This bug was fixed in the package qemu - 1:5.2+dfsg-2ubuntu1

---------------
qemu (1:5.2+dfsg-2ubuntu1) hirsute; urgency=medium

  * Merge with Debian unstable
    - includes fix for CVE-2020-17380
    - includes a fix for s390x PCI device reset (LP: #1907656)
    Remaining changes:
    - qemu-kvm to systemd unit
      - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
        hugepages and architecture specifics
      - d/qemu-system-common.qemu-kvm.service: systemd unit to call
        qemu-kvm-init
      - d/qemu-system-common.install: install helper script
      - d/qemu-system-common.qemu-kvm.default: defaults for
        /etc/default/qemu-kvm
      - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
    - Distribution specific machine type (LP: 1304107 1621042)
      - d/p/ubuntu/define-ubuntu-machine-types.patch: distro machine types
      - d/qemu-system-x86.NEWS Info on fixed machine type definitions
        for host-phys-bits=true (LP: 1776189)
      - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
      - provide pseries-bionic-2.11-sxxm type as convenience with all
        meltdown/spectre workarounds enabled by default. (LP: 1761372).
      - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
    - Enable nesting by default
      - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
        in qemu64 on amd
        [ No more strictly needed, but required for backward compatibility ]
    - improved dependencies
      - Make qemu-system-common depend on qemu-block-extra
      - Make qemu-utils depend on qemu-block-extra
      - let qemu-utils recommend sharutils
    - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
      - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
        reference 256k path
      - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
        handle incoming migrations from former releases.
    - d/control-in: Disable capstone disassembler library support (universe)
    - d/qemu-system-x86.README.Debian: add info about updated nesting changes
    - d/control*, d/rules: disable xen by default, but provide universe
      package qemu-system-x86-xen as alternative
      [includes compat links changes of 5.0-5ubuntu4]
    - allow qemu to load old modules post upgrade (LP 1847361)
      - Drop d/qemu-block-extra.*.in, d/qemu-system-gui.*.in
      - d/rules: Drop generating package version into maintainer scripts
      - d/qemu-system-gui.prerm: add no-op prerm to overcome upgrade issues on
        the bad old prerm (LP 1906245 1905377)
  * Dropped Changes:
    - d/control, d/rules: build with gcc-9 on armhf as workaround until
      resolved in gcc-10 (LP: 1890435) [it is flaky still, but no more 100%
      fails]
  * Added Changes:
    - Refreshed ubuntu machine types for hirsute@5.2
    - d/control: regenerated from d/control-in
    - d/p/ubuntu/lp-1907789-build-no-pie-is-no-functional-liker-flag.patch: fix
      ld usage of -no-pie (LP: #1907789)

qemu (1:5.2+dfsg-2) unstable; urgency=medium

  * move ui-opengl.so module from qemu-system-gui to qemu-system-common,
    as other modules want it (Closes: #976996, #977022)
  * do not install dropped ppc64abi32 binfmt for qemu-user[-static]
    (Closes: #977015)

qemu (1:5.2+dfsg-1) unstable; urgency=medium

  * new upstream release
    Closes: #965978, CVE-2020-15859 (22dc8663d9fc7baa22100544c600b6285a63c7a3)
    Closes: #970539, CVE-2020-25084 (21bc31524e8ca487e976f713b878d7338ee00df2)
    Closes: #970540, CVE-2020-25085 (dfba99f17feb6d4a129da19d38df1bcd8579d1c3)
    Closes: #970541, CVE-2020-25624 (1328fe0c32d5474604105b8105310e944976b058)
    Closes: #970542, CVE-2020-25625 (1be90ebecc95b09a2ee5af3f60c412b45a766c4f)
    Closes: #974687, CVE-2020-25707 (c2cb511634012344e3d0fe49a037a33b12d8a98a)
    Closes: #975276, CVE-2020-25723 (2fdb42d840400d58f2e706ecca82c142b97bcbd6)
    Closes: #975265, CVE-2020-27616 (ca1f9cbfdce4d63b10d57de80fef89a89d92a540)
    Closes: #973324, CVE-2020-27617 (7564bf7701f00214cdc8a678a9f7df765244def1)
    Closes: #972864, CVE-2020-27661 (bea2a9e3e00b275dc40cfa09c760c715b8753e03)
    Closes: CVE-2020-27821 (1370d61ae3c9934861d2349349447605202f04e9)
    Closes: #976388, CVE-2020-28916 (c2cb511634012344e3d0fe49a037a33b12d8a98a)
  * remove obsolete patches
  * refresh use-fixed-data-path.patch and debian/get-orig-source.sh
  * bump minimum meson version required for build to 0.55.3
  * update build rules for several components
  * remove deprecated lm32 and unicore32 system emulators
  * remove deprecated ppc64abi32 and tilegx linux-user emulators
  * install ui-spice-core.so & chardev-spice.so in qemu-system-common
  * install ui-egl-headless.so in qemu-system-common
  * install hw-display-virtio-*.so in qemu-system-common
  * install ui-opengl.so in qemu-system-gui
  * install qemu-pr-helper.8 in qemu-system-common
  * qemu-pr-helper moved to usr/bin/ again
  * qboot.rom renamed from bios-microvm.bin
  * remove several unused lintian overrides
  * add spelling.diff patch to fix a few spelling errors
  * update Standards-Version to 4.5.1
  * fix a few trailing whitespaces in d/control and d/changelog
  * require libcapstone >= 4.0.2 (v4) for build

 -- Christian Ehrhardt <email address hidden>  Wed, 09 Dec 2020 16:44:47 +0100