Debian Buster Openstack images changelog 10.2.1-20200204 Updates in 2 source package(s), 4 binary package(s): Source libidn2, binaries: libidn2-0:amd64 libidn2-0:arm64 libidn2 (2.0.5-1+deb10u1) buster-security; urgency=high * Non-maintainer upload by the Security Team. * Fix free of random (stack) value in idn2_to_ascii_4i() * idn2_to_ascii_4i(): Restrict output length to 63 (CVE-2019-18224) (Closes: #942895) * Fail make if 'ronn' doesn't exist when building docs * Fix generation of idn2.1 man page file * Move texinfo from Build-Depends-Indep to Build-Depends (Closes: #949705) Source qemu, binaries: qemu-utils:amd64 qemu-utils:arm64 qemu (1:3.1+dfsg-8+deb10u4) buster-security; urgency=medium * acknowledge the last NMU by the Security Team * io-ensure-UNIX-client-doesn-t-unlink-server-socket.patch Closes: #946210 * slirp possible use-after-free in ip_reass(), slirp-ip_reass-fix-use-after-free-CVE-CVE-2019-15890.patch Closes: #939869, CVE-2019-15890 * slirp emulation fixes, Closes: CVE-2020-7039 tcp_emu-fix-OOB-access-CVE-2020-7039.patch slirp-use-correct-size-while-emulating-commands-CVE-2020-7039.patch slirp-use-correct-size-while-emulating-IRC-commands-CVE-2020-7039.patch * fix iscsi OOB heap access via an unexpected response of iSCSI Server, scsi-cap-block-count-from-GET-LBA-STATUS-CVE-2020-1711.patch Closes: #949731, CVE-2020-1711 -- Steve McIntyre <93sam@debian.org> Tue, 04 Nov 2019 16:13:01 +0000 10.2.0 First build for 10.2.0 release -- Steve McIntyre <93sam@debian.org> Sun, 17 Nov 2019 02:44:09 +0000