diff options
| author | Sergei Lukin <sergej.lukin@gmail.com> | 2017-04-18 12:55:12 +0000 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2017-04-21 12:52:14 +0000 |
| commit | 251f7b99aba7d81c9ef398c6f3ec41f06c2ba661 (patch) | |
| tree | 980a1728084ee290a631b716d1697125994dfe48 /main/qemu/APKBUILD | |
| parent | 6e43b8e910ddb974b60364e4a18c31ff9c22b9e8 (diff) | |
| download | aports-251f7b99aba7d81c9ef398c6f3ec41f06c2ba661.tar.bz2 aports-251f7b99aba7d81c9ef398c6f3ec41f06c2ba661.tar.xz | |
main/qemu: security fixes #6921
CVE-2016-7994: Qemu virtio-gpu: memory leak in virtio_gpu_resource_create_2d
CVE-2016-7995: Qemu: usb: hcd-ehci: memory leak in ehci_process_itd
CVE-2016-8576: Qemu: usb: xHCI: infinite loop vulnerability in xhci_ring_fetch
CVE-2016-8577: Qemu: 9pfs: host memory leakage in v9fs_read
CVE-2016-8578: Qemu: 9pfs: potential NULL dereferencein 9pfs routines
CVE-2016-8668: Qemu: net: OOB buffer access in rocker switch emulation
CVE-2016-8909: Qemu: audio: intel-hda: infinite loop in processing dma buffer stream
CVE-2016-8910: Qemu: net: rtl8139: infinite loop while transmit in C+ mode
CVE-2016-9101: Qemu: net: eepro100 memory leakage at device unplug
CVE-2016-9102: Qemu: 9pfs: memory leakage when creating extended attribute
CVE-2016-9103: Qemu: 9pfs: information leakage via xattribute
CVE-2016-9104: Qemu: 9pfs: integer overflow leading to OOB access
CVE-2016-9105: Qemu: memory leakage in v9fs_link
CVE-2016-9106: Qemu: 9pfs: memory leakage in v9fs_write
CVE-2017-5525: Qemu: audio: memory leakage in ac97 device
CVE-2017-5552: Qemu: display: virtio-gpu-3d: memory leakage in virgl_resource_attach_backing
CVE-2017-5578: Qemu: display: virtio-gpu: host memory leakage in virtio_gpu_resource_attach_backing
CVE-2017-5579: Qemu: serial: host memory leakage in 16550A UART emulation
CVE-2017-5667: Qemu: sd: sdhci OOB access during multi block SDMA transfer
CVE-2017-5856: Qemu: scsi: megasas: host memory leakage in megasas_handle_dcmd
CVE-2017-5857: display: virtio-gpu-3d: host memory leakage in virgl_cmd_resource_unref
CVE-2017-5898: Qemu: usb: integer overflow in emulated_apdu_from_guest
CVE-2017-5931: virtio: integer overflow in handling virtio-crypto requests
CVE-2017-2615: Qemu: display: cirrus: oob access while doing bitblt copy backward mode
CVE-2017-2620: Qemu: display: cirrus: potential arbitrary code execution via cirrus_bitblt_cputovideo
CVE-2017-6505: usb: an infinite loop issue in ohci_service_ed_list
Diffstat (limited to 'main/qemu/APKBUILD')
| -rw-r--r-- | main/qemu/APKBUILD | 49 |
1 files changed, 47 insertions, 2 deletions
diff --git a/main/qemu/APKBUILD b/main/qemu/APKBUILD index 0cdc70a917..5b343f66da 100644 --- a/main/qemu/APKBUILD +++ b/main/qemu/APKBUILD @@ -1,9 +1,10 @@ +# Contributor: Sergei Lukin <sergej.lukin@gmail.com> # Contributor: Valery Kartel <valery.kartel@gmail.com> # Contributor: Jakub Jirutka <jakub@jirutka.cz> # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=qemu pkgver=2.8.1 -pkgrel=0 +pkgrel=1 pkgdesc="QEMU is a generic machine emulator and virtualizer" url="http://qemu.org/" arch="all" @@ -131,8 +132,44 @@ source="http://wiki.qemu-project.org/download/$pkgname-$pkgver.tar.bz2 $pkgname-guest-agent.initd 80-kvm.rules bridge.conf + CVE-2016-9102.patch + CVE-2017-5525.patch + CVE-2017-5552.patch + CVE-2017-5578.patch + CVE-2017-5579.patch + CVE-2017-5856.patch + CVE-2017-5857.patch + CVE-2017-5898.patch " +# secfixes: +# 2.8.1-r1: +# - CVE-2016-7994 +# - CVE-2016-7995 +# - CVE-2016-8576 +# - CVE-2016-8577 +# - CVE-2016-8578 +# - CVE-2016-8668 +# - CVE-2016-8909 +# - CVE-2016-8910 +# - CVE-2016-9101 +# - CVE-2016-9102 +# - CVE-2016-9103 +# - CVE-2016-9104 +# - CVE-2016-9105 +# - CVE-2016-9106 +# - CVE-2017-2615 +# - CVE-2017-2620 +# - CVE-2017-5525 +# - CVE-2017-5552 +# - CVE-2017-5578 +# - CVE-2017-5579 +# - CVE-2017-5667 +# - CVE-2017-5856 +# - CVE-2017-5857 +# - CVE-2017-5898 +# - CVE-2017-5931 + builddir="$srcdir"/$pkgname-$pkgver prepare() { @@ -317,4 +354,12 @@ dd7a4616e22d9d6b04c6d81d95d17af0d638645c1aa306306fb0ed3a12b2de0fdd32d55c8142960c d90c034cae3f9097466854ed1a9f32ab4b02089fcdf7320e8f4da13b2b1ff65067233f48809911485e4431d7ec1a22448b934121bc9522a2dc489009e87e2b1f qemu-guest-agent.confd 316b40d97587fea717821852859d81039cfdcb276a658bb6e6fb554e321d5856a833ebb3778149c4732cea625bac320b1008d374c88a9aae35c0fb67977c01b7 qemu-guest-agent.initd 9b7a89b20fcf737832cb7b4d5dc7d8301dd88169cbe5339eda69fbb51c2e537d8cb9ec7cf37600899e734209e63410d50d0821bce97e401421db39c294d97be2 80-kvm.rules -749efa2e764006555b4fd3a8e2f6d1118ad2ea4d45acf99104a41a93cfe66dc9685f72027c17d8211e5716246c2a52322c962cf4b73b27541b69393cd57f53bb bridge.conf" +749efa2e764006555b4fd3a8e2f6d1118ad2ea4d45acf99104a41a93cfe66dc9685f72027c17d8211e5716246c2a52322c962cf4b73b27541b69393cd57f53bb bridge.conf +c605c658f6a15467b9c21fb89995497a24ee8093f1c7eb68e17d89cc106dc7f3473195287ab349e822a5a287b08845f817ac9087bc4a8293707a2b9fa8264683 CVE-2016-9102.patch +a633ffdbd6eb58b1f091553db7944b72f6c5ea412b82f8162b4ece4b3c98aa550246bb8ab865b24468455f92bbb4908d842e03e84b9fb1fb0f1084a4e6097288 CVE-2017-5525.patch +1a17a4c9c5c2bb724735dade20c196bf90f5ab419b0dc5ca3ce771ac68d493d1f831722fe1aac8636f2c22ebecaa4560693aad98a87bd4e45c9fa529a1549546 CVE-2017-5552.patch +5f104e05e904a1392ca31203f02b7b546aeb91f1a438631c8a5f0fb5c6c051b19d8d0219b2c71aadd5d5404222d5dbc8e80127d2afaea6ed2bf918007d613a8a CVE-2017-5578.patch +74415ea5e6f6bfa787a2515da86c3ead87b0a9694d6adbdd390cbb3be43e1c88b4be4a8891f46bc6af520d3d5582c9ebe70572e2bb78d13c29d5ca12695d33ed CVE-2017-5579.patch +2b051f9d9265f9039e2cfed0bbdc93360f1660ea5b4129ec01f6faa3c1b6b135f5c949ddc26fe05a91a95a3ac558e8844ec292558c1dd66552868cbbc6aa8744 CVE-2017-5856.patch +d6d000b57f1fb194f9554165621109b364ebdb61416bc07e2283f2d493c33e770d1b63002d62565aae1ac19ed0ad9e572c207341aa1ad023581f349f62158d30 CVE-2017-5857.patch +80f89d75970345fbf6771cb16ed0d48c91c52b6b63ac967b3dbef56c16b654df432fa7ada0549c1b812d3d641f831fe20cb8b0eb52c46b8e73ade2801a563a8d CVE-2017-5898.patch" |