Changelog
qemu (1:5.2+dfsg-11+deb11u2) bullseye-security; urgency=medium
* virtio-net-fix-map-leaking-on-error-during-receive-CVE-2022-26353.patch
fix memory leak after fix for CVE-2021-3748
* vhost-vsock-detach-the-virqueue-element-on-error-CVE-2022-26354.patch
vhost-sock device was not detaching invalid element from
the virtqueue on error
* ui-cursor-fix-integer-overflow-in-cursor_alloc-CVE-2021-4206.patch,
display-qxl-render-fix-race-condition-in-qxl_cursor-CVE-2021-4207.patch
two flaws can lead to allocation of small cursor object followed by a
subsequent heap-based buffer overflow with a potential for executing
arbitrary code within the context of QEMU process
* virtiofsd-drop-membership-of-all-supplementary-group-CVE-2022-0358.patch
potential group escalation allowed by virtiofsd
-- Michael Tokarev <email address hidden> Wed, 04 May 2022 22:50:01 +0300