Hi everyone, A security update to the QEMU 2.5 series is now available at:
http://wiki.qemu.org/download/qemu-2.5.1.1.tar.bz2 v2.5.1.1 is now tagged in the official qemu.git repository, and the stable-2.5 branch has been updated accordingly: http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.5 This release includes security fixes for: VGA emulation (CVE-2016-3712, CVE-2016-3710) EHCI USB emulation (CVE-2015-8558) Cadence UART (Xilinx Zynq board emulation) Please see the changelogs and relevant CVEs for more information, and update accordingly. Thank you to everyone involved! CHANGELOG: db51dfc: Update version for 2.5.1.1 release (Michael Roth) 5b7236f: cadence_uart: bounds check write offset (Michael S. Tsirkin) 0bcdb63: Revert "ehci: make idt processing more robust" (Gerd Hoffmann) 706bab6: ehci: apply limit to iTD/sidt descriptors (Gerd Hoffmann) 44b86aa: vga: make sure vga register setup for vbe stays intact (CVE-2016-3712). (Gerd Hoffmann) a6e5e5d: vga: update vga register setup on vbe changes (Gerd Hoffmann) 2f2f74e: vga: factor out vga register setup (Gerd Hoffmann) 46aff2c: vga: add vbe_enabled() helper (Gerd Hoffmann) 4f0323d: vga: fix banked access bounds checking (CVE-2016-3710) (Gerd Hoffmann)
