Package "qemu-system-x86-microvm"

  qemu (1:6.2+dfsg-2ubuntu6.24) jammy-security; urgency=medium

  * SECURITY UPDATE: denial of service
    - debian/patches/CVE-2023-3019-pre1.patch: Add definition for
      MemReentrancyGuard struct and add to DeviceState struct
    - debian/patches/CVE-2023-3019-1.patch: Provide MemReentrancyGuard *
      to qemu_new_nic()
    - debian/patches/CVE-2023-3019-2.patch: Update MemReentrancyGuard for
      NIC
    - CVE-2023-3019

 -- Bruce Cable <email address hidden> Tue, 22 Oct 2024 16:33:28 +1100

  qemu (1:6.2+dfsg-2ubuntu6.23) jammy; urgency=medium

  * Implement support for secure execution guest dump encryption with
    customer keys on s390x. (LP: #1959966)
    - d/p/u/lp1959966-kvm-secure-guest-exec-*.patch: Backport upstream
      patches to implement feature.

 -- Sergio Durigan Junior <email address hidden> Tue, 20 Aug 2024 14:35:13 -0400

  qemu (1:6.2+dfsg-2ubuntu6.22) jammy-security; urgency=medium

  * SECURITY UPDATE: null dereference
    - debian/patches/CVE-2023-6683-1.patch: Check size before
      populating info->types data
    - debian/patches/CVE-2023-6683-2.patch: Check clipboard types
      for if a callback needs to be set
    - CVE-2023-6683
  * SECURITY UPDATE: stack based buffer overflow
    - debian/patches/CVE-2023-6693.patch: Correctly copy vnet header
      when flushing TX
    - CVE-2023-6693
  * SECURITY UPDATE: integer underflow
    - debian/patches/CVE-2024-24474.patch: Restrict non-DMA transfer
      length to that of available data
    - CVE-2024-24474

 -- Bruce Cable <email address hidden> Thu, 01 Aug 2024 13:08:05 +1000

  qemu (1:6.2+dfsg-2ubuntu6.21) jammy-security; urgency=medium

  * SECURITY REGRESSION: 9pfs restrictions on sockets (LP: #2065579)
    - debian/patches/ubuntu/lp-2065579-9pfs-allow-sockets.patch: allow
      sockets and FIFOs to be opened in hw/9pfs/9p-util.h. The fix for
      CVE-2023-2861 was too restrictive for some use-cases.

 -- Marc Deslauriers <email address hidden> Wed, 05 Jun 2024 12:25:53 -0400

  qemu (1:6.2+dfsg-2ubuntu6.19) jammy; urgency=medium

  * d/p/u/lp2012763-maxcpus-too-low.patch: Bump max_cpus to 1024 on
    amd64. (LP: #2012763)

 -- Sergio Durigan Junior <email address hidden> Mon, 18 Mar 2024 16:38:25 -0400