medium
Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>
Changed-By: Michael Tokarev <mjt@tls.msk.ru>
Description: 
 qemu       - fast processor emulator
 qemu-guest-agent - Guest-side qemu-system agent
 qemu-keymaps - QEMU keyboard maps
 qemu-kvm   - QEMU Full virtualization on x86 hardware
 qemu-system - QEMU full system emulation binaries
 qemu-system-arm - QEMU full system emulation binaries (arm)
 qemu-system-common - QEMU full system emulation binaries (common files)
 qemu-system-mips - QEMU full system emulation binaries (mips)
 qemu-system-misc - QEMU full system emulation binaries (miscelaneous)
 qemu-system-ppc - QEMU full system emulation binaries (ppc)
 qemu-system-sparc - QEMU full system emulation binaries (sparc)
 qemu-system-x86 - QEMU full system emulation binaries (x86)
 qemu-user  - QEMU user mode emulation binaries
 qemu-user-binfmt - QEMU user mode binfmt registration
 qemu-user-static - QEMU user mode emulation binaries (static version)
 qemu-utils - QEMU utilities
Closes: 742730
Changes: 
 qemu (2.0.0+dfsg-6) unstable; urgency=medium
 .
   * build-depend on libgnutls28-dev not libgnutls-dev
   * added qcow1 block format validation patches from upstream:
    block-fmt-validation/qcow1-check-maximum-cluster-size.patch
    block-fmt-validation/qcow1-stricter-backing-file-length-check.patch
    block-fmt-validation/qcow1-validate-image-size-CVE-2014-0223.patch
    block-fmt-validation/qcow1-validate-L2-table-size-CVE-2014-0222.patch
     (Finally closes: #742730, CVE-2014-0222, CVE-2014-0223)
Checksums-Sha1: 
 56bc8a119ff12068332b310c5bac75d8c9ea2e4e 5162 qemu_2.0.0+dfsg-6.dsc
 abd880edd7550c9bf8d9f48d54c0c07511f50e02 61380 qemu_2.0.0+dfsg-6.debian.tar.xz
 fcd85db2319317cac6b0d2871c8306122cdf7ddb 208068 qemu_2.0.0+dfsg-6_amd64.deb
 134324cc9ff0261b88249419b91278e51b1f9b24 58232 qemu-keymaps_2.0.0+dfsg-6_all.deb
 95161d6cd5a009ff5efa5d9632f16cbb84dc6216 46596 qemu-system_2.0.0+dfsg-6_amd64.deb
 66555c390a830920134e78890229ba15a380cc3b 192272 qemu-system-common_2.0.0+dfsg-6_amd64.deb
 90da0c603a7b543032cafa7299489653a0749c2d 5409580 qemu-system-misc_2.0.0+dfsg-6_amd64.deb
 325422dd59d20efebc695d6f5aa7faf5b01ba7cc 2237998 qemu-system-arm_2.0.0+dfsg-6_amd64.deb
 bb818bbeec79b631cb86239fc09d70db4e8ea56a 2771934 qemu-system-mips_2.0.0+dfsg-6_amd64.deb
 1d5d125a72ce41d9812a158f7fbce0fc48e58254 2801530 qemu-system-ppc_2.0.0+dfsg-6_amd64.deb
 fd561ae1997c945583a71808d651b6b5a751adc6 1648776 qemu-system-sparc_2.0.0+dfsg-6_amd64.deb
 cfc09c19767d16a88ca891b3fb8138b22ca079c3 1992620 qemu-system-x86_2.0.0+dfsg-6_amd64.deb
 3773b4f3bef81896db715897a15a84a97ac549a4 5397310 qemu-user_2.0.0+dfsg-6_amd64.deb
 cfbe1bb0451a060f2cf910280029c5ec5c4ff532 7998258 qemu-user-static_2.0.0+dfsg-6_amd64.deb
 03e7c334b5ee834b68d3b67d8c8b790c59c1b8b6 2504 qemu-user-binfmt_2.0.0+dfsg-6_amd64.deb
 465947c14e1fc2a361525cffb7503ed476f8fe25 461538 qemu-utils_2.0.0+dfsg-6_amd64.deb
 b57de41793ed57e2f01fc6d26b22430c3772be53 133042 qemu-guest-agent_2.0.0+dfsg-6_amd64.deb
 2521802e9ded7644427c594d30bbd6853f76e8c1 47620 qemu-kvm_2.0.0+dfsg-6_amd64.deb
Checksums-Sha256: 
 2cfa8f6e36766b04877b896c6eb400a10c0654c811f9d2380afea9ddcdd4577b 5162 qemu_2.0.0+dfsg-6.dsc
 79561229edc424363b76846eb58b1f761d71fdc0dd0c314b5abcb3335af8ff09 61380 qemu_2.0.0+dfsg-6.debian.tar.xz
 4daced3a133c93a65d937efad3f258dbfbce9c3d1795bc56ba8038e64bc3721e 208068 qemu_2.0.0+dfsg-6_amd64.deb
 2e0ddb2f1851e8e91f90f0ef34e720fcaa202775b9b91c6bdfe28b57b7a30354 58232 qemu-keymaps_2.0.0+dfsg-6_all.deb
 688821afe8f8d46b94ccf3451817001a530af91b07a7e965e4277a75052c000e 46596 qemu-system_2.0.0+dfsg-6_amd64.deb
 9997e4d1167b22ee4c18656136e681007f70143c5c9262199bd545fc490f896d 192272 qemu-system-common_2.0.0+dfsg-6_amd64.deb
 7abc9a3f27a5277ee26732092025cc4a9734d88c21d20f6e7701ba3c40380f55 5409580 qemu-system-misc_2.0.0+dfsg-6_amd64.deb
 3ff8751bd11f09c62403c2c59aae80eac0d89d9462ee71ee05a849a529f2fe1b 2237998 qemu-system-arm_2.0.0+dfsg-6_amd64.deb
 ceeb249f0fb27073e061aecaeba5dc4c62b44d8e3d6103f9b6a787145658cf89 2771934 qemu-system-mips_2.0.0+dfsg-6_amd64.deb
 4b785de6f674c2668bafd9b23d561f00513d4ad21c7046f18cfc1a1eed436122 2801530 qemu-system-ppc_2.0.0+dfsg-6_amd64.deb
 ae9cf29dd0a908e710ed09e29f2ab9f06fdb7383e9b3d02c84ab3c05a3f82057 1648776 qemu-system-sparc_2.0.0+dfsg-6_amd64.deb
 a123d5015302d032a83e60b336d07655bbe303192012e976f0853ce90a1be1e7 1992620 qemu-system-x86_2.0.0+dfsg-6_amd64.deb
 4e91aed0b5201c91ead060cd996f9c51fcf02258c038df7ad59e3d77217ac840 5397310 qemu-user_2.0.0+dfsg-6_amd64.deb
 9b1b8f9368491375b6c02efff0c133fd98902c95024ffaa14b76e16dad1f395f 7998258 qemu-user-static_2.0.0+dfsg-6_amd64.deb
 9cc91c63c0b940b28d195b6d7e77ea3301d87d077d0be450f6d2226995ef96f5 2504 qemu-user-binfmt_2.0.0+dfsg-6_amd64.deb
 406ae926b817ab24b5e676bacce01ddd029448fc133273319b051db8cd76309f 461538 qemu-utils_2.0.0+dfsg-6_amd64.deb
 12e068d50024b073a50d2a086f4fc1a3ada74031f8d596d26e5eb22cd9c59fe4 133042 qemu-guest-agent_2.0.0+dfsg-6_amd64.deb
 da3f46e2a0c490e36e4498d23527babc12ded374a16985ebcf92770a3aa47504 47620 qemu-kvm_2.0.0+dfsg-6_amd64.deb
Files: 
 9850ea1cf549b733f3fb527477d340b7 208068 otherosfs optional qemu_2.0.0+dfsg-6_amd64.deb
 a51997ceede01c04b0db6690ffb4fe46 58232 otherosfs optional qemu-keymaps_2.0.0+dfsg-6_all.deb
 feb8b59f6abf5bbacfdd08d244997d3a 46596 otherosfs optional qemu-system_2.0.0+dfsg-6_amd64.deb
 ad968232f8d2f117e327bb7d1a5b9234 192272 otherosfs optional qemu-system-common_2.0.0+dfsg-6_amd64.deb
 d88871175e6b5b44968fabbd80ae44fc 5409580 otherosfs optional qemu-system-misc_2.0.0+dfsg-6_amd64.deb
 ee19a0efe45872485ab434e0d7c2ef9a 2237998 otherosfs optional qemu-system-arm_2.0.0+dfsg-6_amd64.deb
 6c009f03eb24b6a2520580898c4eeffe 2771934 otherosfs optional qemu-system-mips_2.0.0+dfsg-6_amd64.deb
 0996844d95be8c4d83578f19667e1d47 2801530 otherosfs optional qemu-system-ppc_2.0.0+dfsg-6_amd64.deb
 741878b2908814fc2ce21d3c1152b9cd 1648776 otherosfs optional qemu-system-sparc_2.0.0+dfsg-6_amd64.deb
 6397c3c360970161c6fdcc0289e0eb9d 1992620 otherosfs optional qemu-system-x86_2.0.0+dfsg-6_amd64.deb
 9f5eb0b448929397de27ee750148240a 5397310 otherosfs optional qemu-user_2.0.0+dfsg-6_amd64.deb
 b8fa8729ed3ec018b61da1af7c9dc884 7998258 otherosfs optional qemu-user-static_2.0.0+dfsg-6_amd64.deb
 54a45150545e396d36bf7da5c7bf873e 2504 otherosfs optional qemu-user-binfmt_2.0.0+dfsg-6_amd64.deb
 a768dce0a44a9a19fa61f8ddac2ea5e4 461538 otherosfs optional qemu-utils_2.0.0+dfsg-6_amd64.deb
 4e5223ef4b9a30099b4e661f6a86d14c 133042 otherosfs optional qemu-guest-agent_2.0.0+dfsg-6_amd64.deb
 2d5a6d90d42ebd8f731b90aed6bd4c06 47620 otherosfs optional qemu-kvm_2.0.0+dfsg-6_amd64.deb
 25d3bd522e34f92e866f089c649fa9cb 5162 otherosfs optional qemu_2.0.0+dfsg-6.dsc
 345deba121b6911f7a340b5ad899e020 61380 otherosfs optional qemu_2.0.0+dfsg-6.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJTfwPXAAoJEL7lnXSkw9fbDvIH/R9BkYdparl4RONj7Oe7oZub
o32ZTRNOrn5vlXRIPuETRTZ3sflSj5AObHCKdE3kRhX+3JKqXmEFFmfgQHcMChHQ
6DiVJ52XITTxmePUbCUvAVRjEecX1LFYWTxe36D2fa7LfIacRlsmjWs1RxdfA6Lh
woAVKufttw0iEFR0UB7ZJbRBn7s77QszGs5bmABJvd19b3Nx5aT+FDbDBT7nUtSB
/upS1uSsVFjVct2Db7duMfTyBEJB6bKdDcU6CxJXvcw2lnJrkV1tSRW6kF+UFD9W
a/hdas5T9+fLDx/MwJx8/1a0cw/tmsoKvkAF0Vx/dOg2/uT/qiId/GZIYcsGzrQ=
=pYHz
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.