-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 21 May 2011 10:45:52 +0400 Source: qemu-kvm Binary: qemu-kvm qemu-kvm-dbg kvm Architecture: amd64 Version: 0.12.5+dfsg-5+squeeze2 Distribution: squeeze-security Urgency: high Maintainer: amd64 Build Daemon (brahms) Changed-By: Michael Tokarev Description: kvm - dummy transitional package from kvm to qemu-kvm qemu-kvm - Full virtualization on x86 hardware qemu-kvm-dbg - Debugging info for qemu-kvm Closes: 627448 Changes: qemu-kvm (0.12.5+dfsg-5+squeeze2) stable-security; urgency=high . * fix CVE-2011-1751 for 0.12. The actual fix is in hotplug-4-ignore-pci-hotplug-requests-for-unpluggable-devices-CVE-2011-1751 but that change, while trivial, required 6 more changes to be backported to 0.12: o pci-cleanly-backout-of-pci_qdev_init-925fe64ae7 (moving common code to a separate function and using it from another place to fix a memory leak) o hotplug-0-acpi_piix4-qdevfy-e8ec0571e1 this qdevifies acpi_piix4 device o hotplug-1-pci-allow-devices-being-tagged-as-not-hotpluggable-180c22e18b introduce a "no_hotplug" attribute and check it in common places to ensure such devices wont be hot-(un)plugged. This needs the pci-cleanly-backout-of-pci_qdev_init patch mentioned above o hotplug-2-piix-tag-as-not-hotpluggable-0965f12da6 o hotplug-3-vga-tag-as-not-hotplugable-be92bbf73d mark certain devices as non-hotpluggable And finally the actual fix for CVE-2011-1751, which verifies the no_hotplug attribute when handling hot-unplug request from guest. (closes: #627448) Checksums-Sha1: 96b0c90ce6ff290d8255f2816decc2402fd69035 1607378 qemu-kvm_0.12.5+dfsg-5+squeeze2_amd64.deb 887d8147ec09ec1a286372261d2843a99c0d8624 2822540 qemu-kvm-dbg_0.12.5+dfsg-5+squeeze2_amd64.deb f6756fdb45743c50c91f18e1d938aeb5a0362719 12940 kvm_0.12.5+dfsg-5+squeeze2_amd64.deb Checksums-Sha256: b97b0e1487f34bd0f0efbed67a8a9ce9f5052aceef757525b0907e8a18088cdd 1607378 qemu-kvm_0.12.5+dfsg-5+squeeze2_amd64.deb a62d9a71fd602de501ecff699de477fdd1da9693c535586ab52732aba643c26d 2822540 qemu-kvm-dbg_0.12.5+dfsg-5+squeeze2_amd64.deb 956d44981dc5bb55086d98c0117b276d122a79c55a08aae539494b92ad701e97 12940 kvm_0.12.5+dfsg-5+squeeze2_amd64.deb Files: e883c8bb11381e71096e0caff0cb3763 1607378 misc optional qemu-kvm_0.12.5+dfsg-5+squeeze2_amd64.deb 45a0659ba9dc16587358ce786b0eff4f 2822540 debug extra qemu-kvm-dbg_0.12.5+dfsg-5+squeeze2_amd64.deb a42451636c82a576a4a29cd9296fa64e 12940 oldlibs extra kvm_0.12.5+dfsg-5+squeeze2_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBCAAGBQJN2p5mAAoJEJCtPwfo5xzzWnsP/R/wId4R6N8G4OB9k37s/QI6 HGPwMLFiUVHrvILUF/BbbCFvxdZT5nCE9NWikbXLXkgV6SeCCdmg06JMWOub+OmO I1npxjcC4fF8QSAW+qjb7oPxtYfdl7WhEZ6fSBfl0K1/wWQyMHiEkp6+11FNvpIJ CVsyz72mj1yzK+fCCJ/Vch6DpagFhjNHnEIMCuym3bugIIcnGdP7LRHOqutLCsga GQM8hOERtlnCaR7auyHhfaPKCvI3CDb9UiCe1/c4qeUHgluhOCIj5YSHFx30npzP dAukIpTfp6gT8WYB6xSaT6EQTVQ5ImE/Nk9a/vxBNzoa8McSOyPvUTAu0MAfDW7N XkJ4SZGkq8X2qXBaTRVgEZaJSpX9dJ7HzTj8olgNULRhr8ShI2Vt1DWn8O1W1SR4 K8E3J1B00aMYiySq21PkhJMC9GzT66ePO0/FQJs6BlBor+uWbWTJ37PgTFqrrDo6 Bafb/GbywvK0wHTinKwlup0uM62DE+xXAuTuM6jSJ/du5a+gTGFWS0bzKSO6oLzX Njr/JJQMxrQ5Xj/VwFJyL+Wd8DWBLj2SZm7ozdNysH0rhuUtOto/SaqEzu09+8vc pLOC6BaNVuZ+swij0UvACZ1Yt/KnXl2ileltSDMUicGwPwl1Yjnqv1qWFXCLu6Yj AiCfb+riE2X/gV6+DH0L =xxBe -----END PGP SIGNATURE-----