-
qemu-kvm (0.14.1+noroms-0ubuntu6.6) oneiric-security; urgency=low
* SECURITY UPDATE: guest denial of service and possible code execution
via e1000 large packets
- debian/patches/CVE-2012-6075.patch: properly discard oversize packets
in hw/e1000.c.
- CVE-2012-6075
-- Marc Deslauriers <email address hidden> Tue, 15 Jan 2013 09:28:46 -0500
-
qemu-kvm (0.14.1+noroms-0ubuntu6.5) oneiric-security; urgency=low
* SECURITY UPDATE: privilege escalation via VT100 sequences
- debian/patches/CVE-2012-3515.patch: check bounds in console.c.
- CVE-2012-3515
-- Marc Deslauriers <email address hidden> Tue, 25 Sep 2012 10:11:19 -0400
-
qemu-kvm (0.14.1+noroms-0ubuntu6.4) oneiric-security; urgency=low
* SECURITY UPDATE: file overwrite via incorrect temp file checking
- debian/patches/CVE-2012-2652.patch: properly check length and
failures in block.c, block_int.h, block/vvfat.c.
- CVE-2012-2652
* This update not _not_ contain the changes from 0.14.1+noroms-0ubuntu6.3
that was in oneiric-proposed.
-- Marc Deslauriers <email address hidden> Tue, 31 Jul 2012 10:27:20 -0400
-
qemu-kvm (0.14.1+noroms-0ubuntu6.3) oneiric-proposed; urgency=low
* debian/patches/fix-vmware-vga-negative-vals - if x or y < 0, set them to 0
(and decrement width/height accordingly) (LP: #918791)
-- Serge Hallyn <email address hidden> Thu, 15 Mar 2012 21:18:48 -0500
-
qemu-kvm (0.14.1+noroms-0ubuntu6.2) oneiric-security; urgency=low
* SECURITY UPDATE: fix heap overflow in e1000 driver with crafted legacy
mode packets
- debian/patches/CVE-2012-0029.patch: check for overflow whenever issuing
PCI dma reads
- CVE-2012-0029
-- Jamie Strandboge <email address hidden> Wed, 18 Jan 2012 09:56:15 -0600
-
qemu-kvm (0.14.1+noroms-0ubuntu6.1) oneiric-proposed; urgency=low
* debian/qemu-ifdown: don't use full paths for sbin/ifconfig, especially
as those paths are wrong. (LP: #898234)
* debian/patches/dont-try-to-hotplug-cpu.patch: trying to hotplug a cpu
crashes qemu. So just don't do it! (LP: #878422)
-- Serge Hallyn <email address hidden> Tue, 06 Dec 2011 14:57:13 -0600
-
qemu-kvm (0.14.1+noroms-0ubuntu6) oneiric; urgency=low
* debian/patches/e1000-Dont-set-the-Capabilities-List-bit.patch: Do not set
the Capabilities Pointer to NULL for e1000 ethernet adapter, allows Windows'
PCI/PCI Express Compliance Test to pass. Patch cherry picked from upstream
trunk commit, courtesy of Dann Frazier. (LP: #857746)
-- Dave Walker (Daviey) <email address hidden> Mon, 26 Sep 2011 09:36:22 +0100
-
qemu-kvm (0.14.1+noroms-0ubuntu5) oneiric; urgency=low
* debian/patches/vpc.patch: detect vpc files which are too big
(LP: #814222)
-- Serge Hallyn <email address hidden> Mon, 12 Sep 2011 11:28:36 -0500
-
qemu-kvm (0.14.1+noroms-0ubuntu4) oneiric; urgency=low
* Add a line to the extended package description pointing to ipxe for
network installs (LP: #819486)
* Change the qemu-common Suggests from kvm-pxe to ipxe, as ipxe is newer
and is in main.
-- Serge Hallyn <email address hidden> Mon, 12 Sep 2011 10:16:55 -0500
-
qemu-kvm (0.14.1+noroms-0ubuntu3) oneiric; urgency=low
* debian/patches/etc-qemuifscripts-fix-paths.patch: don't hardcode a path
to brctl in qemu-ifup. (LP: #833475)
* debian/control: move Depends: on bridge-utils from qemu-kvm to
qemu-common. (LP: #835355)
* debian/patches/debian/patches/fix-pa-configure.patch: fix FTBFS. Fix
comes from upstream and will be in 0.15 when merged. (LP: #829492)
-- Serge Hallyn <email address hidden> Mon, 29 Aug 2011 12:23:12 -0500
-
qemu-kvm (0.14.1+noroms-0ubuntu2) oneiric; urgency=low
* debian/{control,rules}: build with PIE.
-- Kees Cook <email address hidden> Wed, 10 Aug 2011 12:04:15 -0700
-
qemu-kvm (0.14.1+noroms-0ubuntu1) oneiric; urgency=low
* New upstream release
* Removed patch applied upstream: debian/patches/CVE-2011-1750.diff
-- Serge Hallyn <email address hidden> Tue, 26 Jul 2011 23:06:23 -0500
-
qemu-kvm (0.14.0+noroms-0ubuntu9) oneiric; urgency=low
* SECURITY UPDATE: fix potential privilege escalation via improper group
handling
- debian/patches/CVE-2011-2527.patch: call initgroups() to drop
supplementary group privileges
- CVE-2011-2527
-- Jamie Strandboge <email address hidden> Tue, 26 Jul 2011 07:51:28 -0500
-
qemu-kvm (0.14.0+noroms-0ubuntu8) oneiric; urgency=low
* SECURITY UPDATE: fix to validate virtqueue in and out requests from the
guests
- debian/patches/CVE-2011-2212-virtqueue-indirect-overflow.patch: update
hw/virtio.c to verify the length of indirect descriptors in
virtqueue_pop() and virtqueue_avail_bytes()
- CVE-2011-2212
- LP: #806167
* SECURITY UPDATE: validate virtio_queue_notify() is non-negative
- virtio-guard-against-negative-vq-notifies-CVE-2011-2512.diff: update
to move comparison out to syborg_virtio_writel(), virtio_ioport_write()
and virtio_queue_notify_vq() and don't call common virtio code if
virtqueue number is invalid. Patch from Debian.
- CVE-2011-2512
- LP: #806166
-- Jamie Strandboge <email address hidden> Tue, 05 Jul 2011 13:24:52 -0500
-
qemu-kvm (0.14.0+noroms-0ubuntu7) oneiric; urgency=low
* SECURITY UPDATE: fix heap buffer overflow from unaligned requests
- CVE-2011-1750
* SECURITY UPDATE: verify no_hotplug attribute when handling hot-unplug
requests
- CVE-2011-1751
-- Jamie Strandboge <email address hidden> Sun, 29 May 2011 09:22:55 -0500
-
qemu-kvm (0.14.0+noroms-0ubuntu6) oneiric; urgency=low
* We need a versioned depend on vgabios to ensure the files we link to
exist. (LP: #783864)
-- Serge Hallyn <email address hidden> Tue, 24 May 2011 10:09:01 -0500
-
qemu-kvm (0.14.0+noroms-0ubuntu5) oneiric; urgency=low
* Add libattr1-dev to build-depends to enable use of 9p virtfs (LP: #782973)
-- Serge Hallyn <email address hidden> Mon, 16 May 2011 09:53:15 -0500
-
qemu-kvm (0.14.0+noroms-0ubuntu4) natty; urgency=low
*LP: #719174
Typo corrected
-- Bhaveek Desai <email address hidden> Fri, 18 Mar 2011 21:06:54 +0530