-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 15 Aug 2025 12:54:40 +0300 Source: qemu Architecture: source Version: 1:10.0.2+ds-2+deb13u1 Distribution: trixie-security Urgency: medium Maintainer: Debian QEMU Team Changed-By: Michael Tokarev Closes: 1109989 Changes: qemu (1:10.0.2+ds-2+deb13u1) trixie-security; urgency=medium . * d/binfmt-install: stop using C (Credentials) flag for binfmt_misc registration. qemu-user binaries were never meant to be used in suid/sgid scenarios, but was used in debian since late 2009. Any foreign suid/sgid binary accessible to the users, in presence of qemu-user binfmt, is trivially exploitable to gain elevated privileges. This change might break existing setups since for many years people relied on qemu-user binfmt working with suid binaries, but this is a situation where it is definitely better be safe than sorry. * pcie_sriov-Fix-configuration-and-state-synchronizati.patch (Closes: #1109989, CVE-2025-54566, CVE-2025-54567) Checksums-Sha1: 0fb120292fc6c74a4c2035bea94bd5b1992b8d12 12455 qemu_10.0.2+ds-2+deb13u1.dsc 0da721835b445ce31e3d69631ac878ebe218a6af 39449628 qemu_10.0.2+ds.orig.tar.xz 759580a21004aea649a42789c1a2de75cfd80a0a 139060 qemu_10.0.2+ds-2+deb13u1.debian.tar.xz 3ff3c108eaa1155c243ed73014836e75bb520694 7565 qemu_10.0.2+ds-2+deb13u1_source.buildinfo Checksums-Sha256: b61a67c1b580435742e42613fa8d4d38f9abaa75fc9c034f7e650e62ed97720a 12455 qemu_10.0.2+ds-2+deb13u1.dsc 0901da33844a331bf8b3602b9c1fbd178e60b737c8e3ade678255bd090c9b9f1 39449628 qemu_10.0.2+ds.orig.tar.xz 7d77c31eaff3ce9ef265a9dbba0b5b05508003aad9a8d41cc7999063b671dd8f 139060 qemu_10.0.2+ds-2+deb13u1.debian.tar.xz 87d0ee897cce710d82f3077bea4cac389f354f83ed2e06385fcd2341f37af508 7565 qemu_10.0.2+ds-2+deb13u1_source.buildinfo Files: 5891b15bfd0c8293134c785ae71bc44e 12455 otherosfs optional qemu_10.0.2+ds-2+deb13u1.dsc ab6f1a263053221b049421b31f683047 39449628 otherosfs optional qemu_10.0.2+ds.orig.tar.xz 9845432790844d8e7a3c1f3ae7e81c9f 139060 otherosfs optional qemu_10.0.2+ds-2+deb13u1.debian.tar.xz 2266abbc4d5d97c2f288183f35847a9a 7565 otherosfs optional qemu_10.0.2+ds-2+deb13u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEZKoqtTHVaQM2a/75gqpKJDselHgFAmifmcYACgkQgqpKJDse lHg8WA/+JKNjfF6w5YN6nwUh5BTu6TcwWsCVebE58P50nb6acBiqMlFThTke+rH3 4PlDpgyv1fNFho2k0981aV3onvEJ8QuV3ZZEF0DxGW78CAJatHlOaDT/Xm3zde61 kD8kbvzn2hFz9OfSS+LG2QjADvqql8jOCOi9zmrTpppjuOowijCw5lzLG4NwOIQb JXROzMuRhNVTy9RDL3nySvUli/JhofL4MBsDvor/GbShZOg5Z/wcsNTowi8e79Lg Q+WZM9Zc8uXRgJ0HahDuVtTGTCpwbUTevhC5sCd1BRAfgDSmFjNcdJNnc+j/3iDw oEypSzQ74G4qce9lrmAq9JQf0GlE5y0TsG9DCbsCj2dVsHizwT7mnfs2ER2pBdc1 wKgxBISEW0kvfZkoAXJ7zVazAdoCFCK60oYd8VlWTBvB8hWTKdOQrQvyg2yfdEa4 31D6PEGF8VoSa2EmC5arVysHkJ/OkzYtuXgqIF3JqVHWA/JAjo3HBpDCWWsgsZCj K5rezyl+rUe4QSEreJfugJ73n7AxlIWufZ1wbUnfGfeDWHq7B1cuVIDtWffbfLez 2hkcc4Olw0+rUXwN5xMUlpIIR2PHU7YrRdvxpmosD8m2EmBYL70Kkd1p1D7NP7Hf 6Tthiibka6qaZNjEWsx7xCV21n8PPF+EYFJupvNOSV6DcPhYzNM= =C28a -----END PGP SIGNATURE-----