Comment 7 for bug 1897854

This bug was fixed in the package qemu - 1:5.0-5ubuntu9.2

---------------
qemu (1:5.0-5ubuntu9.2) groovy-security; urgency=medium

  * SECURITY UPDATE: heap buffer overflow in sdhci_sdma_transfer_multi_blocks()
    - debian/patches/ubuntu/CVE-2020-17380.patch: fix DMA Transfer Block
      Size field in hw/sd/sdhci.c.
    - CVE-2020-17380
    - CVE-2020-25085
  * SECURITY UPDATE: use-after-free via unchecked return value
    - debian/patches/ubuntu/CVE-2020-25084.patch: check return value of
      'usb_packet_map' in hw/usb/hcd-xhci.c.
    - CVE-2020-25084
  * SECURITY UPDATE: out-of-bound access issue
    - debian/patches/ubuntu/CVE-2020-25624.patch: check len and
      frame_number variables in hw/usb/hcd-ohci.c.
    - CVE-2020-25624
  * SECURITY UPDATE: infinite loop when a TD list has a loop
    - debian/patches/ubuntu/CVE-2020-25625.patch: check for processed TD
      before retire in hw/usb/hcd-ohci.c.
    - CVE-2020-25625
  * SECURITY UPDATE: assertion failure through usb_packet_unmap()
    - debian/patches/ubuntu/CVE-2020-25723.patch: check return value of
      'usb_packet_map' in hw/usb/hcd-ehci.c.
    - CVE-2020-25723
  * SECURITY UPDATE: bounds issue in ati_2d_blt
    - debian/patches/ubuntu/CVE-2020-27616.patch: check x y display
      parameter values in hw/display/ati_2d.c.
    - CVE-2020-27616
  * SECURITY UPDATE: assertion failure
    - debian/patches/ubuntu/CVE-2020-27617.patch: remove an assert call in
      eth_get_gso_type in net/eth.c.
    - CVE-2020-27617
  * Assertion failure via zero mmap_min_addr (LP: #1897854)
    - debian/patches/ubuntu/lp1897854-Ensure-mmap_min_addr-is-non-zero.patch:
      ensure mmap_min_addr is non-zero in linux-user/main.c.

 -- Marc Deslauriers <email address hidden> Fri, 20 Nov 2020 08:02:13 -0500