Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 586430

Summary: app-emulation/qemu-2.5.1.1 version bump (includes 3 CVE)
Product: Gentoo Linux Reporter: Kilburn Abrahams <kilburna>
Component: Current packagesAssignee: Gentoo QEMU Project <qemu+disabled>
Status: RESOLVED DUPLICATE    
Severity: normal CC: jstein
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Kilburn Abrahams 2016-06-19 22:04:24 UTC
Bump qemu to 2.5.1.1 

see https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg01308.html

CHANGELOG:

db51dfc: Update version for 2.5.1.1 release (Michael Roth)
5b7236f: cadence_uart: bounds check write offset (Michael S. Tsirkin)
0bcdb63: Revert "ehci: make idt processing more robust" (Gerd Hoffmann)
706bab6: ehci: apply limit to iTD/sidt descriptors (Gerd Hoffmann)
44b86aa: vga: make sure vga register setup for vbe stays intact 
(CVE-2016-3712). (Gerd Hoffmann)
a6e5e5d: vga: update vga register setup on vbe changes (Gerd Hoffmann)
2f2f74e: vga: factor out vga register setup (Gerd Hoffmann)
46aff2c: vga: add vbe_enabled() helper (Gerd Hoffmann)
4f0323d: vga: fix banked access bounds checking (CVE-2016-3710) (Gerd Hoffmann)

Reproducible: Always
Comment 1 Matthias Maier gentoo-dev 2016-09-05 06:25:57 UTC
This will be resolved with a version bump to 2.7.0

*** This bug has been marked as a duplicate of bug 592430 ***