-
Committer:
Bazaar Package Importer
-
Author(s):
Soren Hansen, Jamie Strandboge, Soren Hansen
-
Date:
2008-04-10 16:35:09 UTC
-
Revision ID:
james.westby@ubuntu.com-20080410163509-xgnzoszu2ir9102j
Tags: 1:62+dfsg-0ubuntu3
[ Jamie Strandboge ]
* debian/patches/SECURITY_CVE-2007-1320+1321+1322+1366+2893.patch
based on 90_security.patch from qemu 0.9.1-1ubuntu1. Please note that
CVE-2007-2893 is also known as CVE-2007-1323, and CVE-2007-5729 and
CVE-2007-5730 are known as CVE-2007-1321 in Debian. This patch addresses
the following:
- Cirrus LGD-54XX "bitblt" heap overflow.
- NE2000 "mtu" heap overflow.
- QEMU "net socket" heap overflow.
- QEMU NE2000 "receive" integer signedness error.
- Infinite loop in the emulated SB16 device.
- Unprivileged "aam" instruction does not correctly handle the
undocumented divisor operand.
- Unprivileged "icebp" instruction will halt emulation.
* debian/patches/SECURITY_CVE-2008-0928.patch: perform range checks on
block device read and write requests
* References
CVE-2007-1320
CVE-2007-1321
CVE-2007-1322
CVE-2007-1323
CVE-2007-1366
CVE-2007-2893
CVE-2007-5729
CVE-2007-5730
CVE-2008-0928
[ Soren Hansen ]
* debian/patches/extboot-geometry.patch:
- Apply extboot patch from Anthony Liguori that fixes CHS information
being calculated incorrectly, which seems to upset grub from time to time.