1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
|
02_kfreebsd.patch
qemu-ifunc-sparc.patch
configure-nss-usbredir.patch
do-not-include-libutil.h.patch
tcg_s390-fix-ld_st-with-CONFIG_TCG_PASS_AREG0.patch
linux-user-fix-mips-32-on-64-prealloc-case.patch
net-add--netdev-options-to-man-page.patch
revert-serial-fix-retry-logic.patch
intel_hda-do-not-call-msi_reset-when-only-device-state-needs-resetting.patch
blockdev-preserve-readonly-and-snapshot-states-across-media-changes.patch
ahci-properly-reset-PxCMD-on-HBA-reset.patch
net-notify-iothread-after-flushing-queue.patch
e1000-flush-queue-whenever-can_receive-can-go-from-false-to-true.patch
e1000-discard-packets-that-are-too-long-if-not-SBP-and-not-LPE.patch
e1000-discard-oversized-packets-based-on-SBP_LPE.patch
eepro100-fix-network-hang-when-rx-buffers-run-out.patch
fixes-related-to-processing-of-qemu-s-numa-option.patch
qcow2-fix-avail_sectors-in-cluster-allocation-code.patch
qcow2-fix-refcount-table-size-calculation.patch
tap-reset-vnet-header-size-on-open.patch
vmdk-fix-data-corruption-bug-in-WRITE-and-READ-handling.patch
uhci-don-t-queue-up-packets-after-one-with-the-SPD-flag-set.patch
usb-split-endpoint-init-and-reset.patch
virtio-net-fix-guest-triggerable-buffer-overrun-CVE-2014-0150.patch
x86-only-allow-real-mode-to-access-32bit-without-LMA.patch
fix-entry-pointer-for-ELF-kernels-loaded-with--kernel-option.patch
ide-correct-improper-smart-self-test-counter-reset-CVE-2014-2894.patch
scsi-allocate-SCSITargetReq-r-buf-dynamically-CVE-2013-4344.patch
slirp-udp-fix-NULL-pointer-deref-uninit-socket-CVE-2014-3640.patch
spice-make-sure-we-don-t-overflow-ssd-buf-CVE-2014-3615.patch
vbe-rework-sanity-checks-CVE-2014-3615.patch
# #742730, http://bugs.debian.org/742730
image-format-validation/0001-block-cloop-validate-block_size-header-field-CVE-2014-0144.patch
image-format-validation/0002-block-cloop-prevent-offsets_size-integer-overflow-CVE-2014-0143.patch
image-format-validation/0003-block-cloop-refuse-images-with-huge-offsets-arrays-CVE-2014-0144.patch
image-format-validation/0004-block-cloop-refuse-images-with-bogus-offsets-CVE-2014-0144.patch
image-format-validation/0005-block-cloop-fix-offsets-size-off-by-one.patch
image-format-validation/0006-bochs-use-unsigned-variables-for-offsets-and-sizes-CVE-2014-0147.patch
image-format-validation/0007-bochs-check-catalog_size-header-field-CVE-2014-0143.patch
image-format-validation/0008-bochs-check-extent_size-header-field-CVE-2014-0142.patch
image-format-validation/0009-bochs-fix-bitmap-offset-calculation.patch
image-format-validation/0010-vpc-vhd-add-bounds-check-for-max_table_entries-and-block_size-CVE-2014-0144.patch
image-format-validation/0011-vpc-validate-block-size-CVE-2014-0142.patch
image-format-validation/0012-vdi-add-bounds-checks-for-blocks_in_image-and-disk_size-header-fields-CVE-2014-0144.patch
image-format-validation/0013-curl-check-data-size-before-memcpy-to-local-buffer-CVE-2014-0144.patch
image-format-validation/0014-qcow2-catch-some-L1-table-index-overflows.patch
image-format-validation/0015-qcow2-check-header_length-CVE-2014-0144.patch
image-format-validation/0016-qcow2-check-backing_file_offset-CVE-2014-0144.patch
image-format-validation/0017-qcow2-check-refcount-table-size-CVE-2014-0144.patch
image-format-validation/0018-qcow2-validate-refcount-table-offset.patch
image-format-validation/0019-qcow2-validate-snapshot-table-offset-size-CVE-2014-0144.patch
image-format-validation/0020-qcow2-validate-active-L1-table-offset-and-size-CVE-2014-0144.patch
image-format-validation/0021-qcow2-fix-backing-file-name-length-check.patch
image-format-validation/0022-qcow2-avoid-integer-overflow-in-get_refcount-CVE-2014-0143.patch
image-format-validation/0023-qcow2-don-t-rely-on-free_cluster_index-in-alloc_refccount_block-CVE-2014-0147.patch
image-format-validation/0024-qcow2-check-new-refcount-table-size-on-growth.patch
image-format-validation/0025-qcow2-preserve-free_byte_offset-when-qcow2_alloc_bytes_fails.patch
image-format-validation/0026-qcow2-fix-types-in-qcow2_alloc_clusters-and-alloc_clusters_noref.patch
image-format-validation/0027-qcow2-fix-new-L1-table-size-check-CVE-2014-0143.patch
image-format-validation/0028-dmg-sanitize-chunk-length-and-sectorcount-CVE-2014-0145.patch
image-format-validation/0029-dmg-prevent-chunk-buffer-overflow-CVE-2014-0145.patch
image-format-validation/0030-block-limit-request-size-CVE-2014-0143.patch
image-format-validation/0031-qcow2-fix-NULL-dereference-in-qcow2_open-error-path-CVE-2014-0146.patch
image-format-validation/0032-qcow2-fix-L1-allocation-size-in-qcow2_snapshot_load_tmp-CVE-2014-0145.patch
image-format-validation/0033-qcow2-check-maximum-L1-size-in-qcow2_snapshot_load_tmp-CVE-2014-0143.patch
image-format-validation/0034-parallels-fix-catalog-size-integer-overflow-CVE-2014-0143.patch
image-format-validation/0035-parallels-sanity-check-for-s-tracks-CVE-2014-0142.patch
image-format-validation/0036-qcow1-make-padding-in-the-header-explicit.patch
image-format-validation/0037-qcow1-check-maximum-cluster-size.patch
image-format-validation/0038-qcow1-validate-L2-table-size-CVE-2014-0222.patch
image-format-validation/0039-qcow1-validate-image-size-CVE-2014-0223.patch
image-format-validation/0040-qcow1-stricter-backing-file-length-check.patch
# 5 patches to fix CVE-2014-3689 from upstream, #765496
CVE-2014-3689-vmware-vga/1-CVE-2014-3689-turn-off-hw-accel.patch
CVE-2014-3689-vmware-vga/2-add-vmsvga_verify_rect.patch
CVE-2014-3689-vmware-vga/3-use-vmsvga_verify_rect-in-vmsvga_update_rect.patch
CVE-2014-3689-vmware-vga/4-use-vmsvga_verify_rect-in-vmsvga_copy_rect.patch
CVE-2014-3689-vmware-vga/5-use-vmsvga_verify_rect-in-vmsvga_fill_rect.patch
vnc-sanitize-bits_per_pixel-from-the-client-CVE-2014-7815.patch
cirrus-fix-blit-region-check-CVE-2014-8106.patch
cirrus-don-t-overflow-CirrusVGAState-cirrus_bltbuf-CVE-2014-8106.patch
fdc-force-the-fifo-access-to-be-in-bounds-CVE-2015-3456.patch
slirp-use-less-predictable-directory-name-in-tmp-CVE-2015-4037.patch
pcnet-fix-negative-array-index-read.patch
pcnet-force-buffer-access-to-be-in-bounds-CVE-2015-3209.patch
virtio-serial-fix-ANY_LAYOUT-CVE-2015-5745.patch
rtl8139-avoid-nested-ifs-in-IP-header-parsing-CVE-2015-5165.patch
rtl8139-drop-tautologous-if-ip-statement-CVE-2015-5165.patch
rtl8139-skip-offload-on-short-ethernet-IP-header-CVE-2015-5165.patch
rtl8139-check-IP-header-length-field-CVE-2015-5165.patch
rtl8139-check-IP-total-length-field-CVE-2015-5165.patch
rtl8139-skip-offload-on-short-TCP-header-CVE-2015-5165.patch
rtl8139-check-TCP-data-offset-field-CVE-2015-5165.patch
e1000-avoid-infinite-loop-in-transmit-CVE-2015-6815.patch
ide-fix-ATAPI-command-permissions-CVE-2015-6855.patch
ne2000-add-checks-to-validate-ring-buffer-pointers-CVE-2015-5279.patch
ne2000-avoid-infinite-loop-when-receiving-packets-CVE-2015-5278.patch
virtio-introduce-virtqueue_unmap_sg-for-CVE-2015-7295.patch
virtio-introduce-virtqueue_discard-for-CVE-2015-7295.patch
virtio-net-correctly-drop-truncated-packets-CVE-2015-7295.patch
pcnet-add-check-to-validate-receive-data-size-CVE-2015-7504.patch
pcnet-fix-rx-buffer-overflow-CVE-2015-7512.patch
eepro100-prevent-two-endless-loops-CVE-2015-8345.patch
vnc-avoid-floating-point-exception-CVE-2015-8504.patch
ehci-make-idt-processing-more-robust-CVE-2015-8558.patch
net-ne2000-fix-bounds-check-in-ioport-operations-CVE-2015-8743.patch
ide-ahci-reset-ncq-object-to-unused-on-error-CVE-2016-1568.patch
fw_cfg-add-check-to-validate-current-entry-value-CVE-2016-1714.patch
i386-avoid-null-pointer-dereference-CVE-2016-1922.patch
e1000-eliminate-infinite-loops-on-out-of-bounds-start-CVE-2016-1981.patch
|
