-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 04 May 2022 22:50:01 +0300 Source: qemu Binary: qemu-system-data Architecture: all Version: 1:5.2+dfsg-11+deb11u2 Distribution: bullseye-security Urgency: medium Maintainer: all Build Daemon (x86-grnet-02) Changed-By: Michael Tokarev Description: qemu-system-data - QEMU full system emulation (data files) Changes: qemu (1:5.2+dfsg-11+deb11u2) bullseye-security; urgency=medium . * virtio-net-fix-map-leaking-on-error-during-receive-CVE-2022-26353.patch fix memory leak after fix for CVE-2021-3748 * vhost-vsock-detach-the-virqueue-element-on-error-CVE-2022-26354.patch vhost-sock device was not detaching invalid element from the virtqueue on error * ui-cursor-fix-integer-overflow-in-cursor_alloc-CVE-2021-4206.patch, display-qxl-render-fix-race-condition-in-qxl_cursor-CVE-2021-4207.patch two flaws can lead to allocation of small cursor object followed by a subsequent heap-based buffer overflow with a potential for executing arbitrary code within the context of QEMU process * virtiofsd-drop-membership-of-all-supplementary-group-CVE-2022-0358.patch potential group escalation allowed by virtiofsd Checksums-Sha1: cbf64311883a52e68a8315b570c7e5dcce52ab25 1166100 qemu-system-data_5.2+dfsg-11+deb11u2_all.deb 48527dae734095bc582073c817d0f0567a0bf523 23097 qemu_5.2+dfsg-11+deb11u2_all-buildd.buildinfo Checksums-Sha256: 53d75e2b483e3905667f617b13adc835959d6289d2332adda6a444d99933e1f3 1166100 qemu-system-data_5.2+dfsg-11+deb11u2_all.deb f3483086e44aa6198846f0a053574d21404b6269c9f3380d7cdf2aff5f0a501c 23097 qemu_5.2+dfsg-11+deb11u2_all-buildd.buildinfo Files: 5c43b02c79692d0b1f575388bcbb734d 1166100 otherosfs optional qemu-system-data_5.2+dfsg-11+deb11u2_all.deb 185aeff8a415ea06fc446d5df2d04945 23097 otherosfs optional qemu_5.2+dfsg-11+deb11u2_all-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEfA7dsu0ZDzzHaw+5NX/smi6DkKgFAmJ1K/sACgkQNX/smi6D kKg6sg/9H5nUVkQ7C0q3lApzY9d6ZZW8S/xVRw3CysA5JU32mLPIRul8pk4pJt01 WvBbFVTH/43xDOM+x3cNIua+sFscifk79zdI9EyRijty3TkWFCDYR7qTDC0H8d/z 9jYM2Lsz/YbXhPSrFJczJ7WEyQyFkl/+skrNS3skyhSwc/yVPP8T6u4XH6bG+Wog CdRbyp2C2yXQHjeyfpCHjua6ltIwaEQ3YCvLmVEREDZg+DOrWyfbOVXNbcxGsNRp O7Z/qJdVQjPigLfggfw0fSFg/deqCQfi/M7OVyzM5s3dANqpUNs6zE1MwAzSAEy3 Y4457yMPcG5HGPvgZB1yNGmt52bd4pVaNC4hgEcJ3HU72jUSr+S1cTYZUh2PSOpv xKPrXpP7sMXJGvtLb7lExX1bBFbjMqHRQzFXh5QqkQcNyGbvcKmUK/L4gYax6Sac r3CniNQF/QAuaRE+7O+QNTSH9JVkJD0Y3T7M/9m8NOj41Ue7aaLTvWJH+JPSAkxY hJAO/GcjhT+C/I47mvxg0PgYxE8J6iI+mIitEITBCJ8+XajinDPKJJKihHFMPCEu 3YPYsSPImu2IL5Bqo9hl5DUjOlq+vtUDsgDU2tU4uaqUAihYa+bskq9Lnh7PSXgh BXqmazfiDS0kaDg5oIjP1z0gIGyrXnizwnjhDPnMPU9YDAbIvOk= =tzHG -----END PGP SIGNATURE-----