From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:56604) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1V2TLA-0006qv-1N for qemu-devel@nongnu.org; Thu, 25 Jul 2013 17:44:52 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1V2TL8-0000Q3-P6 for qemu-devel@nongnu.org; Thu, 25 Jul 2013 17:44:51 -0400 Sender: fluxion Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable From: Michael Roth Message-ID: <20130725214443.16294.56339@loki> Date: Thu, 25 Jul 2013 16:44:43 -0500 Subject: [Qemu-devel] [ANNOUNCE] QEMU 1.5.2 Stable released List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Cc: pmatouse@redhat.com, aliguori@us.ibm.com, lersek@redhat.com, qemu-stable@nongnu.org, lveyde@redhat.com The QEMU v1.5.2 stable release is now available at: http://wiki.qemu.org/download/qemu-1.5.2.tar.bz2 This is release is solely to address a security issue (CVE-2013-2231) found in the QEMU Guest Agent on Windows. More details on the nature of the CVE can be found here: http://seclists.org/oss-sec/2013/q3/161 There are 2 minor fixes for qemu-ga for Windows as well, though these are included mainly due to being dependencies of the CVE fix sent upstream. Thanks to Laszlo and the Red Hat security team for identifying/fixing the issue. ff4be47: Update VERSION for 1.5.2 release (Michael Roth) be161ae: qga: escape cmdline args when registering win32 service (CVE-2013-= 2231) (Laszlo Ersek) bb31546: ga_install_service(): nest error paths more idiomatically (Laszlo = Ersek) af0bbf8: qga/service-win32.c: diagnostic output should go to stderr (Laszlo= Ersek) 31c6ed2: qga: save state directory in ga_install_service() (Laszlo Ersek) c432c7d: qga: remove undefined behavior in ga_install_service() (Laszlo Ers= ek)