New changelog entries:
* SECURITY UPDATE: Add support for md-clear functionality
- debian/patches/md-clear.patch: Define md-clear CPUID bit in
src/cpu/cpu_map.xml.
- CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
New changelog entries:
* SECURITY UPDATE: NULL pointer dereference in qemuAgentGetInterfaces
- debian/patches/CVE-2019-3840.patch: require a reply in
src/qemu/qemu_agent.c.
- CVE-2019-3840
New changelog entries:
* SECURITY UPDATE: QEMU monitor DoS
- debian/patches/CVE-2018-1064.patch: add size limit to
src/qemu/qemu_agent.c.
- CVE-2018-1064
* SECURITY UPDATE: Speculative Store Bypass
- debian/patches/CVE-2018-3639-1.patch: define the 'ssbd' CPUID feature
bit in src/cpu/cpu_map.xml.
- debian/patches/CVE-2018-3639-2.patch: define the 'virt-ssbd' CPUID
feature bit in src/cpu/cpu_map.xml.
- CVE-2018-3639
New changelog entries:
* Fix nwfilters that set CTRL_IP_LEARNING set to dhcp failing with "An error
occurred, but the cause is unknown" due to a buffer being too small
for pcap with TPACKET_V3 enabled (LP: #1758037)
- debian/patches/ubuntu/lp-1758037-nwfilter-increase-pcap-buffer-size.patch
New changelog entries:
* Fix clean shut down of guests on system shutdown (LP: #1764668)
- d/p/ubuntu/lp-1764668-do-not-report-unknown-guests.patch
- d/p/ubuntu/lp-1764668-fix-check_guests_shutdown-loop.patch
New changelog entries:
* d/p/ubuntu/lp1688508-fix-variable-scope-in-in-check_guests_shutdown.patch:
backport further upstream fixes that were identified on verification.
Together with the former change this fixes (LP: #1688508)
* d/p/ubuntu/lp1753604-nwfilter-fix-lock-order-deadlock.patch:
fix intermittent deadlock in NWFilter handling (LP: #1753604)
New changelog entries:
[ Leonidas S. Barbosa ]
* SECURITY UPDATE: resource exhaustion resulting in DoS
- debian/patches/CVE-2018-5748.patch: avoid DoS reading from
QEMU monitor in src/qemu/qemu_monitor.c.
- CVE-2018-5748
* SECURITY UPDATE: Bypass authentication
- debian/patches/CVE-2016-5008.patch: let empty default VNC
password work as documented in src/qemu/qemu_hotplug.c.
- CVE-2016-5008
[ Marc Deslauriers ]
* SECURITY UPDATE: code injection via libnss_dns.so
- debian/patches/CVE-2018-6764-1.patch: determine the hostname on
startup in src/util/virlog.c.
- debian/patches/CVE-2018-6764-2.patch: fix syntax-check in
src/util/virlog.c.
- debian/patches/CVE-2018-6764-3.patch: fix deadlock obtaining hostname
in cfg.mk, src/util/virlog.c.
- CVE-2018-6764