[ Jamie Strandboge ]
* debian/patches/SECURITY_CVE-2007-1320+1321+1322+1366+2893.patch
based on 90_security.patch from qemu 0.9.1-1ubuntu1. Please note that
CVE-2007-2893 is also known as CVE-2007-1323, and CVE-2007-5729 and
CVE-2007-5730 are known as CVE-2007-1321 in Debian. This patch addresses
the following:
- Cirrus LGD-54XX "bitblt" heap overflow.
- NE2000 "mtu" heap overflow.
- QEMU "net socket" heap overflow.
- QEMU NE2000 "receive" integer signedness error.
- Infinite loop in the emulated SB16 device.
- Unprivileged "aam" instruction does not correctly handle the
undocumented divisor operand.
- Unprivileged "icebp" instruction will halt emulation.
* debian/patches/SECURITY_CVE-2008-0928.patch: perform range checks on
block device read and write requests
* References
CVE-2007-1320
CVE-2007-1321
CVE-2007-1322
CVE-2007-1323
CVE-2007-1366
CVE-2007-2893
CVE-2007-5729
CVE-2007-5730
CVE-2008-0928
[ Soren Hansen ]
* debian/patches/extboot-geometry.patch:
- Apply extboot patch from Anthony Liguori that fixes CHS information
being calculated incorrectly, which seems to upset grub from time to time.
kvm (1:62+dfsg- 0ubuntu3) hardy; urgency=low
[ Jamie Strandboge ] patches/ SECURITY_ CVE-2007- 1320+1321+ 1322+1366+ 2893.patch patches/ SECURITY_ CVE-2008- 0928.patch: perform range checks on
* debian/
based on 90_security.patch from qemu 0.9.1-1ubuntu1. Please note that
CVE-2007-2893 is also known as CVE-2007-1323, and CVE-2007-5729 and
CVE-2007-5730 are known as CVE-2007-1321 in Debian. This patch addresses
the following:
- Cirrus LGD-54XX "bitblt" heap overflow.
- NE2000 "mtu" heap overflow.
- QEMU "net socket" heap overflow.
- QEMU NE2000 "receive" integer signedness error.
- Infinite loop in the emulated SB16 device.
- Unprivileged "aam" instruction does not correctly handle the
undocumented divisor operand.
- Unprivileged "icebp" instruction will halt emulation.
* debian/
block device read and write requests
* References
CVE-2007-1320
CVE-2007-1321
CVE-2007-1322
CVE-2007-1323
CVE-2007-1366
CVE-2007-2893
CVE-2007-5729
CVE-2007-5730
CVE-2008-0928
[ Soren Hansen ] patches/ extboot- geometry. patch:
* debian/
- Apply extboot patch from Anthony Liguori that fixes CHS information
being calculated incorrectly, which seems to upset grub from time to time.
-- Soren Hansen < <email address hidden> > Thu, 10 Apr 2008 16:35:09 +0000