Debian
qemu package

Change logs for qemu source package in Bullseye

  1. Bullseye (11)
  2. Change log 
  • qemu (1:5.2+dfsg-11+deb11u3) bullseye; urgency=medium

  * CVE-2021-20196 (Closes: #984453)
  * CVE-2023-0330 (Closes: #1029155)
  * CVE-2023-1544 (Closes: #1034179)
  * CVE-2023-3354
  * CVE-2021-3930
  * CVE-2023-3180
  * CVE-2021-20203 (Closes: #984452)
  * CVE-2021-3507 (Closes: #987410)
  * CVE-2020-14394 (Closes: #979677)
  * CVE-2023-3301
  * CVE-2022-0216 (Closes: #1014590)

 -- Moritz Mühlenhoff <email address hidden>  Mon, 04 Sep 2023 16:11:35 +0200
  • qemu (1:5.2+dfsg-11+deb11u2) bullseye-security; urgency=medium

  * virtio-net-fix-map-leaking-on-error-during-receive-CVE-2022-26353.patch
    fix memory leak after fix for CVE-2021-3748
  * vhost-vsock-detach-the-virqueue-element-on-error-CVE-2022-26354.patch
    vhost-sock device was not detaching invalid element from
    the virtqueue on error
  * ui-cursor-fix-integer-overflow-in-cursor_alloc-CVE-2021-4206.patch,
    display-qxl-render-fix-race-condition-in-qxl_cursor-CVE-2021-4207.patch
    two flaws can lead to allocation of small cursor object followed by a
    subsequent heap-based buffer overflow with a potential for executing
    arbitrary code within the context of QEMU process
  * virtiofsd-drop-membership-of-all-supplementary-group-CVE-2022-0358.patch
    potential group escalation allowed by virtiofsd

 -- Michael Tokarev <email address hidden>  Wed, 04 May 2022 22:50:01 +0300
  • qemu (1:5.2+dfsg-11+deb11u1) bullseye-security; urgency=medium

  [ Michael Tokarev ]
  * usbredir-fix-free-call-CVE-2021-3682.patch
    Closes: #991911, CVE-2021-3682: wrong free in usbredir in bufp_alloc()
  * uas-add-stream-number-sanity-checks-CVE-2021-3713.patch
    Closes: #992727, CVE-2021-3713: an OOB write to UASDevice fields
     in UAS device emulation code
  * virtio-net-fix-use-after-unmap-free-for-sg-CVE-2021-3748.patch
    Closes: #993401, CVE-2021-3748: use-after-free in virtio_net_receive_rcu
  * ati_2d-fix-buffer-overflow-in-ati_2d_blt-CVE-2021-3638.patch
    Closes: #992726, CVE-2021-3638:
     inconsistent check in ati_2d_blt() may lead to out-of-bounds write
  * vhost-user-gpu fixes from upstream, 7 patches:
     CVE-2021-3544: multiple memory leaks
     CVE-2021-3545: information disclosure due to uninitialized memory reads
     CVE-2021-3546: out-of-bounds write in virgl_cmd_get_capset()
     Closes: #989042, CVE-2021-3544, CVE-2021-3545, CVE-2021-3546

  [ Cyril Brulebois ]
  * linux-user-elfload-fix-address-calculation-in-fallback.patch
    This fixes problems with some access to an unmounted /proc, as seen
    while building images for the Raspberry Pi devices. With thanks to
    Diederik de Haas for the report and to Bernhard Übelacker for
    pinpointing the upstream fix to backport. (Closes: #988174)

 -- Michael Tokarev <email address hidden>  Wed, 29 Sep 2021 13:14:52 +0300
  • qemu (1:5.2+dfsg-11) unstable; urgency=medium

  * i386-acpi-restore-device-paths-for-pre-5.1-vms.patch
    This fixes a serious issue in some VMs (in particuar, Windows & MacOS)
    when migrating from buster qemu to bullseye qemu.
    (Closes: #990675)
  * pvrdma-fix-possible-mremap-overflow-in-pvrdma-device-CVE-2021-3582.patch
    (Closes: #990565, CVE-2021-3582)
  * pvrdma-ensure-correct-input-on-ring-init-CVE-2021-3607.patch
    (Closes: #990564, CVE-2021-3607)
  * pvrdma-fix-the-ring-init-error-flow-CVE-2021-3608.patch
    (Closes: #990563, CVE-2021-3608)
  * ide-atapi-check-logical-block-address-and-read-size-CVE-2020-29443.patch
    (Closes: #983575, CVE-2020-29443)
  * usb-limit-combined-packets-to-1-MiB-CVE-2021-3527.patch
    usb-redir-avoid-dynamic-stack-allocation-CVE-2021-3527.patch
    (Closes: #988157, CVE-2021-3527)

 -- Michael Tokarev <email address hidden>  Sun, 18 Jul 2021 16:14:41 +0300
  • qemu (1:5.2+dfsg-10) unstable; urgency=medium

  * 5 sdhci fixes from upstream:
    dont-transfer-any-data-when-command-time-out.patch
    dont-write-to-SDHC_SYSAD-register-when-transfer-is-in-progress.patch
    correctly-set-the-controller-status-for-ADMA.patch
    limit-block-size-only-when-SDHC_BLKSIZE-register-is-writable.patch
    reset-the-data-pointer-of-s-fifo_buffer-when-a-different-block-size...patch
    (Closes: #986795, #970937, CVE-2021-3409, CVE-2020-17380, CVE-2020-25085)
  * mptsas-remove-unused-MPTSASState.pending-CVE-2021-3392.patch
    fix possible use-after-free in mptsas_free_request
    (Cloese: #984449, CVE-2021-3392)

 -- Michael Tokarev <email address hidden>  Fri, 16 Apr 2021 12:43:36 +0300