Hi ports@, Thanks for updating to QEMU 5.2.0 this should fix the following CVE: CVE-2020-27616 https://github.com/qemu/qemu/commit/ca1f9cbfdce4d63b10d57de80fef89a89d92a540 CVE-2020-25085 https://git.qemu.org/?p=qemu.git;a=commit;h=dfba99f17feb6d4a129da19d38df1bcd8579d1c3 CVE-2020-25084 https://git.qemu.org/?p=qemu.git;a=commit;h=21bc31524e8ca487e976f713b878d7338ee00df2 https://git.qemu.org/?p=qemu.git;a=commit;h=2fdb42d840400d58f2e706ecca82c142b97bcbd6 CVE-2020-27617 https://github.com/qemu/qemu/commit/7564bf7701f00214cdc8a678a9f7df765244def1 CVE-2020-25625 https://git.qemu.org/?p=qemu.git;a=commit;h=1be90ebecc95b09a2ee5af3f60c412b45a766c4f CVE-2020-28916 https://git.qemu.org/?p=qemu.git;a=commit;h=c2cb511634012344e3d0fe49a037a33b12d8a98a CVE-2020-29443 https://git.qemu.org/?p=qemu.git;a=commit;h=813212288970c39b1800f63e83ac6e96588095c6 CVE-2020-25723 https://git.qemu.org/?p=qemu.git;a=commit;h=2fdb42d840400d58f2e706ecca82c142b97bcbd6 CVE-2020-25624 https://git.qemu.org/?p=qemu.git;a=commit;h=1328fe0c32d5474604105b8105310e944976b058 CVE-2020-27821 https://git.qemu.org/?p=qemu.git;a=commit;h=4bfb024bc76973d40a359476dc0291f46e435442
Following CVE are not fixed: CVE-2020-25085 and CVE-2020-17380 https://git.qemu.org/?p=qemu.git;a=commit;h=b263d8f928001b5cfa2a993ea43b7a5b3a1811e8 https://git.qemu.org/?p=qemu.git;a=commit;h=8be45cc947832b3c02144c9d52921f499f2d77fe https://git.qemu.org/?p=qemu.git;a=commit;h=bc6f28995ff88f5d82c38afcfd65406f0ae375aa https://git.qemu.org/?p=qemu.git;a=commit;h=5cd7aa3451b76bb19c0f6adc2b931f091e5d7fcd https://git.qemu.org/?p=qemu.git;a=commit;h=cffb446e8fd19a14e1634c7a3a8b07be3f01d5c9 CVE-2020-35517 https://github.com/qemu/qemu/commit/a3fdbbc7f271bff7d53d0501b29d910ece0b3789 CVE-2021-20263 https://github.com/qemu/qemu/commit/e586edcb410543768ef009eaa22a2d9dd4a53846 CVE-2021-20196 https://lists.nongnu.org/archive/html/qemu-devel/2021-01/msg05986.html CVE-2021-20203 https://bugs.launchpad.net/qemu/+bug/1913873 CVE-2021-3392 https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg00488.html CVE-2021-3416 https://git.qemu.org/?p=qemu.git;a=commit;h=705df5466c98f3efdd2b68d3b31dad86858acad7 https://git.qemu.org/?p=qemu.git;a=commit;h=1caff0340f49c93d535c6558a5138d20d475315c https://git.qemu.org/?p=qemu.git;a=commit;h=331d2ac9ea307c990dc86e6493e8f0c48d14bb33 https://git.qemu.org/?p=qemu.git;a=commit;h=26194a58f4eb83c5bdf4061a1628508084450ba1 https://git.qemu.org/?p=qemu.git;a=commit;h=8c92060d3c0248bd4d515719a35922cd2391b9b4 https://git.qemu.org/?p=qemu.git;a=commit;h=8c552542b81e56ff532dd27ec6e5328954bdda73 https://git.qemu.org/?p=qemu.git;a=commit;h=5311fb805a4403bba024e83886fa0e7572265de4 https://git.qemu.org/?p=qemu.git;a=commit;h=99ccfaa1edafd79f7a3a0ff7b58ae4da7c514928 https://git.qemu.org/?p=qemu.git;a=commit;h=e73adfbeec9d4e008630c814759052ed945c3fed https://git.qemu.org/?p=qemu.git;a=commit;h=37cee01784ff0df13e5209517e1b3594a5e792d1 CVE-2021-20255 https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html CVE-2021-20181 https://git.qemu.org/?p=qemu.git;a=commitdiff;h=89fbea8737e8f7b954745a1ffc4238d377055305 This list is incomplete. Currently the patch to update the version number does not apply as the changes suggested by Landry were implemented for 5.1.0. I'd welcome an update to 5.2.0 anyways. mbuhl
