[ Jamie Strandboge ]
* debian/patches/SECURITY_CVE-2007-1320+1321+1322+1366+2893.patch
  based on 90_security.patch from qemu 0.9.1-1ubuntu1. Please note that
  CVE-2007-2893 is also known as CVE-2007-1323, and CVE-2007-5729 and
  CVE-2007-5730 are known as CVE-2007-1321 in Debian. This patch addresses
  the following:
  - Cirrus LGD-54XX "bitblt" heap overflow.
  - NE2000 "mtu" heap overflow.
  - QEMU "net socket" heap overflow.
  - QEMU NE2000 "receive" integer signedness error.
  - Infinite loop in the emulated SB16 device.
  - Unprivileged "aam" instruction does not correctly handle the
    undocumented divisor operand.
  - Unprivileged "icebp" instruction will halt emulation.
* debian/patches/SECURITY_CVE-2008-0928.patch: perform range checks on
  block device read and write requests
* References
  CVE-2007-1320
  CVE-2007-1321
  CVE-2007-1322
  CVE-2007-1323
  CVE-2007-1366
  CVE-2007-2893
  CVE-2007-5729
  CVE-2007-5730
  CVE-2008-0928

[ Soren Hansen ]
* debian/patches/extboot-geometry.patch:
  - Apply extboot patch from Anthony Liguori that fixes CHS information
    being calculated incorrectly, which seems to upset grub from time to time.