Hi ports@,

Thanks for updating to QEMU 5.2.0 this should fix the following CVE:
CVE-2020-27616
https://github.com/qemu/qemu/commit/ca1f9cbfdce4d63b10d57de80fef89a89d92a540
CVE-2020-25085
https://git.qemu.org/?p=qemu.git;a=commit;h=dfba99f17feb6d4a129da19d38df1bcd8579d1c3
CVE-2020-25084
https://git.qemu.org/?p=qemu.git;a=commit;h=21bc31524e8ca487e976f713b878d7338ee00df2
https://git.qemu.org/?p=qemu.git;a=commit;h=2fdb42d840400d58f2e706ecca82c142b97bcbd6
CVE-2020-27617
https://github.com/qemu/qemu/commit/7564bf7701f00214cdc8a678a9f7df765244def1
CVE-2020-25625
https://git.qemu.org/?p=qemu.git;a=commit;h=1be90ebecc95b09a2ee5af3f60c412b45a766c4f
CVE-2020-28916
https://git.qemu.org/?p=qemu.git;a=commit;h=c2cb511634012344e3d0fe49a037a33b12d8a98a
CVE-2020-29443
https://git.qemu.org/?p=qemu.git;a=commit;h=813212288970c39b1800f63e83ac6e96588095c6
CVE-2020-25723
https://git.qemu.org/?p=qemu.git;a=commit;h=2fdb42d840400d58f2e706ecca82c142b97bcbd6
CVE-2020-25624
https://git.qemu.org/?p=qemu.git;a=commit;h=1328fe0c32d5474604105b8105310e944976b058
CVE-2020-27821
https://git.qemu.org/?p=qemu.git;a=commit;h=4bfb024bc76973d40a359476dc0291f46e435442

Following CVE are not fixed:
CVE-2020-25085 and CVE-2020-17380
https://git.qemu.org/?p=qemu.git;a=commit;h=b263d8f928001b5cfa2a993ea43b7a5b3a1811e8
https://git.qemu.org/?p=qemu.git;a=commit;h=8be45cc947832b3c02144c9d52921f499f2d77fe
https://git.qemu.org/?p=qemu.git;a=commit;h=bc6f28995ff88f5d82c38afcfd65406f0ae375aa
https://git.qemu.org/?p=qemu.git;a=commit;h=5cd7aa3451b76bb19c0f6adc2b931f091e5d7fcd
https://git.qemu.org/?p=qemu.git;a=commit;h=cffb446e8fd19a14e1634c7a3a8b07be3f01d5c9
CVE-2020-35517
https://github.com/qemu/qemu/commit/a3fdbbc7f271bff7d53d0501b29d910ece0b3789
CVE-2021-20263
https://github.com/qemu/qemu/commit/e586edcb410543768ef009eaa22a2d9dd4a53846
CVE-2021-20196
https://lists.nongnu.org/archive/html/qemu-devel/2021-01/msg05986.html
CVE-2021-20203
https://bugs.launchpad.net/qemu/+bug/1913873
CVE-2021-3392
https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg00488.html
CVE-2021-3416
https://git.qemu.org/?p=qemu.git;a=commit;h=705df5466c98f3efdd2b68d3b31dad86858acad7
https://git.qemu.org/?p=qemu.git;a=commit;h=1caff0340f49c93d535c6558a5138d20d475315c
https://git.qemu.org/?p=qemu.git;a=commit;h=331d2ac9ea307c990dc86e6493e8f0c48d14bb33
https://git.qemu.org/?p=qemu.git;a=commit;h=26194a58f4eb83c5bdf4061a1628508084450ba1
https://git.qemu.org/?p=qemu.git;a=commit;h=8c92060d3c0248bd4d515719a35922cd2391b9b4
https://git.qemu.org/?p=qemu.git;a=commit;h=8c552542b81e56ff532dd27ec6e5328954bdda73
https://git.qemu.org/?p=qemu.git;a=commit;h=5311fb805a4403bba024e83886fa0e7572265de4
https://git.qemu.org/?p=qemu.git;a=commit;h=99ccfaa1edafd79f7a3a0ff7b58ae4da7c514928
https://git.qemu.org/?p=qemu.git;a=commit;h=e73adfbeec9d4e008630c814759052ed945c3fed
https://git.qemu.org/?p=qemu.git;a=commit;h=37cee01784ff0df13e5209517e1b3594a5e792d1
CVE-2021-20255
https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html
CVE-2021-20181
https://git.qemu.org/?p=qemu.git;a=commitdiff;h=89fbea8737e8f7b954745a1ffc4238d377055305

This list is incomplete.

Currently the patch to update the version number does not apply as the
changes suggested by Landry were implemented for 5.1.0.

I'd welcome an update to 5.2.0 anyways.
mbuhl

Reply via email to