Bug#1007931: marked as done (buster-pu: package qemu/1:3.1+dfsg-8+deb10u9)

[Debian Bug Tracking System]

Your message dated Wed, 3 Aug 2022 18:45:57 +0200
with message-id <6faca342-ca3f-7d71-5d92-16d4ba3ed...@beuc.net>
and subject line Re: buster-pu: package qemu/1:3.1+dfsg-8+deb10u9
has caused the Debian Bug report #1007931,
regarding buster-pu: package qemu/1:3.1+dfsg-8+deb10u9
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1007931: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007931
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian....@packages.debian.org
Usertags: pu
X-Debbugs-Cc: m...@tls.msk.ru

Various low severity qemu issues, but since quite a few
of those have piled up, it makes sense to move to an
update. Debdiff below.

Cheers,
        Moritz

diff -Nru qemu-3.1+dfsg/debian/changelog qemu-3.1+dfsg/debian/changelog
--- qemu-3.1+dfsg/debian/changelog      2020-07-24 14:00:34.000000000 +0200
+++ qemu-3.1+dfsg/debian/changelog      2022-02-15 18:53:24.000000000 +0100
@@ -1,3 +1,34 @@
+qemu (1:3.1+dfsg-8+deb10u9) buster; urgency=medium
+
+  * CVE-2021-3930
+  * CVE-2021-3748 (Closes: #993401)
+  * CVE-2021-3713 (Closes: #992727)
+  * CVE-2021-3682 (Closes: #991911)
+  * CVE-2021-3608 (Closes: #990563)
+  * CVE-2021-3607 (Closes: #990564)
+  * CVE-2021-3582 (Closes: #990565)
+  * CVE-2021-3527 (Closes: #988157)
+  * CVE-2021-3392 (Closes: #984449)
+  * CVE-2021-20257 (Closes: #984450)
+  * CVE-2021-20221
+  * CVE-2021-20203 (Closes: #984452)
+  * CVE-2021-20196 (Closes: #984453)
+  * CVE-2021-20181
+  * CVE-2020-35505 (Closes: #979679)
+  * CVE-2020-35504 (Closes: #979679)
+  * CVE-2020-27617 (Closes: #973324)
+  * CVE-2020-25723 (Closes: #975276)
+  * CVE-2020-25624 (Closes: #970541)
+  * CVE-2020-25625 (Closes: #970542)
+  * CVE-2020-25085 (Closes: #970540)
+  * CVE-2020-25084 (Closes: #970539)
+  * CVE-2020-15859 (Closes: #965978)
+  * CVE-2020-13253 (Closes: #961297)
+  * None of the slirp changes got backported to 3.1, if you use it you should
+    really upgrade to the version of qemu in bullseye
+
+ -- Moritz Mühlenhoff <j...@debian.org>  Tue, 15 Feb 2022 18:53:24 +0100
+
 qemu (1:3.1+dfsg-8+deb10u8) buster-security; urgency=medium
 
   * mention fixing of CVE-2020-13765 in 3.1+dfsg-8+deb10u6
diff -Nru qemu-3.1+dfsg/debian/patches/CVE-2020-13253.patch 
qemu-3.1+dfsg/debian/patches/CVE-2020-13253.patch
--- qemu-3.1+dfsg/debian/patches/CVE-2020-13253.patch   1970-01-01 
01:00:00.000000000 +0100
+++ qemu-3.1+dfsg/debian/patches/CVE-2020-13253.patch   2022-02-01 
16:26:24.000000000 +0100
@@ -0,0 +1,80 @@
+790762e5487114341cccc5bffcec4cb3c022c3cd / CVE-2020-13253
+
+--- qemu-3.1+dfsg.orig/hw/sd/sd.c
++++ qemu-3.1+dfsg/hw/sd/sd.c
+@@ -1149,12 +1149,14 @@ static sd_rsp_type_t sd_normal_command(S
+     case 17:  /* CMD17:  READ_SINGLE_BLOCK */
+         switch (sd->state) {
+         case sd_transfer_state:
++            if (addr + sd->blk_len > sd->size) {
++                sd->card_status |= ADDRESS_ERROR;
++                return sd_r1;
++            }
++
+             sd->state = sd_sendingdata_state;
+             sd->data_start = addr;
+             sd->data_offset = 0;
+-
+-            if (sd->data_start + sd->blk_len > sd->size)
+-                sd->card_status |= ADDRESS_ERROR;
+             return sd_r1;
+ 
+         default:
+@@ -1165,12 +1167,14 @@ static sd_rsp_type_t sd_normal_command(S
+     case 18:  /* CMD18:  READ_MULTIPLE_BLOCK */
+         switch (sd->state) {
+         case sd_transfer_state:
++            if (addr + sd->blk_len > sd->size) {
++                sd->card_status |= ADDRESS_ERROR;
++                return sd_r1;
++            }
++
+             sd->state = sd_sendingdata_state;
+             sd->data_start = addr;
+             sd->data_offset = 0;
+-
+-            if (sd->data_start + sd->blk_len > sd->size)
+-                sd->card_status |= ADDRESS_ERROR;
+             return sd_r1;
+ 
+         default:
+@@ -1210,13 +1214,17 @@ static sd_rsp_type_t sd_normal_command(S
+             /* Writing in SPI mode not implemented.  */
+             if (sd->spi)
+                 break;
++
++            if (addr + sd->blk_len > sd->size) {
++                sd->card_status |= ADDRESS_ERROR;
++                return sd_r1;
++            }
++
+             sd->state = sd_receivingdata_state;
+             sd->data_start = addr;
+             sd->data_offset = 0;
+             sd->blk_written = 0;
+ 
+-            if (sd->data_start + sd->blk_len > sd->size)
+-                sd->card_status |= ADDRESS_ERROR;
+             if (sd_wp_addr(sd, sd->data_start))
+                 sd->card_status |= WP_VIOLATION;
+             if (sd->csd[14] & 0x30)
+@@ -1234,13 +1242,17 @@ static sd_rsp_type_t sd_normal_command(S
+             /* Writing in SPI mode not implemented.  */
+             if (sd->spi)
+                 break;
++
++            if (addr + sd->blk_len > sd->size) {
++                sd->card_status |= ADDRESS_ERROR;
++                return sd_r1;
++            }
++
+             sd->state = sd_receivingdata_state;
+             sd->data_start = addr;
+             sd->data_offset = 0;
+             sd->blk_written = 0;
+ 
+-            if (sd->data_start + sd->blk_len > sd->size)
+-                sd->card_status |= ADDRESS_ERROR;
+             if (sd_wp_addr(sd, sd->data_start))
+                 sd->card_status |= WP_VIOLATION;
+             if (sd->csd[14] & 0x30)
diff -Nru qemu-3.1+dfsg/debian/patches/CVE-2020-15859.patch 
qemu-3.1+dfsg/debian/patches/CVE-2020-15859.patch
--- qemu-3.1+dfsg/debian/patches/CVE-2020-15859.patch   1970-01-01 
01:00:00.000000000 +0100
+++ qemu-3.1+dfsg/debian/patches/CVE-2020-15859.patch   2022-02-01 
16:31:48.000000000 +0100
@@ -0,0 +1,14 @@
+22dc8663d9fc7baa22100544c600b6285a63c7a3 / CVE-2020-15859
+
+--- qemu-3.1+dfsg.orig/net/queue.c
++++ qemu-3.1+dfsg/net/queue.c
+@@ -250,6 +250,9 @@ void qemu_net_queue_purge(NetQueue *queu
+ 
+ bool qemu_net_queue_flush(NetQueue *queue)
+ {
++    if (queue->delivering)
++        return false;
++
+     while (!QTAILQ_EMPTY(&queue->packets)) {
+         NetPacket *packet;
+         int ret;
diff -Nru qemu-3.1+dfsg/debian/patches/CVE-2020-25084.patch 
qemu-3.1+dfsg/debian/patches/CVE-2020-25084.patch
--- qemu-3.1+dfsg/debian/patches/CVE-2020-25084.patch   1970-01-01 
01:00:00.000000000 +0100
+++ qemu-3.1+dfsg/debian/patches/CVE-2020-25084.patch   2022-02-01 
16:36:57.000000000 +0100
@@ -0,0 +1,16 @@
+21bc31524e8ca487e976f713b878d7338ee00df2 / CVE-2020-25084
+
+--- qemu-3.1+dfsg.orig/hw/usb/hcd-xhci.c
++++ qemu-3.1+dfsg/hw/usb/hcd-xhci.c
+@@ -1607,7 +1607,10 @@ static int xhci_setup_packet(XHCITransfe
+     xhci_xfer_create_sgl(xfer, dir == USB_TOKEN_IN); /* Also sets int_req */
+     usb_packet_setup(&xfer->packet, dir, ep, xfer->streamid,
+                      xfer->trbs[0].addr, false, xfer->int_req);
+-    usb_packet_map(&xfer->packet, &xfer->sgl);
++    if (usb_packet_map(&xfer->packet, &xfer->sgl)) {
++        qemu_sglist_destroy(&xfer->sgl);
++        return -1;
++    }
+     DPRINTF("xhci: setup packet pid 0x%x addr %d ep %d\n",
+             xfer->packet.pid, ep->dev->addr, ep->nr);
+     return 0;
diff -Nru qemu-3.1+dfsg/debian/patches/CVE-2020-25085.patch 
qemu-3.1+dfsg/debian/patches/CVE-2020-25085.patch
--- qemu-3.1+dfsg/debian/patches/CVE-2020-25085.patch   1970-01-01 
01:00:00.000000000 +0100
+++ qemu-3.1+dfsg/debian/patches/CVE-2020-25085.patch   2022-02-01 
16:41:15.000000000 +0100
@@ -0,0 +1,13 @@
+dfba99f17feb6d4a129da19d38df1bcd8579d1c3 / CVE-2020-25085
+
+--- qemu-3.1+dfsg.orig/hw/sd/sdhci.c
++++ qemu-3.1+dfsg/hw/sd/sdhci.c
+@@ -1144,7 +1144,7 @@ sdhci_write(void *opaque, hwaddr offset,
+         break;
+     case SDHC_BLKSIZE:
+         if (!TRANSFERRING_DATA(s->prnsts)) {
+-            MASKED_WRITE(s->blksize, mask, value);
++            MASKED_WRITE(s->blksize, mask, extract32(value, 0, 12));
+             MASKED_WRITE(s->blkcnt, mask >> 16, value >> 16);
+         }
+ 
diff -Nru qemu-3.1+dfsg/debian/patches/CVE-2020-25624.patch 
qemu-3.1+dfsg/debian/patches/CVE-2020-25624.patch
--- qemu-3.1+dfsg/debian/patches/CVE-2020-25624.patch   1970-01-01 
01:00:00.000000000 +0100
+++ qemu-3.1+dfsg/debian/patches/CVE-2020-25624.patch   2022-02-01 
17:10:14.000000000 +0100
@@ -0,0 +1,58 @@
+1328fe0c32d5474604105b8105310e944976b058 / CVE-2020-25624
+
+--- qemu-3.1+dfsg.orig/hw/usb/hcd-ohci.c
++++ qemu-3.1+dfsg/hw/usb/hcd-ohci.c
+@@ -797,7 +797,11 @@ static int ohci_service_iso_td(OHCIState
+     }
+ 
+     start_offset = iso_td.offset[relative_frame_number];
+-    next_offset = iso_td.offset[relative_frame_number + 1];
++    if (relative_frame_number < frame_count) {
++        next_offset = iso_td.offset[relative_frame_number + 1];
++    } else {
++        next_offset = iso_td.be;
++    }
+ 
+     if (!(OHCI_BM(start_offset, TD_PSW_CC) & 0xe) || 
+         ((relative_frame_number < frame_count) && 
+@@ -830,7 +834,12 @@ static int ohci_service_iso_td(OHCIState
+         }
+     } else {
+         /* Last packet in the ISO TD */
+-        end_addr = iso_td.be;
++        end_addr = next_offset;
++    }
++
++    if (start_addr > end_addr) {
++        trace_usb_ohci_iso_td_bad_cc_overrun(start_addr, end_addr);
++        return 1;
+     }
+ 
+     if ((start_addr & OHCI_PAGE_MASK) != (end_addr & OHCI_PAGE_MASK)) {
+@@ -839,6 +848,9 @@ static int ohci_service_iso_td(OHCIState
+     } else {
+         len = end_addr - start_addr + 1;
+     }
++    if (len > sizeof(ohci->usb_buf)) {
++        len = sizeof(ohci->usb_buf);
++    }
+ 
+     if (len && dir != OHCI_TD_DIR_IN) {
+         if (ohci_copy_iso_td(ohci, start_addr, end_addr, ohci->usb_buf, len,
+@@ -1037,8 +1049,16 @@ static int ohci_service_td(OHCIState *oh
+         if ((td.cbp & 0xfffff000) != (td.be & 0xfffff000)) {
+             len = (td.be & 0xfff) + 0x1001 - (td.cbp & 0xfff);
+         } else {
++            if (td.cbp > td.be) {
++                trace_usb_ohci_iso_td_bad_cc_overrun(td.cbp, td.be);
++                ohci_die(ohci);
++                return 1;
++            }
+             len = (td.be - td.cbp) + 1;
+         }
++        if (len > sizeof(ohci->usb_buf)) {
++            len = sizeof(ohci->usb_buf);
++        }
+ 
+         pktlen = len;
+         if (len && dir != OHCI_TD_DIR_IN) {
diff -Nru qemu-3.1+dfsg/debian/patches/CVE-2020-25625.patch 
qemu-3.1+dfsg/debian/patches/CVE-2020-25625.patch
--- qemu-3.1+dfsg/debian/patches/CVE-2020-25625.patch   1970-01-01 
01:00:00.000000000 +0100
+++ qemu-3.1+dfsg/debian/patches/CVE-2020-25625.patch   2022-02-01 
16:53:28.000000000 +0100
@@ -0,0 +1,15 @@
+1be90ebecc95b09a2ee5af3f60c412b45a766c4f / CVE-2020-25625
+
+--- qemu-3.1+dfsg.orig/hw/usb/hcd-ohci.c
++++ qemu-3.1+dfsg/hw/usb/hcd-ohci.c
+@@ -753,6 +753,10 @@ static int ohci_service_iso_td(OHCIState
+            the next ISO TD of the same ED */
+         trace_usb_ohci_iso_td_relative_frame_number_big(relative_frame_number,
+                                                         frame_count);
++        if (OHCI_CC_DATAOVERRUN == OHCI_BM(iso_td.flags, TD_CC)) {
++            /* avoid infinite loop */
++            return 1;
++        }
+         OHCI_SET_BM(iso_td.flags, TD_CC, OHCI_CC_DATAOVERRUN);
+         ed->head &= ~OHCI_DPTR_MASK;
+         ed->head |= (iso_td.next & OHCI_DPTR_MASK);
diff -Nru qemu-3.1+dfsg/debian/patches/CVE-2020-25723.patch 
qemu-3.1+dfsg/debian/patches/CVE-2020-25723.patch
--- qemu-3.1+dfsg/debian/patches/CVE-2020-25723.patch   1970-01-01 
01:00:00.000000000 +0100
+++ qemu-3.1+dfsg/debian/patches/CVE-2020-25723.patch   2022-02-01 
17:13:16.000000000 +0100
@@ -0,0 +1,28 @@
+2fdb42d840400d58f2e706ecca82c142b97bcbd6 / CVE-2020-25723
+
+--- qemu-3.1+dfsg.orig/hw/usb/hcd-ehci.c
++++ qemu-3.1+dfsg/hw/usb/hcd-ehci.c
+@@ -1371,7 +1371,10 @@ static int ehci_execute(EHCIPacket *p, c
+         spd = (p->pid == USB_TOKEN_IN && NLPTR_TBIT(p->qtd.altnext) == 0);
+         usb_packet_setup(&p->packet, p->pid, ep, 0, p->qtdaddr, spd,
+                          (p->qtd.token & QTD_TOKEN_IOC) != 0);
+-        usb_packet_map(&p->packet, &p->sgl);
++        if (usb_packet_map(&p->packet, &p->sgl)) {
++            qemu_sglist_destroy(&p->sgl);
++            return -1;
++        }
+         p->async = EHCI_ASYNC_INITIALIZED;
+     }
+ 
+@@ -1447,7 +1450,10 @@ static int ehci_process_itd(EHCIState *e
+             if (ep && ep->type == USB_ENDPOINT_XFER_ISOC) {
+                 usb_packet_setup(&ehci->ipacket, pid, ep, 0, addr, false,
+                                  (itd->transact[i] & ITD_XACT_IOC) != 0);
+-                usb_packet_map(&ehci->ipacket, &ehci->isgl);
++                if (usb_packet_map(&ehci->ipacket, &ehci->isgl)) {
++                    qemu_sglist_destroy(&ehci->isgl);
++                    return -1;
++                }
+                 usb_handle_packet(dev, &ehci->ipacket);
+                 usb_packet_unmap(&ehci->ipacket, &ehci->isgl);
+             } else {
diff -Nru qemu-3.1+dfsg/debian/patches/CVE-2020-27617.patch 
qemu-3.1+dfsg/debian/patches/CVE-2020-27617.patch
--- qemu-3.1+dfsg/debian/patches/CVE-2020-27617.patch   1970-01-01 
01:00:00.000000000 +0100
+++ qemu-3.1+dfsg/debian/patches/CVE-2020-27617.patch   2022-02-01 
17:17:03.000000000 +0100
@@ -0,0 +1,24 @@
+7564bf7701f00214cdc8a678a9f7df765244def1 / CVE-2020-27617
+
+--- qemu-3.1+dfsg.orig/net/eth.c
++++ qemu-3.1+dfsg/net/eth.c
+@@ -16,6 +16,7 @@
+  */
+ 
+ #include "qemu/osdep.h"
++#include "qemu/log.h"
+ #include "net/eth.h"
+ #include "net/checksum.h"
+ #include "qemu-common.h"
+@@ -72,9 +73,8 @@ eth_get_gso_type(uint16_t l3_proto, uint
+             return VIRTIO_NET_HDR_GSO_TCPV6 | ecn_state;
+         }
+     }
+-
+-    /* Unsupported offload */
+-    g_assert_not_reached();
++    qemu_log_mask(LOG_UNIMP, "%s: probably not GSO frame, "
++        "unknown L3 protocol: 0x%04"PRIx16"\n", __func__, l3_proto);
+ 
+     return VIRTIO_NET_HDR_GSO_NONE | ecn_state;
+ }
diff -Nru qemu-3.1+dfsg/debian/patches/CVE-2020-35504.patch 
qemu-3.1+dfsg/debian/patches/CVE-2020-35504.patch
--- qemu-3.1+dfsg/debian/patches/CVE-2020-35504.patch   1970-01-01 
01:00:00.000000000 +0100
+++ qemu-3.1+dfsg/debian/patches/CVE-2020-35504.patch   2022-02-04 
17:20:46.000000000 +0100
@@ -0,0 +1,26 @@
+0db895361b8a82e1114372ff9f4857abea605701 / CVE-2020-35504
+
+--- qemu-3.1+dfsg.orig/hw/scsi/esp.c
++++ qemu-3.1+dfsg/hw/scsi/esp.c
+@@ -252,6 +252,9 @@ static void esp_do_dma(ESPState *s)
+         s->dma_memory_read(s->dma_opaque, &s->cmdbuf[s->cmdlen], len);
+         return;
+     }
++    if (!s->current_req) {
++        return;
++    }
+     if (s->async_len == 0) {
+         /* Defer until data is available.  */
+         return;
+@@ -265,6 +268,11 @@ static void esp_do_dma(ESPState *s)
+     } else {
+         s->dma_memory_write(s->dma_opaque, s->async_buf, len);
+     }
++
++    if (!s->current_req) {
++        return;
++    }
++
+     s->dma_left -= len;
+     s->async_buf += len;
+     s->async_len -= len;
diff -Nru qemu-3.1+dfsg/debian/patches/CVE-2020-35505.patch 
qemu-3.1+dfsg/debian/patches/CVE-2020-35505.patch
--- qemu-3.1+dfsg/debian/patches/CVE-2020-35505.patch   1970-01-01 
01:00:00.000000000 +0100
+++ qemu-3.1+dfsg/debian/patches/CVE-2020-35505.patch   2022-02-04 
17:30:17.000000000 +0100
@@ -0,0 +1,15 @@
+99545751734035b76bd372c4e7215bb337428d89 / CVE-2020-35505
+
+--- qemu-3.1+dfsg.orig/hw/scsi/esp.c
++++ qemu-3.1+dfsg/hw/scsi/esp.c
+@@ -135,6 +135,10 @@ static void do_busid_cmd(ESPState *s, ui
+ 
+     trace_esp_do_busid_cmd(busid);
+     lun = busid & 7;
++
++    if (!s->current_dev) {
++        return;
++    }
+     current_lun = scsi_device_find(&s->bus, 0, s->current_dev->id, lun);
+     s->current_req = scsi_req_new(current_lun, 0, lun, buf, s);
+     datalen = scsi_req_enqueue(s->current_req);
diff -Nru qemu-3.1+dfsg/debian/patches/CVE-2021-20181.patch 
qemu-3.1+dfsg/debian/patches/CVE-2021-20181.patch
--- qemu-3.1+dfsg/debian/patches/CVE-2021-20181.patch   1970-01-01 
01:00:00.000000000 +0100
+++ qemu-3.1+dfsg/debian/patches/CVE-2021-20181.patch   2022-02-04 
17:33:05.000000000 +0100
@@ -0,0 +1,25 @@
+89fbea8737e8f7b954745a1ffc4238d377055305 / CVE-2021-20181
+
+--- qemu-3.1+dfsg.orig/hw/9pfs/9p.c
++++ qemu-3.1+dfsg/hw/9pfs/9p.c
+@@ -498,9 +498,9 @@ static int coroutine_fn v9fs_mark_fids_u
+ {
+     int err;
+     V9fsState *s = pdu->s;
+-    V9fsFidState *fidp, head_fid;
++    V9fsFidState *fidp;
+ 
+-    head_fid.next = s->fid_list;
++again:
+     for (fidp = s->fid_list; fidp; fidp = fidp->next) {
+         if (fidp->path.size != path->size) {
+             continue;
+@@ -520,7 +520,7 @@ static int coroutine_fn v9fs_mark_fids_u
+              * switched to the worker thread
+              */
+             if (err == 0) {
+-                fidp = &head_fid;
++                goto again;
+             }
+         }
+     }
diff -Nru qemu-3.1+dfsg/debian/patches/CVE-2021-20203.patch 
qemu-3.1+dfsg/debian/patches/CVE-2021-20203.patch
--- qemu-3.1+dfsg/debian/patches/CVE-2021-20203.patch   1970-01-01 
01:00:00.000000000 +0100
+++ qemu-3.1+dfsg/debian/patches/CVE-2021-20203.patch   2022-02-04 
20:11:13.000000000 +0100
@@ -0,0 +1,52 @@
+d05dcd94aee88728facafb993c7280547eb4d645 / CVE-2021-20203
+
+--- qemu-3.1+dfsg.orig/hw/net/vmxnet3.c
++++ qemu-3.1+dfsg/hw/net/vmxnet3.c
+@@ -1532,6 +1532,7 @@ static void vmxnet3_activate_device(VMXN
+     vmxnet3_setup_rx_filtering(s);
+     /* Cache fields from shared memory */
+     s->mtu = VMXNET3_READ_DRV_SHARED32(d, s->drv_shmem, devRead.misc.mtu);
++    assert(VMXNET3_MIN_MTU <= s->mtu && s->mtu < VMXNET3_MAX_MTU);
+     VMW_CFPRN("MTU is %u", s->mtu);
+ 
+     s->max_rx_frags =
+@@ -1585,6 +1586,9 @@ static void vmxnet3_activate_device(VMXN
+         /* Read rings memory locations for TX queues */
+         pa = VMXNET3_READ_TX_QUEUE_DESCR64(d, qdescr_pa, conf.txRingBasePA);
+         size = VMXNET3_READ_TX_QUEUE_DESCR32(d, qdescr_pa, conf.txRingSize);
++        if (size > VMXNET3_TX_RING_MAX_SIZE) {
++            size = VMXNET3_TX_RING_MAX_SIZE;
++        }
+ 
+         vmxnet3_ring_init(d, &s->txq_descr[i].tx_ring, pa, size,
+                           sizeof(struct Vmxnet3_TxDesc), false);
+@@ -1595,6 +1599,9 @@ static void vmxnet3_activate_device(VMXN
+         /* TXC ring */
+         pa = VMXNET3_READ_TX_QUEUE_DESCR64(d, qdescr_pa, conf.compRingBasePA);
+         size = VMXNET3_READ_TX_QUEUE_DESCR32(d, qdescr_pa, conf.compRingSize);
++        if (size > VMXNET3_TC_RING_MAX_SIZE) {
++            size = VMXNET3_TC_RING_MAX_SIZE;
++        }
+         vmxnet3_ring_init(d, &s->txq_descr[i].comp_ring, pa, size,
+                           sizeof(struct Vmxnet3_TxCompDesc), true);
+         VMXNET3_RING_DUMP(VMW_CFPRN, "TXC", i, &s->txq_descr[i].comp_ring);
+@@ -1636,6 +1643,9 @@ static void vmxnet3_activate_device(VMXN
+             /* RX rings */
+             pa = VMXNET3_READ_RX_QUEUE_DESCR64(d, qd_pa, 
conf.rxRingBasePA[j]);
+             size = VMXNET3_READ_RX_QUEUE_DESCR32(d, qd_pa, 
conf.rxRingSize[j]);
++            if (size > VMXNET3_RX_RING_MAX_SIZE) {
++                size = VMXNET3_RX_RING_MAX_SIZE;
++            }
+             vmxnet3_ring_init(d, &s->rxq_descr[i].rx_ring[j], pa, size,
+                               sizeof(struct Vmxnet3_RxDesc), false);
+             VMW_CFPRN("RX queue %d:%d: Base: %" PRIx64 ", Size: %d",
+@@ -1645,6 +1655,9 @@ static void vmxnet3_activate_device(VMXN
+         /* RXC ring */
+         pa = VMXNET3_READ_RX_QUEUE_DESCR64(d, qd_pa, conf.compRingBasePA);
+         size = VMXNET3_READ_RX_QUEUE_DESCR32(d, qd_pa, conf.compRingSize);
++        if (size > VMXNET3_RC_RING_MAX_SIZE) {
++            size = VMXNET3_RC_RING_MAX_SIZE;
++        }
+         vmxnet3_ring_init(d, &s->rxq_descr[i].comp_ring, pa, size,
+                           sizeof(struct Vmxnet3_RxCompDesc), true);
+         VMW_CFPRN("RXC queue %d: Base: %" PRIx64 ", Size: %d", i, pa, size);
diff -Nru qemu-3.1+dfsg/debian/patches/CVE-2021-20221.patch 
qemu-3.1+dfsg/debian/patches/CVE-2021-20221.patch
--- qemu-3.1+dfsg/debian/patches/CVE-2021-20221.patch   1970-01-01 
01:00:00.000000000 +0100
+++ qemu-3.1+dfsg/debian/patches/CVE-2021-20221.patch   2022-02-11 
17:20:09.000000000 +0100
@@ -0,0 +1,13 @@
+edfe2eb4360cde4ed5d95bda7777edcb3510f76a / CVE-2021-20221
+
+--- qemu-3.1+dfsg.orig/hw/intc/arm_gic.c
++++ qemu-3.1+dfsg/hw/intc/arm_gic.c
+@@ -1453,7 +1453,7 @@ static void gic_dist_writel(void *opaque
+         int target_cpu;
+ 
+         cpu = gic_get_current_cpu(s);
+-        irq = value & 0x3ff;
++        irq = value & 0xf;
+         switch ((value >> 24) & 3) {
+         case 0:
+             mask = (value >> 16) & ALL_CPU_MASK;
diff -Nru qemu-3.1+dfsg/debian/patches/CVE-2021-20257.patch 
qemu-3.1+dfsg/debian/patches/CVE-2021-20257.patch
--- qemu-3.1+dfsg/debian/patches/CVE-2021-20257.patch   1970-01-01 
01:00:00.000000000 +0100
+++ qemu-3.1+dfsg/debian/patches/CVE-2021-20257.patch   2022-02-11 
17:23:08.000000000 +0100
@@ -0,0 +1,22 @@
+3de46e6fc489c52c9431a8a832ad8170a7569bd8 / CVE-2021-20257
+
+--- qemu-3.1+dfsg.orig/hw/net/e1000.c
++++ qemu-3.1+dfsg/hw/net/e1000.c
+@@ -657,6 +657,9 @@ process_tx_desc(E1000State *s, struct e1
+         msh = tp->tso_props.hdr_len + tp->tso_props.mss;
+         do {
+             bytes = split_size;
++            if (tp->size >= msh) {
++                goto eop;
++            }
+             if (tp->size + bytes > msh)
+                 bytes = msh - tp->size;
+ 
+@@ -682,6 +685,7 @@ process_tx_desc(E1000State *s, struct e1
+         tp->size += split_size;
+     }
+ 
++eop:
+     if (!(txd_lower & E1000_TXD_CMD_EOP))
+         return;
+     if (!(tp->cptse && tp->size < tp->tso_props.hdr_len)) {
diff -Nru qemu-3.1+dfsg/debian/patches/CVE-2021-3392.patch 
qemu-3.1+dfsg/debian/patches/CVE-2021-3392.patch
--- qemu-3.1+dfsg/debian/patches/CVE-2021-3392.patch    1970-01-01 
01:00:00.000000000 +0100
+++ qemu-3.1+dfsg/debian/patches/CVE-2021-3392.patch    2022-02-11 
17:25:18.000000000 +0100
@@ -0,0 +1,45 @@
+3791642c8d60029adf9b00bcb4e34d7d8a1aea4d / CVE-2021-3392
+
+--- qemu-3.1+dfsg.orig/hw/scsi/mptsas.c
++++ qemu-3.1+dfsg/hw/scsi/mptsas.c
+@@ -252,13 +252,10 @@ static int mptsas_build_sgl(MPTSASState
+ 
+ static void mptsas_free_request(MPTSASRequest *req)
+ {
+-    MPTSASState *s = req->dev;
+-
+     if (req->sreq != NULL) {
+         req->sreq->hba_private = NULL;
+         scsi_req_unref(req->sreq);
+         req->sreq = NULL;
+-        QTAILQ_REMOVE(&s->pending, req, next);
+     }
+     qemu_sglist_destroy(&req->qsg);
+     g_free(req);
+@@ -304,7 +301,6 @@ static int mptsas_process_scsi_io_reques
+     }
+ 
+     req = g_new0(MPTSASRequest, 1);
+-    QTAILQ_INSERT_TAIL(&s->pending, req, next);
+     req->scsi_io = *scsi_io;
+     req->dev = s;
+ 
+@@ -1319,8 +1315,6 @@ static void mptsas_scsi_realize(PCIDevic
+ 
+     s->request_bh = qemu_bh_new(mptsas_fetch_requests, s);
+ 
+-    QTAILQ_INIT(&s->pending);
+-
+     scsi_bus_new(&s->bus, sizeof(s->bus), &dev->qdev, &mptsas_scsi_info, 
NULL);
+ }
+ 
+--- qemu-3.1+dfsg.orig/hw/scsi/mptsas.h
++++ qemu-3.1+dfsg/hw/scsi/mptsas.h
+@@ -74,7 +74,6 @@ struct MPTSASState {
+     uint16_t reply_frame_size;
+ 
+     SCSIBus bus;
+-    QTAILQ_HEAD(, MPTSASRequest) pending;
+ };
+ 
+ void mptsas_fix_scsi_io_endianness(MPIMsgSCSIIORequest *req);
diff -Nru qemu-3.1+dfsg/debian/patches/CVE-2021-3527.patch 
qemu-3.1+dfsg/debian/patches/CVE-2021-3527.patch
--- qemu-3.1+dfsg/debian/patches/CVE-2021-3527.patch    1970-01-01 
01:00:00.000000000 +0100
+++ qemu-3.1+dfsg/debian/patches/CVE-2021-3527.patch    2022-02-11 
17:30:48.000000000 +0100
@@ -0,0 +1,45 @@
+7ec54f9eb62b5d177e30eb8b1cad795a5f8d8986 and 
05a40b172e4d691371534828078be47e7fff524c
+CVE-2021-3527
+
+--- qemu-3.1+dfsg.orig/hw/usb/combined-packet.c
++++ qemu-3.1+dfsg/hw/usb/combined-packet.c
+@@ -172,7 +172,9 @@ void usb_ep_combine_input_packets(USBEnd
+         if ((p->iov.size % ep->max_packet_size) != 0 || !p->short_not_ok ||
+                 next == NULL ||
+                 /* Work around for Linux usbfs bulk splitting + migration */
+-                (totalsize == (16 * KiB - 36) && p->int_req)) {
++                (totalsize == (16 * KiB - 36) && p->int_req) ||
++                /* Next package may grow combined package over 1MiB */
++                totalsize > 1 * MiB - ep->max_packet_size) {
+             usb_device_handle_data(ep->dev, first);
+             assert(first->status == USB_RET_ASYNC);
+             if (first->combined) {
+--- qemu-3.1+dfsg.orig/hw/usb/redirect.c
++++ qemu-3.1+dfsg/hw/usb/redirect.c
+@@ -602,7 +602,7 @@ static void usbredir_handle_iso_data(USB
+                 .endpoint = ep,
+                 .length = p->iov.size
+             };
+-            uint8_t buf[p->iov.size];
++            g_autofree uint8_t *buf = g_malloc(p->iov.size);
+             /* No id, we look at the ep when receiving a status back */
+             usb_packet_copy(p, buf, p->iov.size);
+             usbredirparser_send_iso_packet(dev->parser, 0, &iso_packet,
+@@ -800,7 +800,7 @@ static void usbredir_handle_bulk_data(US
+         usbredirparser_send_bulk_packet(dev->parser, p->id,
+                                         &bulk_packet, NULL, 0);
+     } else {
+-        uint8_t buf[size];
++        g_autofree uint8_t *buf = g_malloc(size);
+         usb_packet_copy(p, buf, size);
+         usbredir_log_data(dev, "bulk data out:", buf, size);
+         usbredirparser_send_bulk_packet(dev->parser, p->id,
+@@ -873,7 +873,7 @@ static void usbredir_handle_interrupt_ou
+                                                USBPacket *p, uint8_t ep)
+ {
+     struct usb_redir_interrupt_packet_header interrupt_packet;
+-    uint8_t buf[p->iov.size];
++    g_autofree uint8_t *buf = g_malloc(p->iov.size);
+ 
+     DPRINTF("interrupt-out ep %02X len %zd id %"PRIu64"\n", ep,
+             p->iov.size, p->id);
diff -Nru qemu-3.1+dfsg/debian/patches/CVE-2021-3582.patch 
qemu-3.1+dfsg/debian/patches/CVE-2021-3582.patch
--- qemu-3.1+dfsg/debian/patches/CVE-2021-3582.patch    1970-01-01 
01:00:00.000000000 +0100
+++ qemu-3.1+dfsg/debian/patches/CVE-2021-3582.patch    2022-02-14 
17:28:53.000000000 +0100
@@ -0,0 +1,18 @@
+284f191b4abad213aed04cb0458e1600fd18d7c4 / CVE-2021-3582
+
+--- qemu-3.1+dfsg.orig/hw/rdma/vmw/pvrdma_cmd.c
++++ qemu-3.1+dfsg/hw/rdma/vmw/pvrdma_cmd.c
+@@ -39,6 +39,13 @@ static void *pvrdma_map_to_pdir(PCIDevic
+         return NULL;
+     }
+ 
++    length = ROUND_UP(length, TARGET_PAGE_SIZE);
++    if (nchunks * TARGET_PAGE_SIZE != length) {
++        rdma_error_report("Invalid nchunks/length (%u, %lu)", nchunks,
++                          (unsigned long)length);
++        return NULL;
++    }
++
+     dir = rdma_pci_dma_map(pdev, pdir_dma, TARGET_PAGE_SIZE);
+     if (!dir) {
+         error_report("PVRDMA: Failed to map to page directory");
diff -Nru qemu-3.1+dfsg/debian/patches/CVE-2021-3607.patch 
qemu-3.1+dfsg/debian/patches/CVE-2021-3607.patch
--- qemu-3.1+dfsg/debian/patches/CVE-2021-3607.patch    1970-01-01 
01:00:00.000000000 +0100
+++ qemu-3.1+dfsg/debian/patches/CVE-2021-3607.patch    2022-02-15 
15:14:56.000000000 +0100
@@ -0,0 +1,15 @@
+32e5703cfea07c91e6e84bcb0313f633bb146534 / CVE-2021-3607
+
+--- qemu-3.1+dfsg.orig/hw/rdma/vmw/pvrdma_main.c
++++ qemu-3.1+dfsg/hw/rdma/vmw/pvrdma_main.c
+@@ -71,6 +71,10 @@ static int init_dev_ring(PvrdmaRing *rin
+     pr_dbg("Initializing device ring %s\n", name);
+     pr_dbg("pdir_dma=0x%llx\n", (long long unsigned int)dir_addr);
+     pr_dbg("num_pages=%d\n", num_pages);
++    if (!num_pages) {
++        rdma_error_report("Ring pages count must be strictly positive");
++        return -EINVAL;
++    }
+     dir = rdma_pci_dma_map(pci_dev, dir_addr, TARGET_PAGE_SIZE);
+     if (!dir) {
+         pr_err("Failed to map to page directory\n");
diff -Nru qemu-3.1+dfsg/debian/patches/CVE-2021-3608.patch 
qemu-3.1+dfsg/debian/patches/CVE-2021-3608.patch
--- qemu-3.1+dfsg/debian/patches/CVE-2021-3608.patch    1970-01-01 
01:00:00.000000000 +0100
+++ qemu-3.1+dfsg/debian/patches/CVE-2021-3608.patch    2022-02-15 
15:17:10.000000000 +0100
@@ -0,0 +1,13 @@
+66ae37d8cc313f89272e711174a846a229bcdbd3 /CVE-2021-3608
+
+--- qemu-3.1+dfsg.orig/hw/rdma/vmw/pvrdma_dev_ring.c
++++ qemu-3.1+dfsg/hw/rdma/vmw/pvrdma_dev_ring.c
+@@ -42,7 +42,7 @@ int pvrdma_ring_init(PvrdmaRing *ring, c
+     atomic_set(&ring->ring_state->cons_head, 0);
+     */
+     ring->npages = npages;
+-    ring->pages = g_malloc(npages * sizeof(void *));
++    ring->pages = g_malloc0(npages * sizeof(void *));
+ 
+     for (i = 0; i < npages; i++) {
+         if (!tbl[i]) {
diff -Nru qemu-3.1+dfsg/debian/patches/CVE-2021-3682.patch 
qemu-3.1+dfsg/debian/patches/CVE-2021-3682.patch
--- qemu-3.1+dfsg/debian/patches/CVE-2021-3682.patch    1970-01-01 
01:00:00.000000000 +0100
+++ qemu-3.1+dfsg/debian/patches/CVE-2021-3682.patch    2022-02-15 
15:18:56.000000000 +0100
@@ -0,0 +1,13 @@
+5e796671e6b8d5de4b0b423dce1b3eba144a92c9 / CVE-2021-3682
+
+--- qemu-3.1+dfsg.orig/hw/usb/redirect.c
++++ qemu-3.1+dfsg/hw/usb/redirect.c
+@@ -458,7 +458,7 @@ static int bufp_alloc(USBRedirDevice *de
+     if (dev->endpoint[EP2I(ep)].bufpq_dropping_packets) {
+         if (dev->endpoint[EP2I(ep)].bufpq_size >
+                 dev->endpoint[EP2I(ep)].bufpq_target_size) {
+-            free(data);
++            free(free_on_destroy);
+             return -1;
+         }
+         dev->endpoint[EP2I(ep)].bufpq_dropping_packets = 0;
diff -Nru qemu-3.1+dfsg/debian/patches/CVE-2021-3713.patch 
qemu-3.1+dfsg/debian/patches/CVE-2021-3713.patch
--- qemu-3.1+dfsg/debian/patches/CVE-2021-3713.patch    1970-01-01 
01:00:00.000000000 +0100
+++ qemu-3.1+dfsg/debian/patches/CVE-2021-3713.patch    2022-02-15 
18:40:40.000000000 +0100
@@ -0,0 +1,36 @@
+13b250b12ad3c59114a6a17d59caf073ce45b33a / CVE-2021-3713
+
+--- qemu-3.1+dfsg.orig/hw/usb/dev-uas.c
++++ qemu-3.1+dfsg/hw/usb/dev-uas.c
+@@ -827,6 +827,9 @@ static void usb_uas_handle_data(USBDevic
+         }
+         break;
+     case UAS_PIPE_ID_STATUS:
++        if (p->stream > UAS_MAX_STREAMS) {
++            goto err_stream;
++        }
+         if (p->stream) {
+             QTAILQ_FOREACH(st, &uas->results, next) {
+                 if (st->stream == p->stream) {
+@@ -854,6 +857,9 @@ static void usb_uas_handle_data(USBDevic
+         break;
+     case UAS_PIPE_ID_DATA_IN:
+     case UAS_PIPE_ID_DATA_OUT:
++        if (p->stream > UAS_MAX_STREAMS) {
++            goto err_stream;
++        }
+         if (p->stream) {
+             req = usb_uas_find_request(uas, p->stream);
+         } else {
+@@ -889,6 +895,11 @@ static void usb_uas_handle_data(USBDevic
+         p->status = USB_RET_STALL;
+         break;
+     }
++
++err_stream:
++    error_report("%s: invalid stream %d", __func__, p->stream);
++    p->status = USB_RET_STALL;
++    return;
+ }
+ 
+ static void usb_uas_unrealize(USBDevice *dev, Error **errp)
diff -Nru qemu-3.1+dfsg/debian/patches/CVE-2021-3748.patch 
qemu-3.1+dfsg/debian/patches/CVE-2021-3748.patch
--- qemu-3.1+dfsg/debian/patches/CVE-2021-3748.patch    1970-01-01 
01:00:00.000000000 +0100
+++ qemu-3.1+dfsg/debian/patches/CVE-2021-3748.patch    2022-02-15 
18:42:34.000000000 +0100
@@ -0,0 +1,94 @@
+bedd7e93d01961fcb16a97ae45d93acf357e11f6 / CVE-2021-3748
+
+--- qemu-3.1+dfsg.orig/hw/net/virtio-net.c
++++ qemu-3.1+dfsg/hw/net/virtio-net.c
+@@ -1194,10 +1194,13 @@ static ssize_t virtio_net_receive_rcu(Ne
+     VirtIONet *n = qemu_get_nic_opaque(nc);
+     VirtIONetQueue *q = virtio_net_get_subqueue(nc);
+     VirtIODevice *vdev = VIRTIO_DEVICE(n);
++    VirtQueueElement *elems[VIRTQUEUE_MAX_SIZE];
++    size_t lens[VIRTQUEUE_MAX_SIZE];
+     struct iovec mhdr_sg[VIRTQUEUE_MAX_SIZE];
+     struct virtio_net_hdr_mrg_rxbuf mhdr;
+     unsigned mhdr_cnt = 0;
+-    size_t offset, i, guest_offset;
++    size_t offset, i, guest_offset, j;
++    ssize_t err;
+ 
+     if (!virtio_net_can_receive(nc)) {
+         return -1;
+@@ -1220,6 +1223,12 @@ static ssize_t virtio_net_receive_rcu(Ne
+ 
+         total = 0;
+ 
++        if (i == VIRTQUEUE_MAX_SIZE) {
++            virtio_error(vdev, "virtio-net unexpected long buffer chain");
++            err = size;
++            goto err;
++        }
++
+         elem = virtqueue_pop(q->rx_vq, sizeof(VirtQueueElement));
+         if (!elem) {
+             if (i) {
+@@ -1231,7 +1240,8 @@ static ssize_t virtio_net_receive_rcu(Ne
+                              n->guest_hdr_len, n->host_hdr_len,
+                              vdev->guest_features);
+             }
+-            return -1;
++            err = -1;
++            goto err;
+         }
+ 
+         if (elem->in_num < 1) {
+@@ -1239,7 +1249,8 @@ static ssize_t virtio_net_receive_rcu(Ne
+                          "virtio-net receive queue contains no in buffers");
+             virtqueue_detach_element(q->rx_vq, elem, 0);
+             g_free(elem);
+-            return -1;
++            err = -1;
++            goto err;
+         }
+ 
+         sg = elem->in_sg;
+@@ -1271,12 +1282,13 @@ static ssize_t virtio_net_receive_rcu(Ne
+         if (!n->mergeable_rx_bufs && offset < size) {
+             virtqueue_unpop(q->rx_vq, elem, total);
+             g_free(elem);
+-            return size;
++            err = size;
++            goto err;
+         }
+ 
+-        /* signal other side */
+-        virtqueue_fill(q->rx_vq, elem, total, i++);
+-        g_free(elem);
++        elems[i] = elem;
++        lens[i] = total;
++        i++;
+     }
+ 
+     if (mhdr_cnt) {
+@@ -1286,10 +1298,23 @@ static ssize_t virtio_net_receive_rcu(Ne
+                      &mhdr.num_buffers, sizeof mhdr.num_buffers);
+     }
+ 
++    for (j = 0; j < i; j++) {
++        /* signal other side */
++        virtqueue_fill(q->rx_vq, elems[j], lens[j], j);
++        g_free(elems[j]);
++    }
++
+     virtqueue_flush(q->rx_vq, i);
+     virtio_notify(vdev, q->rx_vq);
+ 
+     return size;
++
++err:
++    for (j = 0; j < i; j++) {
++        g_free(elems[j]);
++    }
++
++    return err;
+ }
+ 
+ static ssize_t virtio_net_receive(NetClientState *nc, const uint8_t *buf,
diff -Nru qemu-3.1+dfsg/debian/patches/CVE-2021-3930.patch 
qemu-3.1+dfsg/debian/patches/CVE-2021-3930.patch
--- qemu-3.1+dfsg/debian/patches/CVE-2021-3930.patch    1970-01-01 
01:00:00.000000000 +0100
+++ qemu-3.1+dfsg/debian/patches/CVE-2021-3930.patch    2022-02-15 
18:44:07.000000000 +0100
@@ -0,0 +1,24 @@
+b3af7fdf9cc537f8f0dd3e2423d83f5c99a457e8 / CVE-2021-3930
+
+--- qemu-3.1+dfsg.orig/hw/scsi/scsi-disk.c
++++ qemu-3.1+dfsg/hw/scsi/scsi-disk.c
+@@ -1082,6 +1082,7 @@ static int mode_sense_page(SCSIDiskState
+     uint8_t *p = *p_outbuf + 2;
+     int length;
+ 
++    assert(page < ARRAY_SIZE(mode_sense_valid));
+     if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
+         return -1;
+     }
+@@ -1422,6 +1423,11 @@ static int scsi_disk_check_mode_select(S
+         return -1;
+     }
+ 
++    /* MODE_PAGE_ALLS is only valid for MODE SENSE commands */
++    if (page == MODE_PAGE_ALLS) {
++        return -1;
++    }
++
+     p = mode_current;
+     memset(mode_current, 0, inlen + 2);
+     len = mode_sense_page(s, page, &p, 0);
diff -Nru qemu-3.1+dfsg/debian/patches/series 
qemu-3.1+dfsg/debian/patches/series
--- qemu-3.1+dfsg/debian/patches/series 2020-07-24 14:00:34.000000000 +0200
+++ qemu-3.1+dfsg/debian/patches/series 2022-02-15 18:53:24.000000000 +0100
@@ -49,3 +49,26 @@
 sm501-replace-hand-written-implementation-with-pixman-CVE-2020-12829.patch
 usb-fix-setup_len-init-CVE-2020-14364.patch
 net-assertion-in-net_tx_pkt_add_raw_fragment-CVE-2020-16092.patch
+CVE-2020-13253.patch
+CVE-2020-15859.patch
+CVE-2020-25084.patch
+CVE-2020-25085.patch
+CVE-2020-25625.patch
+CVE-2020-25624.patch
+CVE-2020-25723.patch
+CVE-2020-27617.patch
+CVE-2020-35504.patch
+CVE-2020-35505.patch
+CVE-2021-20181.patch
+CVE-2021-20203.patch
+CVE-2021-20221.patch
+CVE-2021-20257.patch
+CVE-2021-3392.patch
+CVE-2021-3527.patch
+CVE-2021-3582.patch
+CVE-2021-3607.patch
+CVE-2021-3608.patch
+CVE-2021-3682.patch
+CVE-2021-3713.patch
+CVE-2021-3748.patch
+CVE-2021-3930.patch

--- End Message ---

--- Begin Message ---

Hi,

<jmm_> there's an older ospu request of mine which is purely backported security fixes (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007931, has been running on Wikimedia ganeti clusters just fine), I think at this point it's best if the patches simply get picked up by the LTS folks and released via DLA

<jmm_> I'm going to add it to dla-needed.txt so that it can get picked up
<adsb> ack, fair enough
<adsb> obviously I don't mind having fewer requests to look through :)
<jmm_> added an entry to dla-needed
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/78ced217f64f3cc1dc384bc233d9eb3712a71740

Closing here :)

Cheers!
Sylvain Beucler
Debian LTS Team

--- End Message ---