kvmtool (0.20170904-1ubuntu0.18.04.1~esm1) bionic-security; urgency=medium

  * SECURITY UPDATE: buffer overflow allows virtual machine escape
    - debian/patches/CVE-2021-45464-prep1.patch: Add get_vq_count operation
      to virtio devices in include/kvm/virtio.h, virtio/9p.c,
      virtio/balloon.c, virtio/blk.c, virtio/console.c, virtio/net.c,
      virtio/rng.c, virtio/scsi.c.
    - debian/patches/CVE-2021-45464-prep2.patch: Make memory and IO BARs
      independent in virtio/pci.c.
    - debian/patches/CVE-2021-45464-1.patch: Add WARN_ONCE macro in
      include/kvm/util.h.
    - debian/patches/CVE-2021-45464-2.patch: Use u32 instead of int in
      pci_data_in/out in virtio/pci.c to simplify buffer size checking.
    - debian/patches/CVE-2021-45464-3.patch: Validate config accesses against
      the actual sizes of the configs in include/kvm/virtio-9p.h,
      include/kvm/virtio.h, virtio/9p.c, virtio/balloon.c, virtio/blk.c,
      virtio/console.c, virtio/mmio.c, virtio/net.c, virtio/pci.c,
      virtio/rng.c, virtio/scsi.c to prevent information leak.
    - debian/patches/CVE-2021-45464-4.patch: Prevent buffer overflows in
      QUEUE_NOTIFY and QUEUE_SEL in include/kvm/virtio.h, virtio/9p.c,
      virtio/balloon.c, virtio/blk.c, virtio/console.c, virtio/mmio.c,
      virtio/net.c, virtio/pci.c, virtio/rng.c, virtio/scsi.c.
    - CVE-2021-45464
  * SECURITY UPDATE: improper access control allows virtual machine escape
    - debian/patches/CVE-2023-2861.patch: Prevent guest from opening special
      device files in virtio/9p.c.
    - CVE-2023-2861

 -- Edwin Jiang <edwin.jiang@canonical.com>  Tue, 07 Apr 2026 10:26:31 -0400

kvmtool (0.20170904-1) sid; urgency=low

  * CI - kvmtool snapshot:
    - repository: git://git.kernel.org/pub/scm/linux/kernel/git/will/kvmtool.git
    - commit: 93dd128
    - build: https://ci.linaro.org/job/build-kvmtool/99/

    - debian/ repository: git://anonscm.debian.org/collab-maint/kvmtool.git
    - debian/ commit: efb9996

 -- Riku Voipio <riku.voipio@linaro.org>  Mon, 04 Sep 2017 06:31:06 +0000

kvmtool (0.20170609-1) sid; urgency=medium

  * New upstream snapshot, closes: #871486
  * Apply patch to fix libc-dev FTBFS, closes: #87333

 -- Riku Voipio <riku.voipio@linaro.org>  Wed, 30 Aug 2017 10:17:33 +0300

kvmtool (0.20161128-1) sid; urgency=medium

  * CI - kvmtool snapshot:
    - repository: git://git.kernel.org/pub/scm/linux/kernel/git/will/kvmtool.git
    - commit: b092242
    - build: https://ci.linaro.org/jenkins/job/build-kvmtool/91/

    - debian/ repository: git://anonscm.debian.org/collab-maint/kvmtool.git
    - debian/ commit: c478d19

 -- Riku Voipio <riku.voipio@linaro.org>  Mon, 28 Nov 2016 14:36:37 +0000

kvmtool (0.20161024-1) sid; urgency=medium

  * Disable PIE for the bios blob, closes: 837561, 837545 
  * CI - kvmtool snapshot:
    - repository: git://git.kernel.org/pub/scm/linux/kernel/git/will/kvmtool.git
    - commit: 0093df8
    - build: https://ci.linaro.org/jenkins/job/build-kvmtool/88/

    - debian/ repository: git://anonscm.debian.org/collab-maint/kvmtool.git
    - debian/ commit: ab02560

 -- Riku Voipio <riku.voipio@linaro.org>  Mon, 24 Oct 2016 10:09:40 +0000

kvmtool (0.20160419-1) sid; urgency=low

  * CI - kvmtool snapshot:
    - repository: git://git.kernel.org/pub/scm/linux/kernel/git/will/kvmtool.git
    - commit: d62653e
    - build: https://ci.linaro.org/jenkins/job/build-kvmtool/81/

    - debian/ repository: git://anonscm.debian.org/collab-maint/kvmtool.git
    - debian/ commit: ccef806

 -- Riku Voipio <riku.voipio@linaro.org>  Tue, 19 Apr 2016 18:42:02 +0000

kvmtool (0.20160314-1) sid; urgency=low

  * New upstream snapshot, closes: #817966, #817967
  * CI - kvmtool snapshot:
    - repository: git://git.kernel.org/pub/scm/linux/kernel/git/will/kvmtool.git
    - commit: f73b960
    - build: https://ci.linaro.org/jenkins/job/build-kvmtool/78/

    - debian/ repository: git://anonscm.debian.org/collab-maint/kvmtool.git
    - debian/ commit: 84aabf9

 -- Riku Voipio <riku.voipio@linaro.org>  Mon, 14 Mar 2016 10:19:40 +0000

kvmtool (0.20160203-1) sid; urgency=low

  * CI - kvmtool snapshot:
    - repository: git://git.kernel.org/pub/scm/linux/kernel/git/will/kvmtool.git
    - commit: 61bd297
    - build: https://ci.linaro.org/jenkins/job/build-kvmtool/75/

    - debian/ repository: git://anonscm.debian.org/collab-maint/kvmtool.git
    - debian/ commit: fe53043

 -- Riku Voipio <riku.voipio@linaro.org>  Wed, 03 Feb 2016 21:38:38 +0000

kvmtool (0.20151104-1) sid; urgency=low

  * CI - kvmtool snapshot:
    - repository: git://git.kernel.org/pub/scm/linux/kernel/git/will/kvmtool.git
    - commit: 03c49af
    - build: https://ci.linaro.org/jenkins/job/build-kvmtool/57/

    - debian/ repository: git://anonscm.debian.org/collab-maint/kvmtool.git
    - debian/ commit: ce5757d

 -- Riku Voipio <riku.voipio@linaro.org>  Wed, 04 Nov 2015 10:45:40 +0000

kvmtool (0.20150908-1) sid; urgency=low

  * Initial release, closes: #797893
  * CI - kvmtool snapshot:
    - repository: git://git.kernel.org/pub/scm/linux/kernel/git/will/kvmtool.git
    - commit: 0161ed7

    - debian/ repository: git://anonscm.debian.org/collab-maint/kvmtool.git
    - debian/ commit: f256101

 -- Riku Voipio <riku.voipio@linaro.org>  Tue, 08 Sep 2015 15:40:11 +0300

