CVE-2021-3409 (https://www.openwall.com/lists/oss-security/2021/03/09/1): QEMU upstream commit [1] was supposed to fix CVE-2020-17380 and CVE-2020-25085, both involving a heap buffer overflow in the SDHCI controller emulation code. In fact, commit [1] turned out to be incomplete, in that it was still possible to reproduce the same issue(s) with specially crafted input, inducing a bogus transfer and subsequent out-of-bounds read/write access in sdhci_do_adma() or sdhci_sdma_transfer_multi_blocks(). Old patch: [1] https://git.qemu.org/?p=qemu.git;a=commit;h=dfba99f17feb6d4a129da19d38df1bcd8579d1c3 New patch series: https://lists.nongnu.org/archive/html/qemu-devel/2021-03/msg00949.html CVE-2021-20263 (https://www.openwall.com/lists/oss-security/2021/03/08/1): A flaw was found in the virtio-fs shared file system daemon (virtiofsd) of QEMU. Virtio-fs is meant to share a host file system directory with a guest virtual machine. The new 'xattrmap' option may cause the 'security.capability' xattr in the guest to not drop on file write, potentially leading to a modified, privileged executable in the guest. In rare circumstances, this flaw could be used by a malicious user to elevate their privileges within the guest. Upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2021-03/msg01244.html Both patchsets seem to be unmerged.
Second patch is applied, first patch series not yet in upstream main git branch.
Package list is empty or all packages have requested keywords.
Everything seems to be in 6.0.0
