© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
Hi,
thanks for the report, this seems to keep on giving.
Initially we had:
128 qemu (1:4.2-3ubuntu6.4) focal-security; urgency=medium
177 * SECURITY UPDATE: out-of-bounds access via msi-x mmio operation
178 - debian/
179 mismatching sizes in memory_
180 - debian/
181 access to core ACPI registers in hw/acpi/core.c.
182 - CVE-2020-13754
But something close to the issue you mentioned was spotted quickly and resolved in
113 qemu (1:4.2-3ubuntu6.5) focal; urgency=medium
118 - as part of the stabilization this also fixes an
119 riscv emulation issue due to the CVE-2020-13754 fixes via
120 d/p/ubuntu/
Yet your hint made me wonder "what else" this might have been found to be broken and that is quite a list.
So we have already (in Focal):
https:/
But in the meantime there also is this list::
https:/
https:/
https:/
https:/
https:/
https:/
Related but not strictly needed:
https:/
Qemu 5.2 has all the known fixes that exist so far, thereby this is fixed in Hirsute.
The CVE-2020-13754 was released to X/B/F (and G, but before G released).
So IMHO X,B,G seem to need the fixups mentioned above, F needs the same minus the one I already added.
This will eventually need to be pushed to -security, also there is a chance that Mark (doing the security update) and/pr the security community had context/discussions about this.
For now I'll assign this to Mark for his input on this.
While we wait for Marks awnser @nathan - could you outline steps to reproduce an issue related to this. For the SRU one would want commands that fail without the fix and work once applied.
I assume you'd have some RiscV Emulation steps we could use for that?