1
PublicDateAtUSN: 2014-02-20
2
Candidate: CVE-2013-4541
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4541
6
http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00394.html
7
http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00413.html
8
https://usn.ubuntu.com/usn/usn-2342-1
10
The usb_device_post_load function in hw/usb/bus.c in QEMU before 1.7.2
11
might allow remote attackers to execute arbitrary code via a crafted savevm
12
image, related to a negative setup_len or setup_index value.
16
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739589
18
Discovered-by: Michael S. Tsirkin, Anthony Liguori and Michael Roth
22
upstream_qemu-kvm: needed
23
lucid_qemu-kvm: not-affected (code not present)
24
precise_qemu-kvm: released (1.0+noroms-0ubuntu14.17)
25
quantal_qemu-kvm: ignored (reached end-of-life)
31
upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=9f8e9895c504149d7048e9fc5eb5cbb34b16e49a
36
saucy_qemu: ignored (reached end-of-life)
37
trusty_qemu: released (2.0.0+dfsg-2ubuntu1.3)
38
devel_qemu: not-affected (2.1+dfsg-2ubuntu1)