[Qemu-devel] [web PATCH 0/4] Add web section reporting information about CVEs in QEMU

[Qemu-devel] [web PATCH 0/4] Add web section reporting information about CVEs in QEMU

[Daniel P. Berrangé]

At the QEMU maintainer's summit in Prague we discussed QEMU's woeful
reporting and recording of security flaws

 - No CVE information is published unless it happened to be mentioned in
   the commit message
 - No analysis or information on when the flaw was first introduced in
   the code, and thus which versions are impacted
 - There is no collated list of vulnerabilities
 - Users / downstreams are not alerted when CVEs are fixed
 - There is no description of the impact of the bug or possible
   workarounds that can be used

Various 3rd parties do have some of this information. For example there
are various sites which collate lists of CVEs affecting projects, but
the information is quite minimal usually lacking details on the impact,
or possible workarounds.

Distro vendors typically look at when a flaw was introduced to determine
affected versions, but this information is not recorded anywhere.

What information is found is usually free form text making it difficult
to reliably process the data for analysis or reporting needs.

At the maintainer summit I volunteered address the problem of security
flaw reporting for QEMU. It took a bit longer than I expected to get
around it it, but I just got it working before this year's maintainer
summit :-)

This series addresses the problems by adding a new section to the QEMU
website with the following content:

 - "Security notices" heading is added to the navigation bar

 - At /secnotice/index.xml is a list of all known security flaws in a
   machine readable format

 - At /secnotice/ is the same information in human readable HTML format,
   auto-generated from the XML.

 - At /secnotice/$YEAR/$NUM.xml is detailed information in machine
   readable format for a single discovered flaw.

 - At /secnotice/$YEAR/$NUM is the same information in human readable
   HTML format, auto-generated from the XML

 - At /secnotice/$YEAR/$NUM.txt is the same information in human
   readable plain text format, auto-generated from the XML. This is
   suited for sending as email to the mailing list as an announcement.

At this point it is best to actually look at it running on a real site,
so I put up a static build of the qemu-web.git content for this series

  https://berrange.fedorapeople.org/qemu-sec/secnotice/

Taking one issue with multiboot from earlier this year:

  https://berrange.fedorapeople.org/qemu-sec/secnotice/2018/003
  https://berrange.fedorapeople.org/qemu-sec/secnotice/2018/003.txt
  https://berrange.fedorapeople.org/qemu-sec/secnotice/2018/003.xml

You can see there are a few distinct pieces of content about each issue

 - Lifecycle dates for

       * when it was reported
       * when it went public. Usually date when patch was posted for
         review or when it was publically mention in BZ or mailing
         list. Might differ from reported date if the initial reporting
         had an embargo.
       * when the fix merged to GIT master (ie Peter applied a PULL
         request)

 - Credits. Names / email of the people who discovered and reported the
   flaws, and people involved in writing patches to fix it. The latter
   is usually the git author.

 - External references. Typically the CVE ID number, but could also be a
   bug tracker name + number

 - Several free text blocks

      * description of what the flaw is
      * impact on the system when triggered/exploited
      * any ways to mitigate / workaround the impact

 - Git repository info

     * Commit hash where the flaw was introduced
     * Commit hash(s) where the flaw was fixed
     * Commit hash(s) where the flaw was merged
     * Tags containing the flaw on all branches
     * Tags containing the fix on git master and optionally stable
       branches

Reporting on a new issue is fairly straightforward. The
secnotice/template.xml file is cloned to the next available security
notice number for the current year eg  secnotice/2018/012.xml

Then it is simply a case of filling in the blanks in the template with
as little or much information as is available - all the fields are
optional, so can be left out if the info is not yet available.

Many key pieces of info will be available from the downstream distro
vendor who coordinates with upstream. For example the Red Hat CVE
links https://bugzilla.redhat.com/CVE-XXX-XXX usually contain the basic
description and impact, along with dates and credit for who reported it.

The hardest part is examining the GIT history to determine when the fix
was first introduced into the code. This is a case of using "git blame"
to trace back where the lines of troublesome code came from - often back
to the very first point the file was commited to QEMU.

Once the original commit hash is found, then there is a tool
secnotice/_scripts/report-vulnerable-tags.pl which will examine git tags
to determine which tags and branches contain the flaw. It will print the
snippet of XML suitable for copying into the template. It can optionally
accept the hash of the merge commit fixing the problem too.

After adding the new $YEAR/$ID.xml file, 'make' will build the
corresponding indexes and HTML/TXT renderings. Ideally the machine which
is hosting the QEMU website would run 'make' after pulling new
commits. In this series, however, I have just commited the rendered
content to git.

In this series I have created notices for all the CVEs I found affecting
QEMU in 2018 that were listed in the Red Hat bugzilla against
Fedora. I'm not entirely confident this is the full set from 2018. I
fully researched the git history for each issue here and suggested
mitigations where practical.

Looking back before 2018, there are ~200 further CVEs I have seen
affecting QEMU. Ideally we'd create records for each of those, but that
will be more time consuming and not a high priority.

Typically it has taken me about 10 minutes on average to create each CVE
file, including time to find historical commits, so the extra work is
quite small, especially compared to actually fixing the code. Ideally
maintainers responsible for the code would create the security notice,
but it could be anyone with an understanding of the issue/code.

Some ideas for future work to take advantage of the machine readable
data format

 - Instead of browsing a list of notices and checking each one to
   see if your version is affected, generate reports for each release
   tag in git listing the flaws that apply.

 - Automated report generation
    - How quickly bugs are fixed since being reported
    - Which areas of code are most affected by flaws (useful
      for distros deciding to cull features)
    - Long term rates of bug reporting (already see 2018
      appears much better than 2016/2017, possibly going
      to be lowest number of CVEs since 2012 !)

Finally, this will all look familiar to anyone following libvirt
as we use the same framework for libvirt security notices:

   https://security.libvirt.org/
   https://libvirt.org/git/?p=libvirt-security-notice.git;a=log

I've made a number of changes for QEMU to better suit the way
QEMU works (only 1 git repo to follow, merge commits, integration
with jekyll templating)

Daniel P. Berrangé (4):
  Underline the current page section
  Introduce content and tools for managing security notices
  Add vulnerability reports for 2018
  Update pre-rendered content

 _config.yml                                  |    4 +
 _includes/nav.html                           |    3 +-
 _layouts/secnotice.html                      |   22 +
 assets/css/style-desktop.css                 |    2 +
 assets/css/style.css                         |   47 +
 secnotice/2018/001.html                      | 1043 +++++++++++++++++
 secnotice/2018/001.txt                       |  210 ++++
 secnotice/2018/001.xml                       |  248 ++++
 secnotice/2018/002.html                      | 1044 +++++++++++++++++
 secnotice/2018/002.txt                       |  206 ++++
 secnotice/2018/002.xml                       |  242 ++++
 secnotice/2018/003.html                      |  766 +++++++++++++
 secnotice/2018/003.txt                       |  160 +++
 secnotice/2018/003.xml                       |  191 ++++
 secnotice/2018/004.html                      | 1045 +++++++++++++++++
 secnotice/2018/004.txt                       |  206 ++++
 secnotice/2018/004.xml                       |  243 ++++
 secnotice/2018/005.html                      |  952 ++++++++++++++++
 secnotice/2018/005.txt                       |  191 ++++
 secnotice/2018/005.xml                       |  225 ++++
 secnotice/2018/006.html                      | 1056 ++++++++++++++++++
 secnotice/2018/006.txt                       |  210 ++++
 secnotice/2018/006.xml                       |  247 ++++
 secnotice/2018/007.html                      |  820 ++++++++++++++
 secnotice/2018/007.txt                       |  169 +++
 secnotice/2018/007.xml                       |  201 ++++
 secnotice/2018/008.html                      |  952 ++++++++++++++++
 secnotice/2018/008.txt                       |  191 ++++
 secnotice/2018/008.xml                       |  225 ++++
 secnotice/2018/009.html                      |  952 ++++++++++++++++
 secnotice/2018/009.txt                       |  192 ++++
 secnotice/2018/009.xml                       |  225 ++++
 secnotice/2018/010.html                      |  940 ++++++++++++++++
 secnotice/2018/010.txt                       |  188 ++++
 secnotice/2018/010.xml                       |  223 ++++
 secnotice/2018/011.html                      |  823 ++++++++++++++
 secnotice/2018/011.txt                       |  169 +++
 secnotice/2018/011.xml                       |  199 ++++
 secnotice/2018/index.html                    |   46 +
 secnotice/2018/index.xml                     |   13 +
 secnotice/Makefile                           |   40 +
 secnotice/README-template.md                 |   78 ++
 secnotice/README.md                          |   20 +
 secnotice/_scripts/index-html.xsl            |   72 ++
 secnotice/_scripts/index-xml                 |   28 +
 secnotice/_scripts/notice-html.xsl           |  286 +++++
 secnotice/_scripts/notice-txt.xsl            |  277 +++++
 secnotice/_scripts/report-vulnerable-tags.pl |  135 +++
 secnotice/index.html                         |   46 +
 secnotice/index.xml                          |   13 +
 secnotice/template.xml                       |   50 +
 51 files changed, 16135 insertions(+), 1 deletion(-)
 create mode 100644 _layouts/secnotice.html
 create mode 100644 secnotice/2018/001.html
 create mode 100644 secnotice/2018/001.txt
 create mode 100644 secnotice/2018/001.xml
 create mode 100644 secnotice/2018/002.html
 create mode 100644 secnotice/2018/002.txt
 create mode 100644 secnotice/2018/002.xml
 create mode 100644 secnotice/2018/003.html
 create mode 100644 secnotice/2018/003.txt
 create mode 100644 secnotice/2018/003.xml
 create mode 100644 secnotice/2018/004.html
 create mode 100644 secnotice/2018/004.txt
 create mode 100644 secnotice/2018/004.xml
 create mode 100644 secnotice/2018/005.html
 create mode 100644 secnotice/2018/005.txt
 create mode 100644 secnotice/2018/005.xml
 create mode 100644 secnotice/2018/006.html
 create mode 100644 secnotice/2018/006.txt
 create mode 100644 secnotice/2018/006.xml
 create mode 100644 secnotice/2018/007.html
 create mode 100644 secnotice/2018/007.txt
 create mode 100644 secnotice/2018/007.xml
 create mode 100644 secnotice/2018/008.html
 create mode 100644 secnotice/2018/008.txt
 create mode 100644 secnotice/2018/008.xml
 create mode 100644 secnotice/2018/009.html
 create mode 100644 secnotice/2018/009.txt
 create mode 100644 secnotice/2018/009.xml
 create mode 100644 secnotice/2018/010.html
 create mode 100644 secnotice/2018/010.txt
 create mode 100644 secnotice/2018/010.xml
 create mode 100644 secnotice/2018/011.html
 create mode 100644 secnotice/2018/011.txt
 create mode 100644 secnotice/2018/011.xml
 create mode 100644 secnotice/2018/index.html
 create mode 100644 secnotice/2018/index.xml
 create mode 100644 secnotice/Makefile
 create mode 100644 secnotice/README-template.md
 create mode 100644 secnotice/README.md
 create mode 100644 secnotice/_scripts/index-html.xsl
 create mode 100755 secnotice/_scripts/index-xml
 create mode 100644 secnotice/_scripts/notice-html.xsl
 create mode 100644 secnotice/_scripts/notice-txt.xsl
 create mode 100644 secnotice/_scripts/report-vulnerable-tags.pl
 create mode 100644 secnotice/index.html
 create mode 100644 secnotice/index.xml
 create mode 100644 secnotice/template.xml

-- 
2.17.2

[Qemu-devel] [web PATCH 1/4] Underline the current page section

[Daniel P. Berrangé]

The current page section is rendered in bold text but this is rather
subtle to see at a glance. Add a single pixel high underline to make
it more visible.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
 assets/css/style-desktop.css | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/assets/css/style-desktop.css b/assets/css/style-desktop.css
index 44ea0c7..c7800b9 100644
--- a/assets/css/style-desktop.css
+++ b/assets/css/style-desktop.css
@@ -271,6 +271,8 @@
 		#nav li.current a
 		{
 			font-weight: 500;
+			border-bottom: 1px solid #F0A833;
+			padding-bottom: 2px;
 		}
 
 /*
-- 
2.17.2

[Qemu-devel] [web PATCH 2/4] Introduce content and tools for managing security notices

[Daniel P. Berrangé]

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
 _config.yml                                  |   4 +
 _includes/nav.html                           |   3 +-
 _layouts/secnotice.html                      |  22 ++
 assets/css/style.css                         |  47 +++
 secnotice/Makefile                           |  40 +++
 secnotice/README-template.md                 |  78 +++++
 secnotice/README.md                          |  20 ++
 secnotice/_scripts/index-html.xsl            |  72 +++++
 secnotice/_scripts/index-xml                 |  28 ++
 secnotice/_scripts/notice-html.xsl           | 286 +++++++++++++++++++
 secnotice/_scripts/notice-txt.xsl            | 277 ++++++++++++++++++
 secnotice/_scripts/report-vulnerable-tags.pl | 135 +++++++++
 secnotice/template.xml                       |  50 ++++
 13 files changed, 1061 insertions(+), 1 deletion(-)
 create mode 100644 _layouts/secnotice.html
 create mode 100644 secnotice/Makefile
 create mode 100644 secnotice/README-template.md
 create mode 100644 secnotice/README.md
 create mode 100644 secnotice/_scripts/index-html.xsl
 create mode 100755 secnotice/_scripts/index-xml
 create mode 100644 secnotice/_scripts/notice-html.xsl
 create mode 100644 secnotice/_scripts/notice-txt.xsl
 create mode 100644 secnotice/_scripts/report-vulnerable-tags.pl
 create mode 100644 secnotice/template.xml

diff --git a/_config.yml b/_config.yml
index 0a0201c..6fddace 100644
--- a/_config.yml
+++ b/_config.yml
@@ -37,3 +37,7 @@ gems:
 exclude:
   - Gemfile
   - Gemfile.lock
+  - Makefile
+  - secalert/README.md
+  - secalert/README-template.md
+  - secalert/template.xml
diff --git a/_includes/nav.html b/_includes/nav.html
index 241d83e..350de6d 100644
--- a/_includes/nav.html
+++ b/_includes/nav.html
@@ -6,7 +6,8 @@
 			</li><li {% if current[1] == 'download' %}class='current'{% endif %}><a href="/download">Download</a>
 			</li><li {% if current[1] == 'contribute' %}class='current'{% endif %}><a href="/contribute">Contribute</a>
 			</li><li {% if current[1] == 'documentation' %}class='current'{% endif %}><a href="/documentation">Documentation</a>
-			</li><li {% if current[1] == 'blog' %}class='current'{% endif %}><a href="/blog">Blog</a></li>
+			</li><li {% if current[1] == 'blog' %}class='current'{% endif %}><a href="/blog">Blog</a>
+			</li><li {% if current[1] == 'secnotice' %}class='current'{% endif %}><a href="/secnotice">Security Notices</a></li>
 		</ul>
 	</nav>
 
diff --git a/_layouts/secnotice.html b/_layouts/secnotice.html
new file mode 100644
index 0000000..b30c036
--- /dev/null
+++ b/_layouts/secnotice.html
@@ -0,0 +1,22 @@
+<!DOCTYPE HTML>
+<!--
+Linear by TEMPLATED
+templated.co @templatedco
+Released for free under the Creative Commons Attribution 3.0 license (templated.co/license)
+-->
+<html>
+<head>
+	<title>{{ page.title }} - {{ site.title }}</title>
+	{% include assets.html %}
+</head>
+<body class="secnotice">
+
+	{% include nav.html %}
+
+	{{ content }}
+
+	{% include footer.html %}
+	{% include copyright.html %}
+
+</body>
+</html>
diff --git a/assets/css/style.css b/assets/css/style.css
index b828887..dccffb0 100644
--- a/assets/css/style.css
+++ b/assets/css/style.css
@@ -590,3 +590,50 @@
 	{
 		margin-top: 1.5em;
 	}
+
+/*********************************************************************************/
+/* Security notices                                                              */
+/*********************************************************************************/
+
+	body.secnotice #main
+	{
+		width: 50%;
+	}
+
+	body.secnotice #sidebar
+	{
+		margin-top: 10em;
+		width: 30%;
+	}
+
+	body.secnotice p.altformat
+	{
+		font-size: smaller;
+		color: inherit;
+		text-align: right;
+	}
+
+	body.secnotice table.repository {
+	    border-spacing: 0px;
+	}
+
+	body.secnotice table.repository tbody th {
+	    text-align: right;
+	}
+
+	body.secnotice table.repository tbody th,
+	body.secnotice table.repository tbody td {
+	    padding: 2px;
+	}	
+
+	body.secnotice table.repository tbody td.fixedtag,
+	body.secnotice table.repository tbody td.mergedcommit {
+	    background: rgb(240,255,240);
+	}
+	body.secnotice table.repository tbody td.fixedcommit {
+	    background: rgb(240,240,255);
+	}
+
+	body.secnotice table.repository thead {
+	    background: rgb(240,240,240);
+	}
diff --git a/secnotice/Makefile b/secnotice/Makefile
new file mode 100644
index 0000000..fef2e8c
--- /dev/null
+++ b/secnotice/Makefile
@@ -0,0 +1,40 @@
+
+YEARS = $(wildcard 2???)
+
+INDEX_XML = index.xml $(YEARS:%=%/index.xml)
+INDEX_HTML = $(INDEX_XML:%.xml=%.html)
+
+NOTICE_XML = $(wildcard */???.xml)
+NOTICE_TXT = $(NOTICE_XML:%.xml=%.txt)
+NOTICE_HTML = $(NOTICE_XML:%.xml=%.html)
+
+all: $(INDEX_XML) $(INDEX_HTML) $(NOTICE_TXT) $(NOTICE_HTML)
+
+index.xml: $(NOTICE_XML) _scripts/index-xml Makefile
+	mkdir -p `dirname $@`
+	_scripts/index-xml $(sort $(NOTICE_XML)) > $@
+
+index.html: index.xml _scripts/index-html.xsl Makefile
+	xsltproc _scripts/index-html.xsl $< > $@
+
+%/index.xml: $(NOTICE_XML) _scripts/index-xml Makefile
+	mkdir -p `dirname $@`
+	DIR=`echo $@ | sed -e 's,/index.xml,,'`
+	rm -f $@
+	_scripts/index-xml $(sort $(wildcard $(@:%/index.xml=%/)???.xml)) > $@
+
+%/index.html: %/index.xml _scripts/index-html.xsl Makefile
+	xsltproc --stringparam permalink $(@:%/index.html=/secnotice/%/) _scripts/index-html.xsl $< > $@
+
+%.txt: %.xml _scripts/notice-txt.xsl Makefile
+	mkdir -p `dirname $@`
+	xsltproc _scripts/notice-txt.xsl $< > $@
+
+%.html: %.xml _scripts/notice-html.xsl Makefile
+	mkdir -p `dirname $@`
+	xsltproc _scripts/notice-html.xsl $< > $@
+
+clean:
+	rm -rf index.{xml,html}
+	rm -rf */index.{xml,html}
+	rm -rf */*.{txt,html}
diff --git a/secnotice/README-template.md b/secnotice/README-template.md
new file mode 100644
index 0000000..2b80dca
--- /dev/null
+++ b/secnotice/README-template.md
@@ -0,0 +1,78 @@
+QEMU Security Notice Schema
+===========================
+
+The top level element of a QEMU security notice has a name of
+``security-notice`` and is in an XML namespace of
+``http://qemu.org/xmlns/security-notice/1.0``
+
+Basic metadata
+--------------
+
+The ``id`` element content is a pair of 4 digit numbers uniquely identifying
+the security issue. By convention the first 4 digit number is the year in which
+it was reported and the second number is an integer value that is unique within
+the year, monotonically incrementing from 1. eg the 137th issue reported in
+2013 would have an id of ``2013-0137``
+
+The ``summary`` element is a short, single line description of the flaw,
+ideally 80 characters or less to make it suitable for use in email subject
+lines or git commit messages.
+
+The ``credits`` element provides information on persons involved with the flaw.
+It permits the child elements ``reporter`` or ``patcher`` each of which can be
+repeated zero or more times. Both elements contain two further child elements
+``email`` and ``name`` with the former providing the email address and the
+latter providing the full name. At least one of ``email`` and ``name`` must
+be provided.
+
+The ``lifecycle`` element provides date on key milestones in handling of the
+issue. It contains between one and three child elements, ``reported``,
+``published`` and ``fixed``. The ``reported`` element says the date on which
+the QEMU security received notification of the issue. The ``published`` element
+says the date on which the issue was revealed to the public. The ``fixed``
+element says the date on which the issue was patched in the primary code branch
+(typically GIT master).
+
+The ``reference`` element provides details of related resources. It will have
+one or more child elements which can be either ``advisory`` or ``bug``. An
+``advisory`` element includes a ``type`` and ``id`` attribute where ``type`` is
+currently allowed to be ``CVE`` and ``id`` is the identifier of the report. A
+``bug`` element includes ``tracker`` and ``id`` attributes where ``tracker`` is
+allowed to be ``redhat``, ``debian`` or a short name for another vendors' bug
+tracker.
+
+Descriptive data
+----------------
+
+There are three free form text elements providing descriptive data about the
+issue. The data will usually be inside a CDATA block.
+
+The ``description`` element content is an expanded version of the ``summary``
+element content, describing what the flaw is.
+
+The ``impact`` element content describes the implications of the security
+issue. ie what can a malicious user do with the flaw.
+
+The ``workaround`` element content describes any steps that an administrator
+can take to eliminate or at least mitigate the impact of the flaw.
+
+
+Product data
+------------
+
+The ``product`` element provides information about the codebase of the affected
+products. The ``name`` attribute is the name of a QEMU product, typically based
+on the tar.gz archive name with the suffix stripped. This contains a child
+``repository`` element which is a URL to the master GIT repository. There is
+then one or more ``branch`` elements which details the state of affected
+branches.
+
+The first child of the ``branch`` element is a ``name`` giving the branch name,
+eg ``master``, ``v1.0.1-maint``, etc. There are then zero or more ``tag`` or
+``change`` child elements with a ``state`` attribute of ``vulnerable`` or
+``fixed``. The ``tag`` element content details the name of the GIT tag(s) on
+that branch are vulnerable and which tags are fixed. The ``change`` element
+content details the GIT hash of the change(s) which both introduce and fix the
+flaw. The same vulnerable change hash may appear under multiple ``branch``
+elements since branches will share large portions of their history. The fix
+hash will however usually be different.
diff --git a/secnotice/README.md b/secnotice/README.md
new file mode 100644
index 0000000..643076d
--- /dev/null
+++ b/secnotice/README.md
@@ -0,0 +1,20 @@
+QEMU Security Notices
+=====================
+
+This directory records all QEMU Security Notices that are issued.
+
+Notices must only added to this directory once any embargo is lifted, since the
+GIT repository is fully public.
+
+Notices are written in XML in a file ``$YEAR/$NUM.xml`` eg ``2014/0001.xml``.
+Assign numbers incrementally as new issues are reported.  More details on the
+XML format can be found in `README-schema.rst``.
+
+When a new notice is published for the first time, send the text rendering of
+the notice to the ``qemu-devel@nongnu.org``
+
+When backporting security fixes to ``stable-X.Y`` branches, update the notice
+with details of the backported changeset hash.
+
+When doing a formal stable release, update the notices included with the release
+tag name.
diff --git a/secnotice/_scripts/index-html.xsl b/secnotice/_scripts/index-html.xsl
new file mode 100644
index 0000000..71ae716
--- /dev/null
+++ b/secnotice/_scripts/index-html.xsl
@@ -0,0 +1,72 @@
+<!--
+  - This program is free software; you can redistribute it and/or modify
+  - it under the terms of the GNU General Public License as published by
+  - the Free Software Foundation; either version 2 of the License, or
+  - (at your option) any later version.
+  -
+  - This program is distributed in the hope that it will be useful,
+  - but WITHOUT ANY WARRANTY; without even the implied warranty of
+  - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  - GNU General Public License for more details.
+  -
+  - You should have received a copy of the GNU General Public License
+  - along with this program.  If not, see
+  - <http://www.gnu.org/licenses/>.
+  -->
+<xsl:stylesheet
+  xmlns="http://www.w3.org/1999/xhtml"
+  xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
+  xmlns:qsn="http://qemu.org/xmlns/security-notice/1.0"
+  xmlns:qsnl="http://qemu.org/xmlns/security-notice-list/1.0"
+  exclude-result-prefixes="xsl qsn qsnl"
+  version="1.0">
+
+  <xsl:output omit-xml-declaration="yes" method="xml" indent="yes" />
+
+  <xsl:param name="permalink" select="'/secnotice/'"/>
+
+  <xsl:template match="/qsnl:security-notice-list">---
+title: QEMU Security Notices
+permalink: <xsl:value-of select="$permalink"/>
+---
+
+   <p>
+     If you believe you have identified a new security issue in QEMU, please
+     follow the <a href="https://wiki.qemu.org/SecurityProcess">security process</a>
+     to report it in a non-public way. Do <strong>NOT</strong> use the bug tracker,
+     mailing lists, or IRC to report non-public security issues.
+   </p>
+
+    <ul>
+      <xsl:apply-templates select="qsnl:security-notice">
+	<xsl:sort select="@name" order="descending" />
+      </xsl:apply-templates>
+    </ul>
+
+    <p class="alt">
+      Alternative formats: <a href="index.xml">[xml]</a>
+    </p>
+  </xsl:template>
+
+  <xsl:template name="qsnhref">
+    <xsl:param name="id"/>
+
+    <xsl:variable name="dir" select="substring-before($id, '-')"/>
+    <xsl:variable name="file" select="substring-after($id, '-')"/>
+
+    <xsl:value-of select="concat($dir, '/', $file)"/>
+  </xsl:template>
+
+  <xsl:template match="qsnl:security-notice">
+    <xsl:variable name="notice" select="document(concat('../../', @name))"/>
+    <xsl:variable name="id" select="$notice/qsn:security-notice/qsn:id"/>
+    <xsl:variable name="summary" select="$notice/qsn:security-notice/qsn:summary"/>
+    <xsl:variable name="href">
+      <xsl:call-template name="qsnhref">
+	<xsl:with-param name="id" select="$id"/>
+      </xsl:call-template>
+    </xsl:variable>
+
+    <li><a href="{$href}">QSN-<xsl:value-of select="$id"/>: <xsl:value-of select="$summary"/></a></li>
+  </xsl:template>
+</xsl:stylesheet>
diff --git a/secnotice/_scripts/index-xml b/secnotice/_scripts/index-xml
new file mode 100755
index 0000000..67de29f
--- /dev/null
+++ b/secnotice/_scripts/index-xml
@@ -0,0 +1,28 @@
+#!/bin/bash
+#
+# Copyright (C) 2013-2014 Red Hat, Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see
+# <http://www.gnu.org/licenses/>.
+
+set -e
+
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+
+echo '<security-notice-list xmlns="http://qemu.org/xmlns/security-notice-list/1.0">'
+for n in $@
+do
+  echo "  <security-notice name='/secnotice/$n'/>"
+done
+echo '</security-notice-list>'
diff --git a/secnotice/_scripts/notice-html.xsl b/secnotice/_scripts/notice-html.xsl
new file mode 100644
index 0000000..50ba802
--- /dev/null
+++ b/secnotice/_scripts/notice-html.xsl
@@ -0,0 +1,286 @@
+<!--
+  - This program is free software; you can redistribute it and/or modify
+  - it under the terms of the GNU General Public License as published by
+  - the Free Software Foundation; either version 2 of the License, or
+  - (at your option) any later version.
+  -
+  - This program is distributed in the hope that it will be useful,
+  - but WITHOUT ANY WARRANTY; without even the implied warranty of
+  - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  - GNU General Public License for more details.
+  -
+  - You should have received a copy of the GNU General Public License
+  - along with this program.  If not, see
+  - <http://www.gnu.org/licenses/>.
+  -->
+<xsl:stylesheet
+  xmlns="http://www.w3.org/1999/xhtml"
+  xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
+  xmlns:qsn="http://qemu.org/xmlns/security-notice/1.0"
+  exclude-result-prefixes="xsl qsn"
+  version="1.0">
+
+  <xsl:output omit-xml-declaration="yes" method="xml" indent="yes" />
+
+  <xsl:template name="selfhref">
+    <xsl:param name="id"/>
+    <xsl:param name="ext"/>
+
+    <xsl:variable name="dir" select="substring-before($id, '-')"/>
+    <xsl:variable name="file" select="substring-after($id, '-')"/>
+
+    <xsl:value-of select="concat('/secnotice/', $dir, '/', $file, $ext)"/>
+  </xsl:template>
+
+  <xsl:template match="/qsn:security-notice">---
+title: 'QSN-<xsl:value-of select="qsn:id"/>: <xsl:value-of select="qsn:summary"/>'
+layout: secnotice
+permalink: <xsl:call-template name="selfhref">
+  <xsl:with-param name="id" select="qsn:id"/>
+</xsl:call-template>
+---
+
+    <div id="main">
+      <div class="container">
+
+	<h2>
+	  <xsl:value-of select="qsn:summary"/>
+	</h2>
+
+	<xsl:apply-templates select="qsn:lifecycle"/>
+	<xsl:apply-templates select="qsn:credits"/>
+
+	<xsl:apply-templates select="qsn:reference"/>
+	<xsl:apply-templates select="qsn:description"/>
+	<xsl:apply-templates select="qsn:impact"/>
+	<xsl:apply-templates select="qsn:mitigation"/>
+
+	<xsl:call-template name="selflink"/>
+      </div>
+    </div>
+
+    <div id="sidebar">
+      <div class="container">
+	<section>
+	  <header>
+	    <h2>Related commits</h2>
+	  </header>
+	  <xsl:apply-templates select="qsn:repository"/>
+	</section>
+      </div>
+    </div>
+  </xsl:template>
+
+  <xsl:template name="selflink">
+    <p class="altformat">
+      Alternative formats:
+      <a>
+	<xsl:attribute name="href">
+	  <xsl:call-template name="selfhref">
+	    <xsl:with-param name="id" select="qsn:id"/>
+	    <xsl:with-param name="ext" select="'.xml'"/>
+	  </xsl:call-template>
+	</xsl:attribute>
+	<xsl:text>[xml]</xsl:text>
+      </a>
+      <xsl:text> </xsl:text>
+      <a>
+	<xsl:attribute name="href">
+	  <xsl:call-template name="selfhref">
+	    <xsl:with-param name="id" select="qsn:id"/>
+	    <xsl:with-param name="ext" select="'.txt'"/>
+	  </xsl:call-template>
+	</xsl:attribute>
+	<xsl:text>[text]</xsl:text>
+      </a>
+    </p>
+  </xsl:template>
+
+  <xsl:template match="qsn:lifecycle">
+    <h3>Lifecycle</h3>
+    <table>
+      <tr>
+	<th>Reported on:</th>
+	<td><xsl:value-of select="qsn:reported"/></td>
+      </tr>
+      <tr>
+	<th>Published on:</th>
+	<td><xsl:value-of select="qsn:published"/></td>
+      </tr>
+      <tr>
+	<th>Fixed on:</th>
+	<td><xsl:value-of select="qsn:fixed"/></td>
+      </tr>
+    </table>
+  </xsl:template>
+
+  <xsl:template match="qsn:credits">
+    <h3>Credits</h3>
+    <table>
+      <xsl:for-each select="qsn:reporter">
+	<tr>
+	  <xsl:if test="position() = 1">
+	    <th>Reported by:</th>
+	  </xsl:if>
+	  <xsl:if test="position() > 1">
+	    <th></th>
+	  </xsl:if>
+	  <td>
+	    <a href="mailto:{qsn:email}"><xsl:value-of select="qsn:name"/></a>
+	  </td>
+	</tr>
+      </xsl:for-each>
+      <xsl:for-each select="qsn:patcher">
+	<tr>
+	  <xsl:if test="position() = 1">
+	    <th>Patched by:</th>
+	  </xsl:if>
+	  <xsl:if test="position() > 1">
+	    <th></th>
+	  </xsl:if>
+	  <td>
+	    <a href="mailto:{qsn:email}"><xsl:value-of select="qsn:name"/></a>
+	  </td>
+	</tr>
+      </xsl:for-each>
+    </table>
+  </xsl:template>
+
+  <xsl:template match="qsn:advisory">
+    <xsl:choose>
+      <xsl:when test="@type='CVE'">
+	<a href="https://nvd.nist.gov/vuln/detail/CVE-{@id}">
+	  <xsl:text>CVE-</xsl:text>
+	  <xsl:value-of select="@id"/>
+	</a>
+      </xsl:when>
+      <xsl:otherwise>
+	<xsl:value-of select="@type"/>
+	<xsl:text>-</xsl:text>
+	<xsl:value-of select="@id"/>
+      </xsl:otherwise>
+    </xsl:choose>
+  </xsl:template>
+
+  <xsl:template match="qsn:bug">
+    <xsl:value-of select="@tracker"/>
+    <xsl:text> bug #</xsl:text>
+    <xsl:value-of select="@id"/>
+  </xsl:template>
+
+  <xsl:template match="qsn:reference">
+    <h3>See also</h3>
+    <ul>
+    <xsl:for-each select="qsn:advisory|qsn:bug">
+      <li><xsl:apply-templates select="."/></li>
+    </xsl:for-each>
+    </ul>
+  </xsl:template>
+
+  <xsl:template match="qsn:description">
+    <h3>Description</h3>
+    <p>
+      <xsl:value-of select="."/>
+    </p>
+  </xsl:template>
+
+  <xsl:template match="qsn:impact">
+    <h3>Impact</h3>
+    <p>
+      <xsl:value-of select="."/>
+    </p>
+  </xsl:template>
+
+  <xsl:template match="qsn:mitigation">
+    <h3>Mitigation</h3>
+    <p>
+      <xsl:value-of select="."/>
+    </p>
+  </xsl:template>
+
+  <xsl:template name="gitbranch">
+    <xsl:param name="branch"/>
+
+    <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/{$branch}"><xsl:value-of select="$branch"/></a>
+  </xsl:template>
+
+  <xsl:template name="gittag">
+    <xsl:param name="tag"/>
+
+    <a href="http://git.qemu.org/?p=qemu.git;a=tag;h={$tag}"><xsl:value-of select="$tag"/></a>
+  </xsl:template>
+
+  <xsl:template name="gitchange">
+    <xsl:param name="change"/>
+
+    <a href="http://git.qemu.org/?p=qemu.git;a=commit;h={$change}"><xsl:value-of select="$change"/></a>
+  </xsl:template>
+
+  <xsl:template match="qsn:repository">
+    <xsl:for-each select="qsn:branch">
+      <table class="repository">
+	<thead>
+	  <tr>
+	    <th colspan="2">Branch:
+	      <xsl:call-template name="gitbranch">
+		<xsl:with-param name="branch" select="qsn:name"/>
+	      </xsl:call-template>
+	    </th>
+	  </tr>
+	</thead>
+	<tbody>
+	  <xsl:for-each select="qsn:tag[@state='fixed']">
+	    <tr>
+	      <th>Fixed in:</th>
+	      <td class="fixedtag">
+		<xsl:call-template name="gittag">
+		  <xsl:with-param name="tag" select="."/>
+		</xsl:call-template>
+	      </td>
+	    </tr>
+	  </xsl:for-each>
+	  <xsl:for-each select="qsn:change[@state='fixed']">
+	    <tr>
+	      <th>Fixed by:</th>
+	      <td class="fixedcommit">
+		<xsl:call-template name="gitchange">
+		  <xsl:with-param name="change" select="."/>
+		</xsl:call-template>
+	      </td>
+	    </tr>
+	  </xsl:for-each>
+	  <xsl:for-each select="qsn:change[@state='merged']">
+	    <tr>
+	      <th>Merged by:</th>
+	      <td class="mergedcommit">
+		<xsl:call-template name="gitchange">
+		  <xsl:with-param name="change" select="."/>
+		</xsl:call-template>
+	      </td>
+	    </tr>
+	  </xsl:for-each>
+	  <xsl:for-each select="qsn:tag[@state='vulnerable']">
+	    <tr>
+	      <th>Broken in:</th>
+	      <td class="brokentag">
+		<xsl:call-template name="gittag">
+		  <xsl:with-param name="tag" select="."/>
+		</xsl:call-template>
+	      </td>
+	  </tr>
+	  </xsl:for-each>
+	  <xsl:for-each select="qsn:change[@state='vulnerable']">
+	    <tr>
+	      <th>Broken by:</th>
+	      <td class="brokencommit">
+		<xsl:call-template name="gitchange">
+		  <xsl:with-param name="change" select="."/>
+		</xsl:call-template>
+	      </td>
+	    </tr>
+	  </xsl:for-each>
+	</tbody>
+      </table>
+    </xsl:for-each>
+  </xsl:template>
+</xsl:stylesheet>
diff --git a/secnotice/_scripts/notice-txt.xsl b/secnotice/_scripts/notice-txt.xsl
new file mode 100644
index 0000000..dc4c125
--- /dev/null
+++ b/secnotice/_scripts/notice-txt.xsl
@@ -0,0 +1,277 @@
+<!--
+  - This program is free software; you can redistribute it and/or modify
+  - it under the terms of the GNU General Public License as published by
+  - the Free Software Foundation; either version 2 of the License, or
+  - (at your option) any later version.
+  -
+  - This program is distributed in the hope that it will be useful,
+  - but WITHOUT ANY WARRANTY; without even the implied warranty of
+  - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  - GNU General Public License for more details.
+  -
+  - You should have received a copy of the GNU General Public License
+  - along with this program.  If not, see
+  - <http://www.gnu.org/licenses/>.
+  -->
+<xsl:stylesheet
+  xmlns="http://www.w3.org/1999/xhtml"
+  xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
+  xmlns:qsn="http://qemu.org/xmlns/security-notice/1.0"
+  exclude-result-prefixes="xsl qsn"
+  version="1.0">
+
+  <xsl:output method="text"/>
+
+  <xsl:variable name="nl">
+    <xsl:text>
+</xsl:text>
+  </xsl:variable>
+
+  <!-- based on http://plasmasturm.org/log/xslwordwrap/ -->
+  <!-- Copyright 2010 Aristotle Pagaltzis; under the MIT licence -->
+  <!-- http://www.opensource.org/licenses/mit-license.php -->
+  <xsl:template name="wrap-string">
+    <xsl:param name="str" />
+    <xsl:param name="wrap-col" />
+    <xsl:param name="break-mark" />
+    <xsl:param name="pos" select="0" />
+    <xsl:choose>
+      <xsl:when test="contains( $str, ' ' )">
+	<xsl:variable name="first-word" select="substring-before( $str, ' ' )" />
+	<xsl:variable name="pos-now" select="$pos + 1 + string-length( $first-word )" />
+	<xsl:choose>
+          <xsl:when test="$pos > 0 and $pos-now >= $wrap-col">
+            <xsl:copy-of select="$break-mark" />
+            <xsl:call-template name="wrap-string">
+              <xsl:with-param name="str" select="$str" />
+              <xsl:with-param name="wrap-col" select="$wrap-col" />
+              <xsl:with-param name="break-mark" select="$break-mark" />
+              <xsl:with-param name="pos" select="0" />
+            </xsl:call-template>
+          </xsl:when>
+          <xsl:otherwise>
+            <xsl:if test="$pos > 0">
+              <xsl:text> </xsl:text>
+            </xsl:if>
+            <xsl:value-of select="$first-word" />
+            <xsl:call-template name="wrap-string">
+              <xsl:with-param name="str" select="substring-after( $str, ' ' )" />
+              <xsl:with-param name="wrap-col" select="$wrap-col" />
+              <xsl:with-param name="break-mark" select="$break-mark" />
+              <xsl:with-param name="pos" select="$pos-now" />
+            </xsl:call-template>
+          </xsl:otherwise>
+	</xsl:choose>
+      </xsl:when>
+      <xsl:otherwise>
+	<xsl:choose>
+          <xsl:when test="$pos + string-length( $str ) >= $wrap-col">
+            <xsl:copy-of select="$break-mark" />
+          </xsl:when>
+          <xsl:otherwise>
+            <xsl:if test="$pos > 0">
+              <xsl:text> </xsl:text>
+            </xsl:if>
+          </xsl:otherwise>
+	</xsl:choose>
+	<xsl:value-of select="$str" />
+      </xsl:otherwise>
+    </xsl:choose>
+  </xsl:template>
+
+  <xsl:template match="/qsn:security-notice">
+    <xsl:text>        QEMU Security Notice: QSN-</xsl:text>
+    <xsl:value-of select="qsn:id"/>
+    <xsl:value-of select="$nl"/>
+    <xsl:text>        ==================================</xsl:text>
+    <xsl:value-of select="$nl"/>
+
+    <xsl:value-of select="$nl"/>
+
+
+    <xsl:apply-templates select="qsn:summary"/>
+    <xsl:apply-templates select="qsn:lifecycle"/>
+    <xsl:apply-templates select="qsn:credits"/>
+    <xsl:apply-templates select="qsn:reference"/>
+    <xsl:apply-templates select="qsn:description"/>
+    <xsl:apply-templates select="qsn:impact"/>
+    <xsl:apply-templates select="qsn:mitigation"/>
+    <xsl:apply-templates select="qsn:repository"/>
+  </xsl:template>
+
+  <xsl:template match="qsn:summary">
+    <xsl:text>       Summary: </xsl:text>
+    <xsl:call-template name="wrap-string">
+      <xsl:with-param name="str" select="normalize-space(.)"/>
+      <xsl:with-param name="wrap-col" select="52"/>
+      <xsl:with-param name="break-mark" select="concat($nl, '                ')"/>
+    </xsl:call-template>
+    <xsl:value-of select="$nl"/>
+  </xsl:template>
+
+  <xsl:template match="qsn:lifecycle">
+    <xsl:text>   Reported on: </xsl:text>
+    <xsl:value-of select="qsn:reported"/>
+    <xsl:value-of select="$nl"/>
+
+    <xsl:text>  Published on: </xsl:text>
+    <xsl:value-of select="qsn:published"/>
+    <xsl:value-of select="$nl"/>
+
+    <xsl:text>      Fixed on: </xsl:text>
+    <xsl:value-of select="qsn:fixed"/>
+    <xsl:value-of select="$nl"/>
+  </xsl:template>
+
+  <xsl:template match="qsn:credits">
+    <xsl:text>   Reported by: </xsl:text>
+    <xsl:for-each select="qsn:reporter">
+      <xsl:if test="position() > 1">
+	<xsl:text>                </xsl:text>
+      </xsl:if>
+      <xsl:value-of select="qsn:name"/>
+      <xsl:text> &lt;</xsl:text>
+      <xsl:value-of select="qsn:email"/>
+      <xsl:text>&gt;</xsl:text>
+      <xsl:if test="position() != last()">
+	<xsl:value-of select="$nl"/>
+      </xsl:if>
+    </xsl:for-each>
+    <xsl:value-of select="$nl"/>
+    <xsl:text>    Patched by: </xsl:text>
+    <xsl:for-each select="qsn:patcher">
+      <xsl:if test="position() > 1">
+	<xsl:text>                </xsl:text>
+      </xsl:if>
+      <xsl:value-of select="qsn:name"/>
+      <xsl:text> &lt;</xsl:text>
+      <xsl:value-of select="qsn:email"/>
+      <xsl:text>&gt;</xsl:text>
+      <xsl:if test="position() != last()">
+	<xsl:value-of select="concat(',',$nl)"/>
+      </xsl:if>
+    </xsl:for-each>
+    <xsl:value-of select="$nl"/>
+  </xsl:template>
+
+  <xsl:template match="qsn:advisory">
+    <xsl:value-of select="@type"/>
+    <xsl:text>-</xsl:text>
+    <xsl:value-of select="@id"/>
+  </xsl:template>
+
+  <xsl:template match="qsn:bug">
+    <xsl:value-of select="@tracker"/>
+    <xsl:text> bug #</xsl:text>
+    <xsl:value-of select="@id"/>
+  </xsl:template>
+
+  <xsl:template match="qsn:reference">
+    <xsl:text>      See also: </xsl:text>
+    <xsl:variable name="refs">
+      <xsl:for-each select="qsn:advisory|qsn:bug">
+	<xsl:apply-templates select="."/>
+	<xsl:if test="position() != last()">
+	  <xsl:text>, </xsl:text>
+	</xsl:if>
+      </xsl:for-each>
+    </xsl:variable>
+    <xsl:call-template name="wrap-string">
+      <xsl:with-param name="str" select="$refs"/>
+      <xsl:with-param name="wrap-col" select="52"/>
+      <xsl:with-param name="break-mark" select="concat($nl, '                ')"/>
+    </xsl:call-template>
+    <xsl:value-of select="$nl"/>
+    <xsl:value-of select="$nl"/>
+  </xsl:template>
+
+  <xsl:template match="qsn:description">
+    <xsl:text>Description</xsl:text>
+    <xsl:value-of select="$nl"/>
+    <xsl:text>-----------</xsl:text>
+    <xsl:value-of select="$nl"/>
+    <xsl:value-of select="$nl"/>
+    <xsl:call-template name="wrap-string">
+      <xsl:with-param name="str" select="normalize-space(.)"/>
+      <xsl:with-param name="wrap-col" select="70"/>
+      <xsl:with-param name="break-mark" select="$nl"/>
+    </xsl:call-template>
+    <xsl:value-of select="$nl"/>
+    <xsl:value-of select="$nl"/>
+  </xsl:template>
+
+  <xsl:template match="qsn:impact">
+    <xsl:text>Impact</xsl:text>
+    <xsl:value-of select="$nl"/>
+    <xsl:text>------</xsl:text>
+    <xsl:value-of select="$nl"/>
+    <xsl:value-of select="$nl"/>
+    <xsl:call-template name="wrap-string">
+      <xsl:with-param name="str" select="normalize-space(.)"/>
+      <xsl:with-param name="wrap-col" select="70"/>
+      <xsl:with-param name="break-mark" select="$nl"/>
+    </xsl:call-template>
+    <xsl:value-of select="$nl"/>
+    <xsl:value-of select="$nl"/>
+  </xsl:template>
+
+  <xsl:template match="qsn:mitigation">
+    <xsl:text>Mitigation</xsl:text>
+    <xsl:value-of select="$nl"/>
+    <xsl:text>----------</xsl:text>
+    <xsl:value-of select="$nl"/>
+    <xsl:value-of select="$nl"/>
+    <xsl:call-template name="wrap-string">
+      <xsl:with-param name="str" select="normalize-space(.)"/>
+      <xsl:with-param name="wrap-col" select="70"/>
+      <xsl:with-param name="break-mark" select="$nl"/>
+    </xsl:call-template>
+    <xsl:value-of select="$nl"/>
+    <xsl:value-of select="$nl"/>
+  </xsl:template>
+
+
+  <xsl:template match="qsn:repository">
+    <xsl:text>Related commits</xsl:text>
+    <xsl:value-of select="$nl"/>
+    <xsl:text>----------------</xsl:text>
+    <xsl:value-of select="$nl"/>
+    <xsl:value-of select="$nl"/>
+    <xsl:text>  git://git.qemu.org/qemu.git</xsl:text>
+    <xsl:value-of select="$nl"/>
+    <xsl:text>  https://git.qemu.org/?p=qemu.git</xsl:text>
+    <xsl:value-of select="$nl"/>
+    <xsl:value-of select="$nl"/>
+
+    <xsl:for-each    select="qsn:branch">
+      <xsl:text>      Branch: </xsl:text>
+      <xsl:value-of select="qsn:name"/>
+      <xsl:value-of select="$nl"/>
+      <xsl:if test="count(qsn:tag)">
+	<xsl:for-each select="qsn:tag[@state='vulnerable']">
+	  <xsl:text>   Broken in: </xsl:text>
+	  <xsl:value-of select="."/>
+	  <xsl:value-of select="$nl"/>
+	</xsl:for-each>
+	<xsl:for-each select="qsn:tag[@state='fixed']">
+	  <xsl:text>    Fixed in: </xsl:text>
+	  <xsl:value-of select="."/>
+	  <xsl:value-of select="$nl"/>
+	</xsl:for-each>
+      </xsl:if>
+      <xsl:if test="count(qsn:change)">
+	<xsl:for-each select="qsn:change[@state='vulnerable']">
+	  <xsl:text>   Broken by: </xsl:text>
+	  <xsl:value-of select="."/>
+	  <xsl:value-of select="$nl"/>
+	</xsl:for-each>
+	<xsl:for-each select="qsn:change[@state='fixed']">
+	  <xsl:text>    Fixed by: </xsl:text>
+	  <xsl:value-of select="."/>
+	  <xsl:value-of select="$nl"/>
+	</xsl:for-each>
+      </xsl:if>
+      <xsl:value-of select="$nl"/>
+    </xsl:for-each>
+  </xsl:template>
+</xsl:stylesheet>
diff --git a/secnotice/_scripts/report-vulnerable-tags.pl b/secnotice/_scripts/report-vulnerable-tags.pl
new file mode 100644
index 0000000..3b89efd
--- /dev/null
+++ b/secnotice/_scripts/report-vulnerable-tags.pl
@@ -0,0 +1,135 @@
+#!/usr/bin/perl
+
+use strict;
+use warnings;
+
+use Sort::Versions;
+
+if (int(@ARGV) != 1 && int (@ARGV) != 2) {
+    die "syntax: $0 BROKEN-COMMIT [MERGED-COMMIT]\n";
+}
+
+my $broken = shift @ARGV;
+my $merged = shift @ARGV;
+
+sub get_tags {
+    my @args = @_;
+
+    my @tags;
+    open GIT, "-|", "git", "tag", @args or
+    die "cannot query 'git tags @args': $!\n";
+
+    while (<GIT>) {
+        chomp;
+
+        # Drop anything except  vN.N.N style tags
+        # where 'N' is only digits.
+        if (/^v(\d+)(\.\d+)+$/) {
+            push @tags, $_;
+        }
+    }
+
+    close GIT;
+
+    return @tags;
+}
+
+sub get_branch {
+    my $tag = shift;
+
+    my @branches;
+    open GIT, "-|", "git", "branch", "--all", "--contains", $tag or
+    die "cannot query 'git branch --all --contains $tag': $!\n";
+
+    while (<GIT>) {
+        chomp;
+
+        if (m,^\s*remotes/origin/(stable-.*)$,) {
+            push @branches, $1;
+        }
+    }
+
+    close GIT;
+
+    return @branches;
+}
+
+my @branches;
+my %tags;
+my %branches;
+
+my %merged;
+my $mergedtag;
+
+if (defined $merged) {
+    for my $tag (get_tags("--contains", $merged)) {
+	$merged{$tag} = 1;
+	$mergedtag = $tag unless defined $mergedtag;
+    }
+}
+
+$branches{"master"} = [];
+# Most tags live on master so lets get them first
+for my $tag (get_tags("--contains", $broken, "--merged", "master")) {
+    next if exists $merged{$tag};
+    push @{$branches{"master"}}, $tag;
+    $tags{$tag} = 1;
+}
+push @branches, "master";
+
+# Now we need slower work to find branches for
+# few remaining tags
+for my $tag (get_tags("--contains", $broken)) {
+
+    next if exists $tags{$tag};
+    next if exists $merged{$tag};
+    next if $tag =~ /v\d+\.\d+\.9\d/;
+
+    my @tagbranches = get_branch($tag);
+    if (int(@tagbranches) == 0) {
+	if ($tag =~ "^v0.10") {
+	    @tagbranches = ("stable-0.10")
+	} elsif ($tag =~ "^v0") {
+	    @tagbranches = ("master")
+	} else {
+	    print "Tag $tag doesn't appear in any branch\n";
+	    next;
+	}
+    }
+
+    if (int(@tagbranches) > 1) {
+        print "Tag $tag appears in multiple branches\n";
+    }
+
+    unless (exists($branches{$tagbranches[0]})) {
+        $branches{$tagbranches[0]} = [];
+        push @branches, $tagbranches[0];
+    }
+    push @{$branches{$tagbranches[0]}}, $tag;
+}
+
+
+foreach my $branch (sort versioncmp @branches) {
+    print "    <branch>\n";
+    print "      <name>$branch</name>\n";
+    if ($branch eq "master") {
+	print "      <change state=\"fixed\"></change>\n";
+	if (defined $merged) {
+	    print "      <change state=\"merged\">$merged</change>\n";
+	} else {
+	    print "      <change state=\"merged\"></change>\n";
+	}
+	if (defined $mergedtag) {
+	    print "      <tag state=\"fixed\">$mergedtag</tag>\n";
+	} else {
+	    print "      <tag state=\"fixed\"></tag>\n";
+	}
+    }
+
+    foreach my $tag (sort versioncmp @{$branches{$branch}}) {
+        print "      <tag state=\"vulnerable\">$tag</tag>\n";
+    }
+    print "      <change state=\"vulnerable\">$broken</change>\n";
+
+    print "    </branch>\n";
+}
diff --git a/secnotice/template.xml b/secnotice/template.xml
new file mode 100644
index 0000000..8f8a0d4
--- /dev/null
+++ b/secnotice/template.xml
@@ -0,0 +1,50 @@
+<security-notice xmlns="http://qemu.org/xmlns/security-notice/1.0">
+  <id>XXXX-XXX</id>
+
+  <summary></summary>
+
+  <description>
+<![CDATA[]]>
+  </description>
+
+  <impact>
+<![CDATA[]]>
+  </impact>
+
+  <workaround>
+<![CDATA[]]>
+  </workaround>
+
+  <credits>
+    <reporter>
+      <name></name>
+      <email></email>
+    </reporter>
+    <patcher>
+      <name></name>
+      <email></email>
+    </patcher>
+  </credits>
+
+  <lifecycle>
+    <reported></reported>
+    <published></published>
+    <fixed></fixed>
+  </lifecycle>
+
+  <reference>
+    <advisory type="CVE" id="XXXX-XXXX"/>
+  </reference>
+
+  <repository>
+    <branch>
+      <name>master</name>
+      <tag state="fixed"></tag>
+      <change state="fixed"></change>
+      <change state="merged"></change>
+      <change state="vulnerable"></change>
+      <tag state="vulnerable"></tag>
+    </branch>
+  </repository>
+
+</security-notice>
-- 
2.17.2

[Qemu-devel] [web PATCH 3/4] Add vulnerability reports for 2018

[Daniel P. Berrangé]

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
 secnotice/2018/001.xml | 248 +++++++++++++++++++++++++++++++++++++++++
 secnotice/2018/002.xml | 242 ++++++++++++++++++++++++++++++++++++++++
 secnotice/2018/003.xml | 191 +++++++++++++++++++++++++++++++
 secnotice/2018/004.xml | 243 ++++++++++++++++++++++++++++++++++++++++
 secnotice/2018/005.xml | 225 +++++++++++++++++++++++++++++++++++++
 secnotice/2018/006.xml | 247 ++++++++++++++++++++++++++++++++++++++++
 secnotice/2018/007.xml | 201 +++++++++++++++++++++++++++++++++
 secnotice/2018/008.xml | 225 +++++++++++++++++++++++++++++++++++++
 secnotice/2018/009.xml | 225 +++++++++++++++++++++++++++++++++++++
 secnotice/2018/010.xml | 223 ++++++++++++++++++++++++++++++++++++
 secnotice/2018/011.xml | 199 +++++++++++++++++++++++++++++++++
 11 files changed, 2469 insertions(+)
 create mode 100644 secnotice/2018/001.xml
 create mode 100644 secnotice/2018/002.xml
 create mode 100644 secnotice/2018/003.xml
 create mode 100644 secnotice/2018/004.xml
 create mode 100644 secnotice/2018/005.xml
 create mode 100644 secnotice/2018/006.xml
 create mode 100644 secnotice/2018/007.xml
 create mode 100644 secnotice/2018/008.xml
 create mode 100644 secnotice/2018/009.xml
 create mode 100644 secnotice/2018/010.xml
 create mode 100644 secnotice/2018/011.xml

diff --git a/secnotice/2018/001.xml b/secnotice/2018/001.xml
new file mode 100644
index 0000000..3636545
--- /dev/null
+++ b/secnotice/2018/001.xml
@@ -0,0 +1,248 @@
+<security-notice xmlns="http://qemu.org/xmlns/security-notice/1.0">
+  <id>2018-001</id>
+
+  <summary>Speculative store bypass</summary>
+
+  <description>
+<![CDATA[An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization).
+
+It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire).
+]]>
+  </description>
+
+  <impact>
+<![CDATA[As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks.]]>
+  </impact>
+
+  <mitigation>
+<![CDATA[None]]>
+  </mitigation>
+
+  <credits>
+    <reporter>
+      <name>Ken Johnson (Microsoft Security Response Center)</name>
+    </reporter>
+    <reporter>
+      <name>Jann Horn (Google Project Zero)</name>
+    </reporter>
+    <patcher>
+      <name>Daniel P. Berrangé</name>
+      <email>berrange@redhat.com</email>
+    </patcher>
+    <patcher>
+      <name>Konrad Rzeszutek Wilk</name>
+      <email>konrad.wilk@oracle.com</email>
+    </patcher>
+  </credits>
+
+  <lifecycle>
+    <reported>20180312</reported>
+    <published>20180521</published>
+    <fixed>20180626</fixed>
+  </lifecycle>
+
+  <reference>
+    <advisory type="CVE" id="2018-3639"/>
+  </reference>
+
+  <repository>
+    <branch>
+      <name>master</name>
+      <change state="fixed">d19d1f965904a533998739698020ff4ee8a103da</change>
+      <change state="fixed">403503b162ffc33fb64cfefdf7b880acf41772cd</change>
+      <change state="merged">4f50c1673a89b07f376ce5c42d22d79a79cd466d</change>
+      <change state="fixed">a764f3f7197f4d7ad8fe8424269933de912224cb</change>
+      <change state="merged">e409d9a158c77c650651e8118f6c86c8dc76eba6</change>
+      <tag state="fixed"></tag>
+      <tag state="vulnerable">v0.10.1</tag>
+      <tag state="vulnerable">v0.10.2</tag>
+      <tag state="vulnerable">v1.0</tag>
+      <tag state="vulnerable">v1.1.0</tag>
+      <tag state="vulnerable">v1.2.0</tag>
+      <tag state="vulnerable">v1.3.0</tag>
+      <tag state="vulnerable">v1.4.0</tag>
+      <tag state="vulnerable">v1.5.0</tag>
+      <tag state="vulnerable">v1.6.0</tag>
+      <tag state="vulnerable">v1.7.0</tag>
+      <tag state="vulnerable">v2.0.0</tag>
+      <tag state="vulnerable">v2.1.0</tag>
+      <tag state="vulnerable">v2.2.0</tag>
+      <tag state="vulnerable">v2.3.0</tag>
+      <tag state="vulnerable">v2.4.0</tag>
+      <tag state="vulnerable">v2.5.0</tag>
+      <tag state="vulnerable">v2.6.0</tag>
+      <tag state="vulnerable">v2.7.0</tag>
+      <tag state="vulnerable">v2.8.0</tag>
+      <tag state="vulnerable">v2.9.0</tag>
+      <tag state="vulnerable">v2.10.0</tag>
+      <tag state="vulnerable">v2.11.0</tag>
+      <tag state="vulnerable">v2.12.0</tag>
+      <tag state="vulnerable">v3.0.0</tag>
+      <change state="vulnerable">7ba1e61953f4592606e60b2e7507ff6a6faf861a</change>
+    </branch>
+    <branch>
+      <name>stable-0.10</name>
+      <tag state="vulnerable">v0.10.0</tag>
+      <tag state="vulnerable">v0.10.3</tag>
+      <tag state="vulnerable">v0.10.4</tag>
+      <tag state="vulnerable">v0.10.5</tag>
+      <tag state="vulnerable">v0.10.6</tag>
+      <change state="vulnerable">7ba1e61953f4592606e60b2e7507ff6a6faf861a</change>
+    </branch>
+    <branch>
+      <name>stable-0.11</name>
+      <tag state="vulnerable">v0.11.0</tag>
+      <tag state="vulnerable">v0.11.1</tag>
+      <change state="vulnerable">7ba1e61953f4592606e60b2e7507ff6a6faf861a</change>
+    </branch>
+    <branch>
+      <name>stable-0.12</name>
+      <tag state="vulnerable">v0.12.0</tag>
+      <tag state="vulnerable">v0.12.1</tag>
+      <tag state="vulnerable">v0.12.2</tag>
+      <tag state="vulnerable">v0.12.3</tag>
+      <tag state="vulnerable">v0.12.4</tag>
+      <tag state="vulnerable">v0.12.5</tag>
+      <change state="vulnerable">7ba1e61953f4592606e60b2e7507ff6a6faf861a</change>
+    </branch>
+    <branch>
+      <name>stable-0.13</name>
+      <tag state="vulnerable">v0.13.0</tag>
+      <change state="vulnerable">7ba1e61953f4592606e60b2e7507ff6a6faf861a</change>
+    </branch>
+    <branch>
+      <name>stable-0.14</name>
+      <tag state="vulnerable">v0.14.0</tag>
+      <tag state="vulnerable">v0.14.1</tag>
+      <change state="vulnerable">7ba1e61953f4592606e60b2e7507ff6a6faf861a</change>
+    </branch>
+    <branch>
+      <name>stable-0.15</name>
+      <tag state="vulnerable">v0.15.0</tag>
+      <tag state="vulnerable">v0.15.1</tag>
+      <change state="vulnerable">7ba1e61953f4592606e60b2e7507ff6a6faf861a</change>
+    </branch>
+    <branch>
+      <name>stable-1.0</name>
+      <tag state="vulnerable">v1.0.1</tag>
+      <change state="vulnerable">7ba1e61953f4592606e60b2e7507ff6a6faf861a</change>
+    </branch>
+    <branch>
+      <name>stable-1.1</name>
+      <tag state="vulnerable">v1.1.1</tag>
+      <tag state="vulnerable">v1.1.2</tag>
+      <change state="vulnerable">7ba1e61953f4592606e60b2e7507ff6a6faf861a</change>
+    </branch>
+    <branch>
+      <name>stable-1.2</name>
+      <tag state="vulnerable">v1.2.1</tag>
+      <tag state="vulnerable">v1.2.2</tag>
+      <change state="vulnerable">7ba1e61953f4592606e60b2e7507ff6a6faf861a</change>
+    </branch>
+    <branch>
+      <name>stable-1.3</name>
+      <tag state="vulnerable">v1.3.1</tag>
+      <change state="vulnerable">7ba1e61953f4592606e60b2e7507ff6a6faf861a</change>
+    </branch>
+    <branch>
+      <name>stable-1.4</name>
+      <tag state="vulnerable">v1.4.1</tag>
+      <tag state="vulnerable">v1.4.2</tag>
+      <change state="vulnerable">7ba1e61953f4592606e60b2e7507ff6a6faf861a</change>
+    </branch>
+    <branch>
+      <name>stable-1.5</name>
+      <tag state="vulnerable">v1.5.1</tag>
+      <tag state="vulnerable">v1.5.2</tag>
+      <tag state="vulnerable">v1.5.3</tag>
+      <change state="vulnerable">7ba1e61953f4592606e60b2e7507ff6a6faf861a</change>
+    </branch>
+    <branch>
+      <name>stable-1.6</name>
+      <tag state="vulnerable">v1.6.1</tag>
+      <tag state="vulnerable">v1.6.2</tag>
+      <change state="vulnerable">7ba1e61953f4592606e60b2e7507ff6a6faf861a</change>
+    </branch>
+    <branch>
+      <name>stable-1.7</name>
+      <tag state="vulnerable">v1.7.1</tag>
+      <tag state="vulnerable">v1.7.2</tag>
+      <change state="vulnerable">7ba1e61953f4592606e60b2e7507ff6a6faf861a</change>
+    </branch>
+    <branch>
+      <name>stable-2.0</name>
+      <tag state="vulnerable">v2.0.1</tag>
+      <tag state="vulnerable">v2.0.2</tag>
+      <change state="vulnerable">7ba1e61953f4592606e60b2e7507ff6a6faf861a</change>
+    </branch>
+    <branch>
+      <name>stable-2.1</name>
+      <tag state="vulnerable">v2.1.1</tag>
+      <tag state="vulnerable">v2.1.2</tag>
+      <tag state="vulnerable">v2.1.3</tag>
+      <change state="vulnerable">7ba1e61953f4592606e60b2e7507ff6a6faf861a</change>
+    </branch>
+    <branch>
+      <name>stable-2.2</name>
+      <tag state="vulnerable">v2.2.1</tag>
+      <change state="vulnerable">7ba1e61953f4592606e60b2e7507ff6a6faf861a</change>
+    </branch>
+    <branch>
+      <name>stable-2.3</name>
+      <tag state="vulnerable">v2.3.1</tag>
+      <change state="vulnerable">7ba1e61953f4592606e60b2e7507ff6a6faf861a</change>
+    </branch>
+    <branch>
+      <name>stable-2.4</name>
+      <tag state="vulnerable">v2.4.0.1</tag>
+      <tag state="vulnerable">v2.4.1</tag>
+      <change state="vulnerable">7ba1e61953f4592606e60b2e7507ff6a6faf861a</change>
+    </branch>
+    <branch>
+      <name>stable-2.5</name>
+      <tag state="vulnerable">v2.5.1</tag>
+      <tag state="vulnerable">v2.5.1.1</tag>
+      <change state="vulnerable">7ba1e61953f4592606e60b2e7507ff6a6faf861a</change>
+    </branch>
+    <branch>
+      <name>stable-2.6</name>
+      <tag state="vulnerable">v2.6.1</tag>
+      <tag state="vulnerable">v2.6.2</tag>
+      <change state="vulnerable">7ba1e61953f4592606e60b2e7507ff6a6faf861a</change>
+    </branch>
+    <branch>
+      <name>stable-2.7</name>
+      <tag state="vulnerable">v2.7.1</tag>
+      <change state="vulnerable">7ba1e61953f4592606e60b2e7507ff6a6faf861a</change>
+    </branch>
+    <branch>
+      <name>stable-2.8</name>
+      <tag state="vulnerable">v2.8.1</tag>
+      <tag state="vulnerable">v2.8.1.1</tag>
+      <change state="vulnerable">7ba1e61953f4592606e60b2e7507ff6a6faf861a</change>
+    </branch>
+    <branch>
+      <name>stable-2.9</name>
+      <tag state="vulnerable">v2.9.1</tag>
+      <change state="vulnerable">7ba1e61953f4592606e60b2e7507ff6a6faf861a</change>
+    </branch>
+    <branch>
+      <name>stable-2.10</name>
+      <tag state="vulnerable">v2.10.1</tag>
+      <tag state="vulnerable">v2.10.2</tag>
+      <change state="vulnerable">7ba1e61953f4592606e60b2e7507ff6a6faf861a</change>
+    </branch>
+    <branch>
+      <name>stable-2.11</name>
+      <tag state="vulnerable">v2.11.1</tag>
+      <tag state="vulnerable">v2.11.2</tag>
+      <change state="vulnerable">7ba1e61953f4592606e60b2e7507ff6a6faf861a</change>
+    </branch>
+    <branch>
+      <name>stable-2.12</name>
+      <tag state="vulnerable">v2.12.1</tag>
+      <change state="vulnerable">7ba1e61953f4592606e60b2e7507ff6a6faf861a</change>
+    </branch>
+  </repository>
+
+</security-notice>
diff --git a/secnotice/2018/002.xml b/secnotice/2018/002.xml
new file mode 100644
index 0000000..6422715
--- /dev/null
+++ b/secnotice/2018/002.xml
@@ -0,0 +1,242 @@
+<security-notice xmlns="http://qemu.org/xmlns/security-notice/1.0">
+  <id>2018-002</id>
+
+  <summary>VGA out of bounds in vga_draw_text</summary>
+
+  <description>
+<![CDATA[Quick Emulator(QEMU) built with the VGA emulator support is vulnerable to an out-of-bounds access issue in vga_draw_text. It could occur while updating vga display area.]]>
+  </description>
+
+  <impact>
+<![CDATA[A privileged user inside guest could use this flaw to crash the Qemu process
+resulting in DoS.]]>
+  </impact>
+
+  <mitigation>
+<![CDATA[Disable graphics adapters if the virtual machines can be operated
+via the serial console]]>
+  </mitigation>
+
+  <credits>
+    <reporter>
+      <name>Jiang Xin</name>
+      <email>jiangxin1@huawei.com</email>
+    </reporter>
+    <patcher>
+      <name>Lin ZheCheng</name>
+      <email>linzhecheng@huawei.com</email>
+    </patcher>
+  </credits>
+
+  <lifecycle>
+    <reported>20171228</reported>
+    <published>20171225</published>
+    <fixed>20180125</fixed>
+  </lifecycle>
+
+  <reference>
+    <advisory type="CVE" id="2018-5683"/>
+  </reference>
+
+  <repository>
+    <branch>
+      <name>master</name>
+      <tag state="fixed">v2.12.0</tag>
+      <change state="fixed">191f59dc17396bb5a8da50f8c59b6e0a430711a4</change>
+      <change state="merged">b3bbe959b5dc3bf07041946455cc8e8d562bfd1f</change>
+      <tag state="vulnerable">v0.4.4</tag>
+      <tag state="vulnerable">v0.5.0</tag>
+      <tag state="vulnerable">v0.5.1</tag>
+      <tag state="vulnerable">v0.6.0</tag>
+      <tag state="vulnerable">v0.6.1</tag>
+      <tag state="vulnerable">v0.7.0</tag>
+      <tag state="vulnerable">v0.7.1</tag>
+      <tag state="vulnerable">v0.8.1</tag>
+      <tag state="vulnerable">v0.8.2</tag>
+      <tag state="vulnerable">v0.9.0</tag>
+      <tag state="vulnerable">v0.9.1</tag>
+      <tag state="vulnerable">v1.0</tag>
+      <tag state="vulnerable">v1.1.0</tag>
+      <tag state="vulnerable">v1.2.0</tag>
+      <tag state="vulnerable">v1.3.0</tag>
+      <tag state="vulnerable">v1.4.0</tag>
+      <tag state="vulnerable">v1.5.0</tag>
+      <tag state="vulnerable">v1.6.0</tag>
+      <tag state="vulnerable">v1.7.0</tag>
+      <tag state="vulnerable">v2.0.0</tag>
+      <tag state="vulnerable">v2.1.0</tag>
+      <tag state="vulnerable">v2.2.0</tag>
+      <tag state="vulnerable">v2.3.0</tag>
+      <tag state="vulnerable">v2.4.0</tag>
+      <tag state="vulnerable">v2.5.0</tag>
+      <tag state="vulnerable">v2.6.0</tag>
+      <tag state="vulnerable">v2.7.0</tag>
+      <tag state="vulnerable">v2.8.0</tag>
+      <tag state="vulnerable">v2.9.0</tag>
+      <tag state="vulnerable">v2.10.0</tag>
+      <tag state="vulnerable">v2.11.0</tag>
+      <change state="vulnerable">e89f66eca974d2a9d5d89271c6041daefdab2105</change>
+    </branch>
+    <branch>
+      <name>stable-0.10</name>
+      <tag state="vulnerable">v0.10.0</tag>
+      <tag state="vulnerable">v0.10.1</tag>
+      <tag state="vulnerable">v0.10.2</tag>
+      <tag state="vulnerable">v0.10.3</tag>
+      <tag state="vulnerable">v0.10.4</tag>
+      <tag state="vulnerable">v0.10.5</tag>
+      <tag state="vulnerable">v0.10.6</tag>
+      <change state="vulnerable">e89f66eca974d2a9d5d89271c6041daefdab2105</change>
+    </branch>
+    <branch>
+      <name>stable-0.11</name>
+      <tag state="vulnerable">v0.11.0</tag>
+      <tag state="vulnerable">v0.11.1</tag>
+      <change state="vulnerable">e89f66eca974d2a9d5d89271c6041daefdab2105</change>
+    </branch>
+    <branch>
+      <name>stable-0.12</name>
+      <tag state="vulnerable">v0.12.0</tag>
+      <tag state="vulnerable">v0.12.1</tag>
+      <tag state="vulnerable">v0.12.2</tag>
+      <tag state="vulnerable">v0.12.3</tag>
+      <tag state="vulnerable">v0.12.4</tag>
+      <tag state="vulnerable">v0.12.5</tag>
+      <change state="vulnerable">e89f66eca974d2a9d5d89271c6041daefdab2105</change>
+    </branch>
+    <branch>
+      <name>stable-0.13</name>
+      <tag state="vulnerable">v0.13.0</tag>
+      <change state="vulnerable">e89f66eca974d2a9d5d89271c6041daefdab2105</change>
+    </branch>
+    <branch>
+      <name>stable-0.14</name>
+      <tag state="vulnerable">v0.14.0</tag>
+      <tag state="vulnerable">v0.14.1</tag>
+      <change state="vulnerable">e89f66eca974d2a9d5d89271c6041daefdab2105</change>
+    </branch>
+    <branch>
+      <name>stable-0.15</name>
+      <tag state="vulnerable">v0.15.0</tag>
+      <tag state="vulnerable">v0.15.1</tag>
+      <change state="vulnerable">e89f66eca974d2a9d5d89271c6041daefdab2105</change>
+    </branch>
+    <branch>
+      <name>stable-1.0</name>
+      <tag state="vulnerable">v1.0.1</tag>
+      <change state="vulnerable">e89f66eca974d2a9d5d89271c6041daefdab2105</change>
+    </branch>
+    <branch>
+      <name>stable-1.1</name>
+      <tag state="vulnerable">v1.1.1</tag>
+      <tag state="vulnerable">v1.1.2</tag>
+      <change state="vulnerable">e89f66eca974d2a9d5d89271c6041daefdab2105</change>
+    </branch>
+    <branch>
+      <name>stable-1.2</name>
+      <tag state="vulnerable">v1.2.1</tag>
+      <tag state="vulnerable">v1.2.2</tag>
+      <change state="vulnerable">e89f66eca974d2a9d5d89271c6041daefdab2105</change>
+    </branch>
+    <branch>
+      <name>stable-1.3</name>
+      <tag state="vulnerable">v1.3.1</tag>
+      <change state="vulnerable">e89f66eca974d2a9d5d89271c6041daefdab2105</change>
+    </branch>
+    <branch>
+      <name>stable-1.4</name>
+      <tag state="vulnerable">v1.4.1</tag>
+      <tag state="vulnerable">v1.4.2</tag>
+      <change state="vulnerable">e89f66eca974d2a9d5d89271c6041daefdab2105</change>
+    </branch>
+    <branch>
+      <name>stable-1.5</name>
+      <tag state="vulnerable">v1.5.1</tag>
+      <tag state="vulnerable">v1.5.2</tag>
+      <tag state="vulnerable">v1.5.3</tag>
+      <change state="vulnerable">e89f66eca974d2a9d5d89271c6041daefdab2105</change>
+    </branch>
+    <branch>
+      <name>stable-1.6</name>
+      <tag state="vulnerable">v1.6.1</tag>
+      <tag state="vulnerable">v1.6.2</tag>
+      <change state="vulnerable">e89f66eca974d2a9d5d89271c6041daefdab2105</change>
+    </branch>
+    <branch>
+      <name>stable-1.7</name>
+      <tag state="vulnerable">v1.7.1</tag>
+      <tag state="vulnerable">v1.7.2</tag>
+      <change state="vulnerable">e89f66eca974d2a9d5d89271c6041daefdab2105</change>
+    </branch>
+    <branch>
+      <name>stable-2.0</name>
+      <tag state="vulnerable">v2.0.1</tag>
+      <tag state="vulnerable">v2.0.2</tag>
+      <change state="vulnerable">e89f66eca974d2a9d5d89271c6041daefdab2105</change>
+    </branch>
+    <branch>
+      <name>stable-2.1</name>
+      <tag state="vulnerable">v2.1.1</tag>
+      <tag state="vulnerable">v2.1.2</tag>
+      <tag state="vulnerable">v2.1.3</tag>
+      <change state="vulnerable">e89f66eca974d2a9d5d89271c6041daefdab2105</change>
+    </branch>
+    <branch>
+      <name>stable-2.2</name>
+      <tag state="vulnerable">v2.2.1</tag>
+      <change state="vulnerable">e89f66eca974d2a9d5d89271c6041daefdab2105</change>
+    </branch>
+    <branch>
+      <name>stable-2.3</name>
+      <tag state="vulnerable">v2.3.1</tag>
+      <change state="vulnerable">e89f66eca974d2a9d5d89271c6041daefdab2105</change>
+    </branch>
+    <branch>
+      <name>stable-2.4</name>
+      <tag state="vulnerable">v2.4.0.1</tag>
+      <tag state="vulnerable">v2.4.1</tag>
+      <change state="vulnerable">e89f66eca974d2a9d5d89271c6041daefdab2105</change>
+    </branch>
+    <branch>
+      <name>stable-2.5</name>
+      <tag state="vulnerable">v2.5.1</tag>
+      <tag state="vulnerable">v2.5.1.1</tag>
+      <change state="vulnerable">e89f66eca974d2a9d5d89271c6041daefdab2105</change>
+    </branch>
+    <branch>
+      <name>stable-2.6</name>
+      <tag state="vulnerable">v2.6.1</tag>
+      <tag state="vulnerable">v2.6.2</tag>
+      <change state="vulnerable">e89f66eca974d2a9d5d89271c6041daefdab2105</change>
+    </branch>
+    <branch>
+      <name>stable-2.7</name>
+      <tag state="vulnerable">v2.7.1</tag>
+      <change state="vulnerable">e89f66eca974d2a9d5d89271c6041daefdab2105</change>
+    </branch>
+    <branch>
+      <name>stable-2.8</name>
+      <tag state="vulnerable">v2.8.1</tag>
+      <tag state="vulnerable">v2.8.1.1</tag>
+      <change state="vulnerable">e89f66eca974d2a9d5d89271c6041daefdab2105</change>
+    </branch>
+    <branch>
+      <name>stable-2.9</name>
+      <tag state="vulnerable">v2.9.1</tag>
+      <change state="vulnerable">e89f66eca974d2a9d5d89271c6041daefdab2105</change>
+    </branch>
+    <branch>
+      <name>stable-2.10</name>
+      <tag state="vulnerable">v2.10.1</tag>
+      <tag state="vulnerable">v2.10.2</tag>
+      <change state="vulnerable">e89f66eca974d2a9d5d89271c6041daefdab2105</change>
+    </branch>
+    <branch>
+      <name>stable-2.11</name>
+      <tag state="vulnerable">v2.11.1</tag>
+      <tag state="vulnerable">v2.11.2</tag>
+      <change state="vulnerable">e89f66eca974d2a9d5d89271c6041daefdab2105</change>
+    </branch>
+  </repository>
+
+</security-notice>
diff --git a/secnotice/2018/003.xml b/secnotice/2018/003.xml
new file mode 100644
index 0000000..9691805
--- /dev/null
+++ b/secnotice/2018/003.xml
@@ -0,0 +1,191 @@
+<security-notice xmlns="http://qemu.org/xmlns/security-notice/1.0">
+  <id>2018-003</id>
+
+  <summary>Multiboot out of bounds loading kernel</summary>
+
+  <description>
+<![CDATA[Quick Emulator(QEMU) built with the PC System Emulator with multiboot feature
+support is vulnerable to an OOB memory access issue. It could occur while
+loading a kernel image during a guest boot if multiboot head addresses
+mh_load_end_addr was greater than mh_bss_end_addr.]]>
+  </description>
+
+  <impact>
+<![CDATA[A user/process could use this flaw to potentially achieve arbitrary code
+execution on a host.]]>
+  </impact>
+
+  <mitigation>
+<![CDATA[Do not use the -kernel argument to QEMU for providing the boot kernel.
+Allow the guest firmware and bootloader (eg grub) to load the boot kernel from
+inside the confined guest execution environment]]>
+  </mitigation>
+
+  <credits>
+    <reporter>
+      <name></name>
+      <email></email>
+    </reporter>
+    <patcher>
+      <name></name>
+      <email></email>
+    </patcher>
+  </credits>
+
+  <lifecycle>
+    <reported>20180221</reported>
+    <published>20180227</published>
+    <fixed>20180328</fixed>
+  </lifecycle>
+
+  <reference>
+    <advisory type="CVE" id="2018-7550"/>
+  </reference>
+
+  <repository>
+    <branch>
+      <name>master</name>
+      <tag state="fixed">v2.12.0</tag>
+      <change state="fixed">2a8fcd119eb7c6bb3837fc3669eb1b2dfb31daf8</change>
+      <change state="merged">854a4436dd313eaeb51c275d00526d60437915d2</change>
+      <tag state="vulnerable">v1.0</tag>
+      <tag state="vulnerable">v1.1.0</tag>
+      <tag state="vulnerable">v1.2.0</tag>
+      <tag state="vulnerable">v1.3.0</tag>
+      <tag state="vulnerable">v1.4.0</tag>
+      <tag state="vulnerable">v1.5.0</tag>
+      <tag state="vulnerable">v1.6.0</tag>
+      <tag state="vulnerable">v1.7.0</tag>
+      <tag state="vulnerable">v2.0.0</tag>
+      <tag state="vulnerable">v2.1.0</tag>
+      <tag state="vulnerable">v2.2.0</tag>
+      <tag state="vulnerable">v2.3.0</tag>
+      <tag state="vulnerable">v2.4.0</tag>
+      <tag state="vulnerable">v2.5.0</tag>
+      <tag state="vulnerable">v2.6.0</tag>
+      <tag state="vulnerable">v2.7.0</tag>
+      <tag state="vulnerable">v2.8.0</tag>
+      <tag state="vulnerable">v2.9.0</tag>
+      <tag state="vulnerable">v2.10.0</tag>
+      <tag state="vulnerable">v2.11.0</tag>
+      <change state="vulnerable">6b8273a1b97876950d91c228a420a851e10e12bb</change>
+    </branch>
+    <branch>
+      <name>stable-1.0</name>
+      <tag state="vulnerable">v1.0.1</tag>
+      <change state="vulnerable">6b8273a1b97876950d91c228a420a851e10e12bb</change>
+    </branch>
+    <branch>
+      <name>stable-1.1</name>
+      <tag state="vulnerable">v1.1.1</tag>
+      <tag state="vulnerable">v1.1.2</tag>
+      <change state="vulnerable">6b8273a1b97876950d91c228a420a851e10e12bb</change>
+    </branch>
+    <branch>
+      <name>stable-1.2</name>
+      <tag state="vulnerable">v1.2.1</tag>
+      <tag state="vulnerable">v1.2.2</tag>
+      <change state="vulnerable">6b8273a1b97876950d91c228a420a851e10e12bb</change>
+    </branch>
+    <branch>
+      <name>stable-1.3</name>
+      <tag state="vulnerable">v1.3.1</tag>
+      <change state="vulnerable">6b8273a1b97876950d91c228a420a851e10e12bb</change>
+    </branch>
+    <branch>
+      <name>stable-1.4</name>
+      <tag state="vulnerable">v1.4.1</tag>
+      <tag state="vulnerable">v1.4.2</tag>
+      <change state="vulnerable">6b8273a1b97876950d91c228a420a851e10e12bb</change>
+    </branch>
+    <branch>
+      <name>stable-1.5</name>
+      <tag state="vulnerable">v1.5.1</tag>
+      <tag state="vulnerable">v1.5.2</tag>
+      <tag state="vulnerable">v1.5.3</tag>
+      <change state="vulnerable">6b8273a1b97876950d91c228a420a851e10e12bb</change>
+    </branch>
+    <branch>
+      <name>stable-1.6</name>
+      <tag state="vulnerable">v1.6.1</tag>
+      <tag state="vulnerable">v1.6.2</tag>
+      <change state="vulnerable">6b8273a1b97876950d91c228a420a851e10e12bb</change>
+    </branch>
+    <branch>
+      <name>stable-1.7</name>
+      <tag state="vulnerable">v1.7.1</tag>
+      <tag state="vulnerable">v1.7.2</tag>
+      <change state="vulnerable">6b8273a1b97876950d91c228a420a851e10e12bb</change>
+    </branch>
+    <branch>
+      <name>stable-2.0</name>
+      <tag state="vulnerable">v2.0.1</tag>
+      <tag state="vulnerable">v2.0.2</tag>
+      <change state="vulnerable">6b8273a1b97876950d91c228a420a851e10e12bb</change>
+    </branch>
+    <branch>
+      <name>stable-2.1</name>
+      <tag state="vulnerable">v2.1.1</tag>
+      <tag state="vulnerable">v2.1.2</tag>
+      <tag state="vulnerable">v2.1.3</tag>
+      <change state="vulnerable">6b8273a1b97876950d91c228a420a851e10e12bb</change>
+    </branch>
+    <branch>
+      <name>stable-2.2</name>
+      <tag state="vulnerable">v2.2.1</tag>
+      <change state="vulnerable">6b8273a1b97876950d91c228a420a851e10e12bb</change>
+    </branch>
+    <branch>
+      <name>stable-2.3</name>
+      <tag state="vulnerable">v2.3.1</tag>
+      <change state="vulnerable">6b8273a1b97876950d91c228a420a851e10e12bb</change>
+    </branch>
+    <branch>
+      <name>stable-2.4</name>
+      <tag state="vulnerable">v2.4.0.1</tag>
+      <tag state="vulnerable">v2.4.1</tag>
+      <change state="vulnerable">6b8273a1b97876950d91c228a420a851e10e12bb</change>
+    </branch>
+    <branch>
+      <name>stable-2.5</name>
+      <tag state="vulnerable">v2.5.1</tag>
+      <tag state="vulnerable">v2.5.1.1</tag>
+      <change state="vulnerable">6b8273a1b97876950d91c228a420a851e10e12bb</change>
+    </branch>
+    <branch>
+      <name>stable-2.6</name>
+      <tag state="vulnerable">v2.6.1</tag>
+      <tag state="vulnerable">v2.6.2</tag>
+      <change state="vulnerable">6b8273a1b97876950d91c228a420a851e10e12bb</change>
+    </branch>
+    <branch>
+      <name>stable-2.7</name>
+      <tag state="vulnerable">v2.7.1</tag>
+      <change state="vulnerable">6b8273a1b97876950d91c228a420a851e10e12bb</change>
+    </branch>
+    <branch>
+      <name>stable-2.8</name>
+      <tag state="vulnerable">v2.8.1</tag>
+      <tag state="vulnerable">v2.8.1.1</tag>
+      <change state="vulnerable">6b8273a1b97876950d91c228a420a851e10e12bb</change>
+    </branch>
+    <branch>
+      <name>stable-2.9</name>
+      <tag state="vulnerable">v2.9.1</tag>
+      <change state="vulnerable">6b8273a1b97876950d91c228a420a851e10e12bb</change>
+    </branch>
+    <branch>
+      <name>stable-2.10</name>
+      <tag state="vulnerable">v2.10.1</tag>
+      <tag state="vulnerable">v2.10.2</tag>
+      <change state="vulnerable">6b8273a1b97876950d91c228a420a851e10e12bb</change>
+    </branch>
+    <branch>
+      <name>stable-2.11</name>
+      <tag state="vulnerable">v2.11.1</tag>
+      <tag state="vulnerable">v2.11.2</tag>
+      <change state="vulnerable">6b8273a1b97876950d91c228a420a851e10e12bb</change>
+    </branch>
+  </repository>
+
+</security-notice>
diff --git a/secnotice/2018/004.xml b/secnotice/2018/004.xml
new file mode 100644
index 0000000..83a43dc
--- /dev/null
+++ b/secnotice/2018/004.xml
@@ -0,0 +1,243 @@
+<security-notice xmlns="http://qemu.org/xmlns/security-notice/1.0">
+  <id>2018-004</id>
+
+  <summary>Cirrus out of bounds access updating VGA display</summary>
+
+  <description>
+<![CDATA[Quick emulator(QEMU) built with the Cirrus CLGD 54xx VGA Emulator support is
+vulnerable to an out-of-bounds access issue. It could occur while updating
+VGA display, after guest has adjusted the display dimensions.]]>
+  </description>
+
+  <impact>
+<![CDATA[A privileged user inside guest could use this flaw to crash the Qemu process
+resulting in DoS.]]>
+  </impact>
+
+  <mitigation>
+<![CDATA[Replace use of the cirrus video adapter with an alternative model]]>
+  </mitigation>
+
+  <credits>
+    <reporter>
+      <name>Ross Lagerwall</name>
+      <email>ross.lagerwall@citrix.com</email>
+    </reporter>
+    <patcher>
+      <name>Gerd Hoffmann</name>
+      <email>kraxel@redhat.com</email>
+    </patcher>
+  </credits>
+
+  <lifecycle>
+    <reported>20180228</reported>
+    <published>20180308</published>
+    <fixed>20180312</fixed>
+  </lifecycle>
+
+  <reference>
+    <advisory type="CVE" id="2018-7858"/>
+  </reference>
+
+  <repository>
+    <branch>
+      <name>master</name>
+      <tag state="fixed">v2.12.0</tag>
+      <change state="fixed">7cdc61becd095b64a786b2625f321624e7111f3d</change>
+      <change state="merged">fb5fff15881ba7a002924b967eb211c002897983</change>
+      <tag state="vulnerable">v0.4.4</tag>
+      <tag state="vulnerable">v0.5.0</tag>
+      <tag state="vulnerable">v0.5.1</tag>
+      <tag state="vulnerable">v0.6.0</tag>
+      <tag state="vulnerable">v0.6.1</tag>
+      <tag state="vulnerable">v0.7.0</tag>
+      <tag state="vulnerable">v0.7.1</tag>
+      <tag state="vulnerable">v0.8.1</tag>
+      <tag state="vulnerable">v0.8.2</tag>
+      <tag state="vulnerable">v0.9.0</tag>
+      <tag state="vulnerable">v0.9.1</tag>
+      <tag state="vulnerable">v1.0</tag>
+      <tag state="vulnerable">v1.1.0</tag>
+      <tag state="vulnerable">v1.2.0</tag>
+      <tag state="vulnerable">v1.3.0</tag>
+      <tag state="vulnerable">v1.4.0</tag>
+      <tag state="vulnerable">v1.5.0</tag>
+      <tag state="vulnerable">v1.6.0</tag>
+      <tag state="vulnerable">v1.7.0</tag>
+      <tag state="vulnerable">v2.0.0</tag>
+      <tag state="vulnerable">v2.1.0</tag>
+      <tag state="vulnerable">v2.2.0</tag>
+      <tag state="vulnerable">v2.3.0</tag>
+      <tag state="vulnerable">v2.4.0</tag>
+      <tag state="vulnerable">v2.5.0</tag>
+      <tag state="vulnerable">v2.6.0</tag>
+      <tag state="vulnerable">v2.7.0</tag>
+      <tag state="vulnerable">v2.8.0</tag>
+      <tag state="vulnerable">v2.9.0</tag>
+      <tag state="vulnerable">v2.10.0</tag>
+      <tag state="vulnerable">v2.11.0</tag>
+      <change state="vulnerable">e89f66eca974d2a9d5d89271c6041daefdab2105</change>
+    </branch>
+    <branch>
+      <name>stable-0.10</name>
+      <tag state="vulnerable">v0.10.0</tag>
+      <tag state="vulnerable">v0.10.1</tag>
+      <tag state="vulnerable">v0.10.2</tag>
+      <tag state="vulnerable">v0.10.3</tag>
+      <tag state="vulnerable">v0.10.4</tag>
+      <tag state="vulnerable">v0.10.5</tag>
+      <tag state="vulnerable">v0.10.6</tag>
+      <change state="vulnerable">e89f66eca974d2a9d5d89271c6041daefdab2105</change>
+    </branch>
+    <branch>
+      <name>stable-0.11</name>
+      <tag state="vulnerable">v0.11.0</tag>
+      <tag state="vulnerable">v0.11.1</tag>
+      <change state="vulnerable">e89f66eca974d2a9d5d89271c6041daefdab2105</change>
+    </branch>
+    <branch>
+      <name>stable-0.12</name>
+      <tag state="vulnerable">v0.12.0</tag>
+      <tag state="vulnerable">v0.12.1</tag>
+      <tag state="vulnerable">v0.12.2</tag>
+      <tag state="vulnerable">v0.12.3</tag>
+      <tag state="vulnerable">v0.12.4</tag>
+      <tag state="vulnerable">v0.12.5</tag>
+      <change state="vulnerable">e89f66eca974d2a9d5d89271c6041daefdab2105</change>
+    </branch>
+    <branch>
+      <name>stable-0.13</name>
+      <tag state="vulnerable">v0.13.0</tag>
+      <change state="vulnerable">e89f66eca974d2a9d5d89271c6041daefdab2105</change>
+    </branch>
+    <branch>
+      <name>stable-0.14</name>
+      <tag state="vulnerable">v0.14.0</tag>
+      <tag state="vulnerable">v0.14.1</tag>
+      <change state="vulnerable">e89f66eca974d2a9d5d89271c6041daefdab2105</change>
+    </branch>
+    <branch>
+      <name>stable-0.15</name>
+      <tag state="vulnerable">v0.15.0</tag>
+      <tag state="vulnerable">v0.15.1</tag>
+      <change state="vulnerable">e89f66eca974d2a9d5d89271c6041daefdab2105</change>
+    </branch>
+    <branch>
+      <name>stable-1.0</name>
+      <tag state="vulnerable">v1.0.1</tag>
+      <change state="vulnerable">e89f66eca974d2a9d5d89271c6041daefdab2105</change>
+    </branch>
+    <branch>
+      <name>stable-1.1</name>
+      <tag state="vulnerable">v1.1.1</tag>
+      <tag state="vulnerable">v1.1.2</tag>
+      <change state="vulnerable">e89f66eca974d2a9d5d89271c6041daefdab2105</change>
+    </branch>
+    <branch>
+      <name>stable-1.2</name>
+      <tag state="vulnerable">v1.2.1</tag>
+      <tag state="vulnerable">v1.2.2</tag>
+      <change state="vulnerable">e89f66eca974d2a9d5d89271c6041daefdab2105</change>
+    </branch>
+    <branch>
+      <name>stable-1.3</name>
+      <tag state="vulnerable">v1.3.1</tag>
+      <change state="vulnerable">e89f66eca974d2a9d5d89271c6041daefdab2105</change>
+    </branch>
+    <branch>
+      <name>stable-1.4</name>
+      <tag state="vulnerable">v1.4.1</tag>
+      <tag state="vulnerable">v1.4.2</tag>
+      <change state="vulnerable">e89f66eca974d2a9d5d89271c6041daefdab2105</change>
+    </branch>
+    <branch>
+      <name>stable-1.5</name>
+      <tag state="vulnerable">v1.5.1</tag>
+      <tag state="vulnerable">v1.5.2</tag>
+      <tag state="vulnerable">v1.5.3</tag>
+      <change state="vulnerable">e89f66eca974d2a9d5d89271c6041daefdab2105</change>
+    </branch>
+    <branch>
+      <name>stable-1.6</name>
+      <tag state="vulnerable">v1.6.1</tag>
+      <tag state="vulnerable">v1.6.2</tag>
+      <change state="vulnerable">e89f66eca974d2a9d5d89271c6041daefdab2105</change>
+    </branch>
+    <branch>
+      <name>stable-1.7</name>
+      <tag state="vulnerable">v1.7.1</tag>
+      <tag state="vulnerable">v1.7.2</tag>
+      <change state="vulnerable">e89f66eca974d2a9d5d89271c6041daefdab2105</change>
+    </branch>
+    <branch>
+      <name>stable-2.0</name>
+      <tag state="vulnerable">v2.0.1</tag>
+      <tag state="vulnerable">v2.0.2</tag>
+      <change state="vulnerable">e89f66eca974d2a9d5d89271c6041daefdab2105</change>
+    </branch>
+    <branch>
+      <name>stable-2.1</name>
+      <tag state="vulnerable">v2.1.1</tag>
+      <tag state="vulnerable">v2.1.2</tag>
+      <tag state="vulnerable">v2.1.3</tag>
+      <change state="vulnerable">e89f66eca974d2a9d5d89271c6041daefdab2105</change>
+    </branch>
+    <branch>
+      <name>stable-2.2</name>
+      <tag state="vulnerable">v2.2.1</tag>
+      <change state="vulnerable">e89f66eca974d2a9d5d89271c6041daefdab2105</change>
+    </branch>
+    <branch>
+      <name>stable-2.3</name>
+      <tag state="vulnerable">v2.3.1</tag>
+      <change state="vulnerable">e89f66eca974d2a9d5d89271c6041daefdab2105</change>
+    </branch>
+    <branch>
+      <name>stable-2.4</name>
+      <tag state="vulnerable">v2.4.0.1</tag>
+      <tag state="vulnerable">v2.4.1</tag>
+      <change state="vulnerable">e89f66eca974d2a9d5d89271c6041daefdab2105</change>
+    </branch>
+    <branch>
+      <name>stable-2.5</name>
+      <tag state="vulnerable">v2.5.1</tag>
+      <tag state="vulnerable">v2.5.1.1</tag>
+      <change state="vulnerable">e89f66eca974d2a9d5d89271c6041daefdab2105</change>
+    </branch>
+    <branch>
+      <name>stable-2.6</name>
+      <tag state="vulnerable">v2.6.1</tag>
+      <tag state="vulnerable">v2.6.2</tag>
+      <change state="vulnerable">e89f66eca974d2a9d5d89271c6041daefdab2105</change>
+    </branch>
+    <branch>
+      <name>stable-2.7</name>
+      <tag state="vulnerable">v2.7.1</tag>
+      <change state="vulnerable">e89f66eca974d2a9d5d89271c6041daefdab2105</change>
+    </branch>
+    <branch>
+      <name>stable-2.8</name>
+      <tag state="vulnerable">v2.8.1</tag>
+      <tag state="vulnerable">v2.8.1.1</tag>
+      <change state="vulnerable">e89f66eca974d2a9d5d89271c6041daefdab2105</change>
+    </branch>
+    <branch>
+      <name>stable-2.9</name>
+      <tag state="vulnerable">v2.9.1</tag>
+      <change state="vulnerable">e89f66eca974d2a9d5d89271c6041daefdab2105</change>
+    </branch>
+    <branch>
+      <name>stable-2.10</name>
+      <tag state="vulnerable">v2.10.1</tag>
+      <tag state="vulnerable">v2.10.2</tag>
+      <change state="vulnerable">e89f66eca974d2a9d5d89271c6041daefdab2105</change>
+    </branch>
+    <branch>
+      <name>stable-2.11</name>
+      <tag state="vulnerable">v2.11.1</tag>
+      <tag state="vulnerable">v2.11.2</tag>
+      <change state="vulnerable">e89f66eca974d2a9d5d89271c6041daefdab2105</change>
+    </branch>
+  </repository>
+
+</security-notice>
diff --git a/secnotice/2018/005.xml b/secnotice/2018/005.xml
new file mode 100644
index 0000000..55a2374
--- /dev/null
+++ b/secnotice/2018/005.xml
@@ -0,0 +1,225 @@
+<security-notice xmlns="http://qemu.org/xmlns/security-notice/1.0">
+  <id>2018-005</id>
+
+  <summary>ne2000 integer overflow in buffer access</summary>
+
+  <description>
+<![CDATA[Qemu emulator built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network.]]>
+  </description>
+
+  <impact>
+<![CDATA[A user inside guest could use this flaw to crash the Qemu process resulting in DoS.]]>
+  </impact>
+
+  <mitigation>
+<![CDATA[Replace use of the NE2000 network adapter with an alternative model]]>
+  </mitigation>
+
+  <credits>
+    <reporter>
+      <name>Daniel Shapira</name>
+      <email>daniel@twistlock.com</email>
+    </reporter>
+    <patcher>
+      <name>Jason Wang</name>
+      <email>jasonwang@redhat.com</email>
+    </patcher>
+  </credits>
+
+  <lifecycle>
+    <reported>20180522</reported>
+    <published>20180926</published>
+    <fixed></fixed>
+  </lifecycle>
+
+  <reference>
+    <advisory type="CVE" id="2018-10839"/>
+  </reference>
+
+  <repository>
+    <branch>
+      <name>master</name>
+      <tag state="fixed"></tag>
+      <change state="fixed">0caf499e2f26ae305a16ae2c4e7a2f295ddf64d1</change>
+      <change state="merged"></change>
+      <tag state="vulnerable">v1.0</tag>
+      <tag state="vulnerable">v1.1.0</tag>
+      <tag state="vulnerable">v1.2.0</tag>
+      <tag state="vulnerable">v1.3.0</tag>
+      <tag state="vulnerable">v1.4.0</tag>
+      <tag state="vulnerable">v1.5.0</tag>
+      <tag state="vulnerable">v1.6.0</tag>
+      <tag state="vulnerable">v1.7.0</tag>
+      <tag state="vulnerable">v2.0.0</tag>
+      <tag state="vulnerable">v2.1.0</tag>
+      <tag state="vulnerable">v2.2.0</tag>
+      <tag state="vulnerable">v2.3.0</tag>
+      <tag state="vulnerable">v2.4.0</tag>
+      <tag state="vulnerable">v2.5.0</tag>
+      <tag state="vulnerable">v2.6.0</tag>
+      <tag state="vulnerable">v2.7.0</tag>
+      <tag state="vulnerable">v2.8.0</tag>
+      <tag state="vulnerable">v2.9.0</tag>
+      <tag state="vulnerable">v2.10.0</tag>
+      <tag state="vulnerable">v2.11.0</tag>
+      <tag state="vulnerable">v2.12.0</tag>
+      <tag state="vulnerable">v3.0.0</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-0.11</name>
+      <tag state="vulnerable">v0.11.0</tag>
+      <tag state="vulnerable">v0.11.1</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-0.12</name>
+      <tag state="vulnerable">v0.12.0</tag>
+      <tag state="vulnerable">v0.12.1</tag>
+      <tag state="vulnerable">v0.12.2</tag>
+      <tag state="vulnerable">v0.12.3</tag>
+      <tag state="vulnerable">v0.12.4</tag>
+      <tag state="vulnerable">v0.12.5</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-0.13</name>
+      <tag state="vulnerable">v0.13.0</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-0.14</name>
+      <tag state="vulnerable">v0.14.0</tag>
+      <tag state="vulnerable">v0.14.1</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-0.15</name>
+      <tag state="vulnerable">v0.15.0</tag>
+      <tag state="vulnerable">v0.15.1</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-1.0</name>
+      <tag state="vulnerable">v1.0.1</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-1.1</name>
+      <tag state="vulnerable">v1.1.1</tag>
+      <tag state="vulnerable">v1.1.2</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-1.2</name>
+      <tag state="vulnerable">v1.2.1</tag>
+      <tag state="vulnerable">v1.2.2</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-1.3</name>
+      <tag state="vulnerable">v1.3.1</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-1.4</name>
+      <tag state="vulnerable">v1.4.1</tag>
+      <tag state="vulnerable">v1.4.2</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-1.5</name>
+      <tag state="vulnerable">v1.5.1</tag>
+      <tag state="vulnerable">v1.5.2</tag>
+      <tag state="vulnerable">v1.5.3</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-1.6</name>
+      <tag state="vulnerable">v1.6.1</tag>
+      <tag state="vulnerable">v1.6.2</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-1.7</name>
+      <tag state="vulnerable">v1.7.1</tag>
+      <tag state="vulnerable">v1.7.2</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-2.0</name>
+      <tag state="vulnerable">v2.0.1</tag>
+      <tag state="vulnerable">v2.0.2</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-2.1</name>
+      <tag state="vulnerable">v2.1.1</tag>
+      <tag state="vulnerable">v2.1.2</tag>
+      <tag state="vulnerable">v2.1.3</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-2.2</name>
+      <tag state="vulnerable">v2.2.1</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-2.3</name>
+      <tag state="vulnerable">v2.3.1</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-2.4</name>
+      <tag state="vulnerable">v2.4.0.1</tag>
+      <tag state="vulnerable">v2.4.1</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-2.5</name>
+      <tag state="vulnerable">v2.5.1</tag>
+      <tag state="vulnerable">v2.5.1.1</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-2.6</name>
+      <tag state="vulnerable">v2.6.1</tag>
+      <tag state="vulnerable">v2.6.2</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-2.7</name>
+      <tag state="vulnerable">v2.7.1</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-2.8</name>
+      <tag state="vulnerable">v2.8.1</tag>
+      <tag state="vulnerable">v2.8.1.1</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-2.9</name>
+      <tag state="vulnerable">v2.9.1</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-2.10</name>
+      <tag state="vulnerable">v2.10.1</tag>
+      <tag state="vulnerable">v2.10.2</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-2.11</name>
+      <tag state="vulnerable">v2.11.1</tag>
+      <tag state="vulnerable">v2.11.2</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-2.12</name>
+      <tag state="vulnerable">v2.12.1</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+  </repository>
+
+</security-notice>
diff --git a/secnotice/2018/006.xml b/secnotice/2018/006.xml
new file mode 100644
index 0000000..7a7908c
--- /dev/null
+++ b/secnotice/2018/006.xml
@@ -0,0 +1,247 @@
+<security-notice xmlns="http://qemu.org/xmlns/security-notice/1.0">
+  <id>2018-006</id>
+
+  <summary>slirp buffer overflow assembling fragmented datastream</summary>
+
+  <description>
+<![CDATA[A heap buffer overflow issue was found in the way Slirp networking back-end
+in QEMU processes fragmented packets. It could occur while reassembling the
+fragmented datagrams of an incoming packet.]]>
+  </description>
+
+  <impact>
+<![CDATA[A privileged user/process inside guest could use this flaw to crash the QEMU
+process resulting in DoS OR potentially leverage it to execute arbitrary code
+on the host with privileges of the QEMU process.]]>
+  </impact>
+
+  <mitigation>
+<![CDATA[Replace use of the "user" network backend with an alternative choice]]>
+  </mitigation>
+
+  <credits>
+    <reporter>
+      <name>ZDI Disclosures</name>
+      <email>zdi-disclosures@trendmicro.com</email>
+    </reporter>
+    <patcher>
+      <name>Prasad J Pandit</name>
+      <email>pjp@fedoraproject.org</email>
+    </patcher>
+  </credits>
+
+  <lifecycle>
+    <reported>20180427</reported>
+    <published>20180605</published>
+    <fixed>20180608</fixed>
+  </lifecycle>
+
+  <reference>
+    <advisory type="CVE" id="2018-11806"/>
+  </reference>
+
+  <repository>
+    <branch>
+      <name>master</name>
+      <tag state="fixed">v3.0.0</tag>
+      <change state="fixed">864036e251f54c99d31df124aad7f34f01f5344c</change>
+      <change state="merged">bac5ba3dc5da706f52c149fa6c0bd1dc96899bec</change>
+      <tag state="vulnerable">v0.6.0</tag>
+      <tag state="vulnerable">v0.6.1</tag>
+      <tag state="vulnerable">v0.7.0</tag>
+      <tag state="vulnerable">v0.7.1</tag>
+      <tag state="vulnerable">v0.8.1</tag>
+      <tag state="vulnerable">v0.8.2</tag>
+      <tag state="vulnerable">v0.9.0</tag>
+      <tag state="vulnerable">v0.9.1</tag>
+      <tag state="vulnerable">v1.0</tag>
+      <tag state="vulnerable">v1.1.0</tag>
+      <tag state="vulnerable">v1.2.0</tag>
+      <tag state="vulnerable">v1.3.0</tag>
+      <tag state="vulnerable">v1.4.0</tag>
+      <tag state="vulnerable">v1.5.0</tag>
+      <tag state="vulnerable">v1.6.0</tag>
+      <tag state="vulnerable">v1.7.0</tag>
+      <tag state="vulnerable">v2.0.0</tag>
+      <tag state="vulnerable">v2.1.0</tag>
+      <tag state="vulnerable">v2.2.0</tag>
+      <tag state="vulnerable">v2.3.0</tag>
+      <tag state="vulnerable">v2.4.0</tag>
+      <tag state="vulnerable">v2.5.0</tag>
+      <tag state="vulnerable">v2.6.0</tag>
+      <tag state="vulnerable">v2.7.0</tag>
+      <tag state="vulnerable">v2.8.0</tag>
+      <tag state="vulnerable">v2.9.0</tag>
+      <tag state="vulnerable">v2.10.0</tag>
+      <tag state="vulnerable">v2.11.0</tag>
+      <tag state="vulnerable">v2.12.0</tag>
+      <change state="vulnerable">f0cbd3ec9f4a3de1a9ef94deda09704543889f44</change>
+    </branch>
+    <branch>
+      <name>stable-0.10</name>
+      <tag state="vulnerable">v0.10.0</tag>
+      <tag state="vulnerable">v0.10.1</tag>
+      <tag state="vulnerable">v0.10.2</tag>
+      <tag state="vulnerable">v0.10.3</tag>
+      <tag state="vulnerable">v0.10.4</tag>
+      <tag state="vulnerable">v0.10.5</tag>
+      <tag state="vulnerable">v0.10.6</tag>
+      <change state="vulnerable">f0cbd3ec9f4a3de1a9ef94deda09704543889f44</change>
+    </branch>
+    <branch>
+      <name>stable-0.11</name>
+      <tag state="vulnerable">v0.11.0</tag>
+      <tag state="vulnerable">v0.11.1</tag>
+      <change state="vulnerable">f0cbd3ec9f4a3de1a9ef94deda09704543889f44</change>
+    </branch>
+    <branch>
+      <name>stable-0.12</name>
+      <tag state="vulnerable">v0.12.0</tag>
+      <tag state="vulnerable">v0.12.1</tag>
+      <tag state="vulnerable">v0.12.2</tag>
+      <tag state="vulnerable">v0.12.3</tag>
+      <tag state="vulnerable">v0.12.4</tag>
+      <tag state="vulnerable">v0.12.5</tag>
+      <change state="vulnerable">f0cbd3ec9f4a3de1a9ef94deda09704543889f44</change>
+    </branch>
+    <branch>
+      <name>stable-0.13</name>
+      <tag state="vulnerable">v0.13.0</tag>
+      <change state="vulnerable">f0cbd3ec9f4a3de1a9ef94deda09704543889f44</change>
+    </branch>
+    <branch>
+      <name>stable-0.14</name>
+      <tag state="vulnerable">v0.14.0</tag>
+      <tag state="vulnerable">v0.14.1</tag>
+      <change state="vulnerable">f0cbd3ec9f4a3de1a9ef94deda09704543889f44</change>
+    </branch>
+    <branch>
+      <name>stable-0.15</name>
+      <tag state="vulnerable">v0.15.0</tag>
+      <tag state="vulnerable">v0.15.1</tag>
+      <change state="vulnerable">f0cbd3ec9f4a3de1a9ef94deda09704543889f44</change>
+    </branch>
+    <branch>
+      <name>stable-1.0</name>
+      <tag state="vulnerable">v1.0.1</tag>
+      <change state="vulnerable">f0cbd3ec9f4a3de1a9ef94deda09704543889f44</change>
+    </branch>
+    <branch>
+      <name>stable-1.1</name>
+      <tag state="vulnerable">v1.1.1</tag>
+      <tag state="vulnerable">v1.1.2</tag>
+      <change state="vulnerable">f0cbd3ec9f4a3de1a9ef94deda09704543889f44</change>
+    </branch>
+    <branch>
+      <name>stable-1.2</name>
+      <tag state="vulnerable">v1.2.1</tag>
+      <tag state="vulnerable">v1.2.2</tag>
+      <change state="vulnerable">f0cbd3ec9f4a3de1a9ef94deda09704543889f44</change>
+    </branch>
+    <branch>
+      <name>stable-1.3</name>
+      <tag state="vulnerable">v1.3.1</tag>
+      <change state="vulnerable">f0cbd3ec9f4a3de1a9ef94deda09704543889f44</change>
+    </branch>
+    <branch>
+      <name>stable-1.4</name>
+      <tag state="vulnerable">v1.4.1</tag>
+      <tag state="vulnerable">v1.4.2</tag>
+      <change state="vulnerable">f0cbd3ec9f4a3de1a9ef94deda09704543889f44</change>
+    </branch>
+    <branch>
+      <name>stable-1.5</name>
+      <tag state="vulnerable">v1.5.1</tag>
+      <tag state="vulnerable">v1.5.2</tag>
+      <tag state="vulnerable">v1.5.3</tag>
+      <change state="vulnerable">f0cbd3ec9f4a3de1a9ef94deda09704543889f44</change>
+    </branch>
+    <branch>
+      <name>stable-1.6</name>
+      <tag state="vulnerable">v1.6.1</tag>
+      <tag state="vulnerable">v1.6.2</tag>
+      <change state="vulnerable">f0cbd3ec9f4a3de1a9ef94deda09704543889f44</change>
+    </branch>
+    <branch>
+      <name>stable-1.7</name>
+      <tag state="vulnerable">v1.7.1</tag>
+      <tag state="vulnerable">v1.7.2</tag>
+      <change state="vulnerable">f0cbd3ec9f4a3de1a9ef94deda09704543889f44</change>
+    </branch>
+    <branch>
+      <name>stable-2.0</name>
+      <tag state="vulnerable">v2.0.1</tag>
+      <tag state="vulnerable">v2.0.2</tag>
+      <change state="vulnerable">f0cbd3ec9f4a3de1a9ef94deda09704543889f44</change>
+    </branch>
+    <branch>
+      <name>stable-2.1</name>
+      <tag state="vulnerable">v2.1.1</tag>
+      <tag state="vulnerable">v2.1.2</tag>
+      <tag state="vulnerable">v2.1.3</tag>
+      <change state="vulnerable">f0cbd3ec9f4a3de1a9ef94deda09704543889f44</change>
+    </branch>
+    <branch>
+      <name>stable-2.2</name>
+      <tag state="vulnerable">v2.2.1</tag>
+      <change state="vulnerable">f0cbd3ec9f4a3de1a9ef94deda09704543889f44</change>
+    </branch>
+    <branch>
+      <name>stable-2.3</name>
+      <tag state="vulnerable">v2.3.1</tag>
+      <change state="vulnerable">f0cbd3ec9f4a3de1a9ef94deda09704543889f44</change>
+    </branch>
+    <branch>
+      <name>stable-2.4</name>
+      <tag state="vulnerable">v2.4.0.1</tag>
+      <tag state="vulnerable">v2.4.1</tag>
+      <change state="vulnerable">f0cbd3ec9f4a3de1a9ef94deda09704543889f44</change>
+    </branch>
+    <branch>
+      <name>stable-2.5</name>
+      <tag state="vulnerable">v2.5.1</tag>
+      <tag state="vulnerable">v2.5.1.1</tag>
+      <change state="vulnerable">f0cbd3ec9f4a3de1a9ef94deda09704543889f44</change>
+    </branch>
+    <branch>
+      <name>stable-2.6</name>
+      <tag state="vulnerable">v2.6.1</tag>
+      <tag state="vulnerable">v2.6.2</tag>
+      <change state="vulnerable">f0cbd3ec9f4a3de1a9ef94deda09704543889f44</change>
+    </branch>
+    <branch>
+      <name>stable-2.7</name>
+      <tag state="vulnerable">v2.7.1</tag>
+      <change state="vulnerable">f0cbd3ec9f4a3de1a9ef94deda09704543889f44</change>
+    </branch>
+    <branch>
+      <name>stable-2.8</name>
+      <tag state="vulnerable">v2.8.1</tag>
+      <tag state="vulnerable">v2.8.1.1</tag>
+      <change state="vulnerable">f0cbd3ec9f4a3de1a9ef94deda09704543889f44</change>
+    </branch>
+    <branch>
+      <name>stable-2.9</name>
+      <tag state="vulnerable">v2.9.1</tag>
+      <change state="vulnerable">f0cbd3ec9f4a3de1a9ef94deda09704543889f44</change>
+    </branch>
+    <branch>
+      <name>stable-2.10</name>
+      <tag state="vulnerable">v2.10.1</tag>
+      <tag state="vulnerable">v2.10.2</tag>
+      <change state="vulnerable">f0cbd3ec9f4a3de1a9ef94deda09704543889f44</change>
+    </branch>
+    <branch>
+      <name>stable-2.11</name>
+      <tag state="vulnerable">v2.11.1</tag>
+      <tag state="vulnerable">v2.11.2</tag>
+      <change state="vulnerable">f0cbd3ec9f4a3de1a9ef94deda09704543889f44</change>
+    </branch>
+    <branch>
+      <name>stable-2.12</name>
+      <tag state="vulnerable">v2.12.1</tag>
+      <change state="vulnerable">f0cbd3ec9f4a3de1a9ef94deda09704543889f44</change>
+    </branch>
+  </repository>
+
+</security-notice>
diff --git a/secnotice/2018/007.xml b/secnotice/2018/007.xml
new file mode 100644
index 0000000..4de353b
--- /dev/null
+++ b/secnotice/2018/007.xml
@@ -0,0 +1,201 @@
+<security-notice xmlns="http://qemu.org/xmlns/security-notice/1.0">
+  <id>2018-007</id>
+
+  <summary>qemu-guest-agent integer overflow reading guest file</summary>
+
+  <description>
+<![CDATA[The QEMU Guest Agent in QEMU is vulnerable to an integer overflow in the 
+qmp_guest_file_read(). An attacker could exploit this by sending a crafted QMP 
+command (including guest-file-read with a large count value) to the agent via 
+the listening socket to trigger a g_malloc() call with a large memory chunk 
+resulting in a segmentation fault.]]>
+  </description>
+
+  <impact>
+<![CDATA[A user could use this flaw to crash the QEMU guest agent process resulting in DoS.]]>
+  </impact>
+
+  <mitigation>
+<![CDATA[Disable the QEMU guest agent or blacklist the guest-file-read command]]>
+  </mitigation>
+
+  <credits>
+    <reporter>
+      <name>Fakhri Zulkifli</name>
+      <email>mohdfakhrizulkifli@gmail.com</email>
+    </reporter>
+    <patcher>
+      <name>Prasad J Pandit</name>
+      <email>pjp@fedoraproject.org</email>
+    </patcher>
+  </credits>
+
+  <lifecycle>
+    <reported>20180622</reported>
+    <published>20180622</published>
+    <fixed>20180705</fixed>
+  </lifecycle>
+
+  <reference>
+    <advisory type="CVE" id="2018-12617"/>
+  </reference>
+
+  <repository>
+    <branch>
+      <name>master</name>
+      <tag state="fixed">v3.0.0</tag>
+      <change state="fixed">141b197408ab398c4f474ac1a728ab316e921f2b</change>
+      <change state="merged">8beb8cc64da2868acec270e4becb9fea8f9093dc</change>
+      <tag state="vulnerable">v1.0</tag>
+      <tag state="vulnerable">v1.1.0</tag>
+      <tag state="vulnerable">v1.2.0</tag>
+      <tag state="vulnerable">v1.3.0</tag>
+      <tag state="vulnerable">v1.4.0</tag>
+      <tag state="vulnerable">v1.5.0</tag>
+      <tag state="vulnerable">v1.6.0</tag>
+      <tag state="vulnerable">v1.7.0</tag>
+      <tag state="vulnerable">v2.0.0</tag>
+      <tag state="vulnerable">v2.1.0</tag>
+      <tag state="vulnerable">v2.2.0</tag>
+      <tag state="vulnerable">v2.3.0</tag>
+      <tag state="vulnerable">v2.4.0</tag>
+      <tag state="vulnerable">v2.5.0</tag>
+      <tag state="vulnerable">v2.6.0</tag>
+      <tag state="vulnerable">v2.7.0</tag>
+      <tag state="vulnerable">v2.8.0</tag>
+      <tag state="vulnerable">v2.9.0</tag>
+      <tag state="vulnerable">v2.10.0</tag>
+      <tag state="vulnerable">v2.11.0</tag>
+      <tag state="vulnerable">v2.12.0</tag>
+      <change state="vulnerable">e3d4d25206a13ca48936e4357a53591997ce6d57</change>
+    </branch>
+    <branch>
+      <name>stable-0.15</name>
+      <tag state="vulnerable">v0.15.0</tag>
+      <tag state="vulnerable">v0.15.1</tag>
+      <change state="vulnerable">e3d4d25206a13ca48936e4357a53591997ce6d57</change>
+    </branch>
+    <branch>
+      <name>stable-1.0</name>
+      <tag state="vulnerable">v1.0.1</tag>
+      <change state="vulnerable">e3d4d25206a13ca48936e4357a53591997ce6d57</change>
+    </branch>
+    <branch>
+      <name>stable-1.1</name>
+      <tag state="vulnerable">v1.1.1</tag>
+      <tag state="vulnerable">v1.1.2</tag>
+      <change state="vulnerable">e3d4d25206a13ca48936e4357a53591997ce6d57</change>
+    </branch>
+    <branch>
+      <name>stable-1.2</name>
+      <tag state="vulnerable">v1.2.1</tag>
+      <tag state="vulnerable">v1.2.2</tag>
+      <change state="vulnerable">e3d4d25206a13ca48936e4357a53591997ce6d57</change>
+    </branch>
+    <branch>
+      <name>stable-1.3</name>
+      <tag state="vulnerable">v1.3.1</tag>
+      <change state="vulnerable">e3d4d25206a13ca48936e4357a53591997ce6d57</change>
+    </branch>
+    <branch>
+      <name>stable-1.4</name>
+      <tag state="vulnerable">v1.4.1</tag>
+      <tag state="vulnerable">v1.4.2</tag>
+      <change state="vulnerable">e3d4d25206a13ca48936e4357a53591997ce6d57</change>
+    </branch>
+    <branch>
+      <name>stable-1.5</name>
+      <tag state="vulnerable">v1.5.1</tag>
+      <tag state="vulnerable">v1.5.2</tag>
+      <tag state="vulnerable">v1.5.3</tag>
+      <change state="vulnerable">e3d4d25206a13ca48936e4357a53591997ce6d57</change>
+    </branch>
+    <branch>
+      <name>stable-1.6</name>
+      <tag state="vulnerable">v1.6.1</tag>
+      <tag state="vulnerable">v1.6.2</tag>
+      <change state="vulnerable">e3d4d25206a13ca48936e4357a53591997ce6d57</change>
+    </branch>
+    <branch>
+      <name>stable-1.7</name>
+      <tag state="vulnerable">v1.7.1</tag>
+      <tag state="vulnerable">v1.7.2</tag>
+      <change state="vulnerable">e3d4d25206a13ca48936e4357a53591997ce6d57</change>
+    </branch>
+    <branch>
+      <name>stable-2.0</name>
+      <tag state="vulnerable">v2.0.1</tag>
+      <tag state="vulnerable">v2.0.2</tag>
+      <change state="vulnerable">e3d4d25206a13ca48936e4357a53591997ce6d57</change>
+    </branch>
+    <branch>
+      <name>stable-2.1</name>
+      <tag state="vulnerable">v2.1.1</tag>
+      <tag state="vulnerable">v2.1.2</tag>
+      <tag state="vulnerable">v2.1.3</tag>
+      <change state="vulnerable">e3d4d25206a13ca48936e4357a53591997ce6d57</change>
+    </branch>
+    <branch>
+      <name>stable-2.2</name>
+      <tag state="vulnerable">v2.2.1</tag>
+      <change state="vulnerable">e3d4d25206a13ca48936e4357a53591997ce6d57</change>
+    </branch>
+    <branch>
+      <name>stable-2.3</name>
+      <tag state="vulnerable">v2.3.1</tag>
+      <change state="vulnerable">e3d4d25206a13ca48936e4357a53591997ce6d57</change>
+    </branch>
+    <branch>
+      <name>stable-2.4</name>
+      <tag state="vulnerable">v2.4.0.1</tag>
+      <tag state="vulnerable">v2.4.1</tag>
+      <change state="vulnerable">e3d4d25206a13ca48936e4357a53591997ce6d57</change>
+    </branch>
+    <branch>
+      <name>stable-2.5</name>
+      <tag state="vulnerable">v2.5.1</tag>
+      <tag state="vulnerable">v2.5.1.1</tag>
+      <change state="vulnerable">e3d4d25206a13ca48936e4357a53591997ce6d57</change>
+    </branch>
+    <branch>
+      <name>stable-2.6</name>
+      <tag state="vulnerable">v2.6.1</tag>
+      <tag state="vulnerable">v2.6.2</tag>
+      <change state="vulnerable">e3d4d25206a13ca48936e4357a53591997ce6d57</change>
+    </branch>
+    <branch>
+      <name>stable-2.7</name>
+      <tag state="vulnerable">v2.7.1</tag>
+      <change state="vulnerable">e3d4d25206a13ca48936e4357a53591997ce6d57</change>
+    </branch>
+    <branch>
+      <name>stable-2.8</name>
+      <tag state="vulnerable">v2.8.1</tag>
+      <tag state="vulnerable">v2.8.1.1</tag>
+      <change state="vulnerable">e3d4d25206a13ca48936e4357a53591997ce6d57</change>
+    </branch>
+    <branch>
+      <name>stable-2.9</name>
+      <tag state="vulnerable">v2.9.1</tag>
+      <change state="vulnerable">e3d4d25206a13ca48936e4357a53591997ce6d57</change>
+    </branch>
+    <branch>
+      <name>stable-2.10</name>
+      <tag state="vulnerable">v2.10.1</tag>
+      <tag state="vulnerable">v2.10.2</tag>
+      <change state="vulnerable">e3d4d25206a13ca48936e4357a53591997ce6d57</change>
+    </branch>
+    <branch>
+      <name>stable-2.11</name>
+      <tag state="vulnerable">v2.11.1</tag>
+      <tag state="vulnerable">v2.11.2</tag>
+      <change state="vulnerable">e3d4d25206a13ca48936e4357a53591997ce6d57</change>
+    </branch>
+    <branch>
+      <name>stable-2.12</name>
+      <tag state="vulnerable">v2.12.1</tag>
+      <change state="vulnerable">e3d4d25206a13ca48936e4357a53591997ce6d57</change>
+    </branch>
+  </repository>
+
+</security-notice>
diff --git a/secnotice/2018/008.xml b/secnotice/2018/008.xml
new file mode 100644
index 0000000..5cf8d5a
--- /dev/null
+++ b/secnotice/2018/008.xml
@@ -0,0 +1,225 @@
+<security-notice xmlns="http://qemu.org/xmlns/security-notice/1.0">
+  <id>2018-008</id>
+
+  <summary>rtl8139 integer overflow accessing buffer</summary>
+
+  <description>
+<![CDATA[Qemu emulator built with the RTL8139 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network.]]>
+  </description>
+
+  <impact>
+<![CDATA[A user inside guest could use this flaw to crash the Qemu process resulting in DoS.]]>
+  </impact>
+
+  <mitigation>
+<![CDATA[Replace use of the RTL8139 network adapter with an alternative model]]>
+  </mitigation>
+
+  <credits>
+    <reporter>
+      <name>Daniel Shapira</name>
+      <email>daniel@twistlock.com</email>
+    </reporter>
+    <patcher>
+      <name>Jason Wang</name>
+      <email>jasonwang@redhat.com</email>
+    </patcher>
+  </credits>
+
+  <lifecycle>
+    <reported>20180521</reported>
+    <published>20180926</published>
+    <fixed></fixed>
+  </lifecycle>
+
+  <reference>
+    <advisory type="CVE" id="2018-17958"/>
+  </reference>
+
+  <repository>
+    <branch>
+      <name>master</name>
+      <tag state="fixed"></tag>
+      <change state="fixed">784b912f722bc86126b290c00de72c1bc8d34950</change>
+      <change state="merged"></change>
+      <tag state="vulnerable">v1.0</tag>
+      <tag state="vulnerable">v1.1.0</tag>
+      <tag state="vulnerable">v1.2.0</tag>
+      <tag state="vulnerable">v1.3.0</tag>
+      <tag state="vulnerable">v1.4.0</tag>
+      <tag state="vulnerable">v1.5.0</tag>
+      <tag state="vulnerable">v1.6.0</tag>
+      <tag state="vulnerable">v1.7.0</tag>
+      <tag state="vulnerable">v2.0.0</tag>
+      <tag state="vulnerable">v2.1.0</tag>
+      <tag state="vulnerable">v2.2.0</tag>
+      <tag state="vulnerable">v2.3.0</tag>
+      <tag state="vulnerable">v2.4.0</tag>
+      <tag state="vulnerable">v2.5.0</tag>
+      <tag state="vulnerable">v2.6.0</tag>
+      <tag state="vulnerable">v2.7.0</tag>
+      <tag state="vulnerable">v2.8.0</tag>
+      <tag state="vulnerable">v2.9.0</tag>
+      <tag state="vulnerable">v2.10.0</tag>
+      <tag state="vulnerable">v2.11.0</tag>
+      <tag state="vulnerable">v2.12.0</tag>
+      <tag state="vulnerable">v3.0.0</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-0.11</name>
+      <tag state="vulnerable">v0.11.0</tag>
+      <tag state="vulnerable">v0.11.1</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-0.12</name>
+      <tag state="vulnerable">v0.12.0</tag>
+      <tag state="vulnerable">v0.12.1</tag>
+      <tag state="vulnerable">v0.12.2</tag>
+      <tag state="vulnerable">v0.12.3</tag>
+      <tag state="vulnerable">v0.12.4</tag>
+      <tag state="vulnerable">v0.12.5</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-0.13</name>
+      <tag state="vulnerable">v0.13.0</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-0.14</name>
+      <tag state="vulnerable">v0.14.0</tag>
+      <tag state="vulnerable">v0.14.1</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-0.15</name>
+      <tag state="vulnerable">v0.15.0</tag>
+      <tag state="vulnerable">v0.15.1</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-1.0</name>
+      <tag state="vulnerable">v1.0.1</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-1.1</name>
+      <tag state="vulnerable">v1.1.1</tag>
+      <tag state="vulnerable">v1.1.2</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-1.2</name>
+      <tag state="vulnerable">v1.2.1</tag>
+      <tag state="vulnerable">v1.2.2</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-1.3</name>
+      <tag state="vulnerable">v1.3.1</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-1.4</name>
+      <tag state="vulnerable">v1.4.1</tag>
+      <tag state="vulnerable">v1.4.2</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-1.5</name>
+      <tag state="vulnerable">v1.5.1</tag>
+      <tag state="vulnerable">v1.5.2</tag>
+      <tag state="vulnerable">v1.5.3</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-1.6</name>
+      <tag state="vulnerable">v1.6.1</tag>
+      <tag state="vulnerable">v1.6.2</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-1.7</name>
+      <tag state="vulnerable">v1.7.1</tag>
+      <tag state="vulnerable">v1.7.2</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-2.0</name>
+      <tag state="vulnerable">v2.0.1</tag>
+      <tag state="vulnerable">v2.0.2</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-2.1</name>
+      <tag state="vulnerable">v2.1.1</tag>
+      <tag state="vulnerable">v2.1.2</tag>
+      <tag state="vulnerable">v2.1.3</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-2.2</name>
+      <tag state="vulnerable">v2.2.1</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-2.3</name>
+      <tag state="vulnerable">v2.3.1</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-2.4</name>
+      <tag state="vulnerable">v2.4.0.1</tag>
+      <tag state="vulnerable">v2.4.1</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-2.5</name>
+      <tag state="vulnerable">v2.5.1</tag>
+      <tag state="vulnerable">v2.5.1.1</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-2.6</name>
+      <tag state="vulnerable">v2.6.1</tag>
+      <tag state="vulnerable">v2.6.2</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-2.7</name>
+      <tag state="vulnerable">v2.7.1</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-2.8</name>
+      <tag state="vulnerable">v2.8.1</tag>
+      <tag state="vulnerable">v2.8.1.1</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-2.9</name>
+      <tag state="vulnerable">v2.9.1</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-2.10</name>
+      <tag state="vulnerable">v2.10.1</tag>
+      <tag state="vulnerable">v2.10.2</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-2.11</name>
+      <tag state="vulnerable">v2.11.1</tag>
+      <tag state="vulnerable">v2.11.2</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-2.12</name>
+      <tag state="vulnerable">v2.12.1</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+  </repository>
+
+</security-notice>
diff --git a/secnotice/2018/009.xml b/secnotice/2018/009.xml
new file mode 100644
index 0000000..6ad782f
--- /dev/null
+++ b/secnotice/2018/009.xml
@@ -0,0 +1,225 @@
+<security-notice xmlns="http://qemu.org/xmlns/security-notice/1.0">
+  <id>2018-009</id>
+
+  <summary>pcnet integer overflow accessing buffer</summary>
+
+  <description>
+<![CDATA[Qemu emulator built with the AMD PC-Net II (Am79C970A) emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network.]]>
+  </description>
+
+  <impact>
+<![CDATA[A user inside guest could use this flaw to crash the Qemu process resulting in DoS.]]>
+  </impact>
+
+  <mitigation>
+<![CDATA[Replace use of the AMD PC-Net II network adapter with an alternative model]]>
+  </mitigation>
+
+  <credits>
+    <reporter>
+      <name>Daniel Shapira</name>
+      <email>daniel@twistlock.com</email>
+    </reporter>
+    <patcher>
+      <name>Jason Wang</name>
+      <email>jasonwang@redhat.com</email>
+    </patcher>
+  </credits>
+
+  <lifecycle>
+    <reported>20180521</reported>
+    <published>20180926</published>
+    <fixed></fixed>
+  </lifecycle>
+
+  <reference>
+    <advisory type="CVE" id="2018-17962"/>
+  </reference>
+
+  <repository>
+    <branch>
+      <name>master</name>
+      <tag state="fixed"></tag>
+      <change state="fixed">2fc84f6b39577ccd6fd57bdd270902f5098c3a88</change>
+      <change state="merged"></change>
+      <tag state="vulnerable">v1.0</tag>
+      <tag state="vulnerable">v1.1.0</tag>
+      <tag state="vulnerable">v1.2.0</tag>
+      <tag state="vulnerable">v1.3.0</tag>
+      <tag state="vulnerable">v1.4.0</tag>
+      <tag state="vulnerable">v1.5.0</tag>
+      <tag state="vulnerable">v1.6.0</tag>
+      <tag state="vulnerable">v1.7.0</tag>
+      <tag state="vulnerable">v2.0.0</tag>
+      <tag state="vulnerable">v2.1.0</tag>
+      <tag state="vulnerable">v2.2.0</tag>
+      <tag state="vulnerable">v2.3.0</tag>
+      <tag state="vulnerable">v2.4.0</tag>
+      <tag state="vulnerable">v2.5.0</tag>
+      <tag state="vulnerable">v2.6.0</tag>
+      <tag state="vulnerable">v2.7.0</tag>
+      <tag state="vulnerable">v2.8.0</tag>
+      <tag state="vulnerable">v2.9.0</tag>
+      <tag state="vulnerable">v2.10.0</tag>
+      <tag state="vulnerable">v2.11.0</tag>
+      <tag state="vulnerable">v2.12.0</tag>
+      <tag state="vulnerable">v3.0.0</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-0.11</name>
+      <tag state="vulnerable">v0.11.0</tag>
+      <tag state="vulnerable">v0.11.1</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-0.12</name>
+      <tag state="vulnerable">v0.12.0</tag>
+      <tag state="vulnerable">v0.12.1</tag>
+      <tag state="vulnerable">v0.12.2</tag>
+      <tag state="vulnerable">v0.12.3</tag>
+      <tag state="vulnerable">v0.12.4</tag>
+      <tag state="vulnerable">v0.12.5</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-0.13</name>
+      <tag state="vulnerable">v0.13.0</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-0.14</name>
+      <tag state="vulnerable">v0.14.0</tag>
+      <tag state="vulnerable">v0.14.1</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-0.15</name>
+      <tag state="vulnerable">v0.15.0</tag>
+      <tag state="vulnerable">v0.15.1</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-1.0</name>
+      <tag state="vulnerable">v1.0.1</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-1.1</name>
+      <tag state="vulnerable">v1.1.1</tag>
+      <tag state="vulnerable">v1.1.2</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-1.2</name>
+      <tag state="vulnerable">v1.2.1</tag>
+      <tag state="vulnerable">v1.2.2</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-1.3</name>
+      <tag state="vulnerable">v1.3.1</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-1.4</name>
+      <tag state="vulnerable">v1.4.1</tag>
+      <tag state="vulnerable">v1.4.2</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-1.5</name>
+      <tag state="vulnerable">v1.5.1</tag>
+      <tag state="vulnerable">v1.5.2</tag>
+      <tag state="vulnerable">v1.5.3</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-1.6</name>
+      <tag state="vulnerable">v1.6.1</tag>
+      <tag state="vulnerable">v1.6.2</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-1.7</name>
+      <tag state="vulnerable">v1.7.1</tag>
+      <tag state="vulnerable">v1.7.2</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-2.0</name>
+      <tag state="vulnerable">v2.0.1</tag>
+      <tag state="vulnerable">v2.0.2</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-2.1</name>
+      <tag state="vulnerable">v2.1.1</tag>
+      <tag state="vulnerable">v2.1.2</tag>
+      <tag state="vulnerable">v2.1.3</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-2.2</name>
+      <tag state="vulnerable">v2.2.1</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-2.3</name>
+      <tag state="vulnerable">v2.3.1</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-2.4</name>
+      <tag state="vulnerable">v2.4.0.1</tag>
+      <tag state="vulnerable">v2.4.1</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-2.5</name>
+      <tag state="vulnerable">v2.5.1</tag>
+      <tag state="vulnerable">v2.5.1.1</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-2.6</name>
+      <tag state="vulnerable">v2.6.1</tag>
+      <tag state="vulnerable">v2.6.2</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-2.7</name>
+      <tag state="vulnerable">v2.7.1</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-2.8</name>
+      <tag state="vulnerable">v2.8.1</tag>
+      <tag state="vulnerable">v2.8.1.1</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-2.9</name>
+      <tag state="vulnerable">v2.9.1</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-2.10</name>
+      <tag state="vulnerable">v2.10.1</tag>
+      <tag state="vulnerable">v2.10.2</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-2.11</name>
+      <tag state="vulnerable">v2.11.1</tag>
+      <tag state="vulnerable">v2.11.2</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+    <branch>
+      <name>stable-2.12</name>
+      <tag state="vulnerable">v2.12.1</tag>
+      <change state="vulnerable">4f1c942b7fb29864ad86cb3af9076da38f38f74e</change>
+    </branch>
+  </repository>
+
+</security-notice>
diff --git a/secnotice/2018/010.xml b/secnotice/2018/010.xml
new file mode 100644
index 0000000..23719d4
--- /dev/null
+++ b/secnotice/2018/010.xml
@@ -0,0 +1,223 @@
+<security-notice xmlns="http://qemu.org/xmlns/security-notice/1.0">
+  <id>2018-010</id>
+
+  <summary>Ignore network packet sizes larger than INT_MAX</summary>
+
+  <description>
+<![CDATA[A potential integer overflow issue was found in the QEMU emulator. It could occur when a packet with large packet size is accepted and processed.]]>
+  </description>
+
+  <impact>
+<![CDATA[A user inside guest could use this flaw to crash the Qemu process resulting in DoS.]]>
+  </impact>
+
+  <mitigation>
+<![CDATA[None]]>
+  </mitigation>
+
+  <credits>
+    <reporter>
+      <name>Daniel Shapira</name>
+      <email>daniel@twistlock.com</email>
+    </reporter>
+    <patcher>
+      <name>Jason Wang</name>
+      <email>jasonwang@redhat.com</email>
+    </patcher>
+  </credits>
+
+  <lifecycle>
+    <reported>20180521</reported>
+    <published>20180926</published>
+    <fixed></fixed>
+  </lifecycle>
+
+  <reference>
+    <advisory type="CVE" id="2018-17963"/>
+  </reference>
+
+  <repository>
+    <branch>
+      <name>master</name>
+      <change state="vulnerable">9a6ecb308b1c668fff84d56a356dbd595c51d556</change>
+    </branch>
+    <branch>
+      <name>master</name>
+      <tag state="fixed"></tag>
+      <change state="fixed">36772a6341af7c0f100b8e55a1e779db5fe818da</change>
+      <change state="merged"></change>
+      <tag state="vulnerable">v1.0</tag>
+      <tag state="vulnerable">v1.1.0</tag>
+      <tag state="vulnerable">v1.2.0</tag>
+      <tag state="vulnerable">v1.3.0</tag>
+      <tag state="vulnerable">v1.4.0</tag>
+      <tag state="vulnerable">v1.5.0</tag>
+      <tag state="vulnerable">v1.6.0</tag>
+      <tag state="vulnerable">v1.7.0</tag>
+      <tag state="vulnerable">v2.0.0</tag>
+      <tag state="vulnerable">v2.1.0</tag>
+      <tag state="vulnerable">v2.2.0</tag>
+      <tag state="vulnerable">v2.3.0</tag>
+      <tag state="vulnerable">v2.4.0</tag>
+      <tag state="vulnerable">v2.5.0</tag>
+      <tag state="vulnerable">v2.6.0</tag>
+      <tag state="vulnerable">v2.7.0</tag>
+      <tag state="vulnerable">v2.8.0</tag>
+      <tag state="vulnerable">v2.9.0</tag>
+      <tag state="vulnerable">v2.10.0</tag>
+      <tag state="vulnerable">v2.11.0</tag>
+      <tag state="vulnerable">v2.12.0</tag>
+      <tag state="vulnerable">v3.0.0</tag>
+      <change state="vulnerable">9a6ecb308b1c668fff84d56a356dbd595c51d556</change>
+    </branch>
+    <branch>
+      <name>stable-0.12</name>
+      <tag state="vulnerable">v0.12.0</tag>
+      <tag state="vulnerable">v0.12.1</tag>
+      <tag state="vulnerable">v0.12.2</tag>
+      <tag state="vulnerable">v0.12.3</tag>
+      <tag state="vulnerable">v0.12.4</tag>
+      <tag state="vulnerable">v0.12.5</tag>
+      <change state="vulnerable">9a6ecb308b1c668fff84d56a356dbd595c51d556</change>
+    </branch>
+    <branch>
+      <name>stable-0.13</name>
+      <tag state="vulnerable">v0.13.0</tag>
+      <change state="vulnerable">9a6ecb308b1c668fff84d56a356dbd595c51d556</change>
+    </branch>
+    <branch>
+      <name>stable-0.14</name>
+      <tag state="vulnerable">v0.14.0</tag>
+      <tag state="vulnerable">v0.14.1</tag>
+      <change state="vulnerable">9a6ecb308b1c668fff84d56a356dbd595c51d556</change>
+    </branch>
+    <branch>
+      <name>stable-0.15</name>
+      <tag state="vulnerable">v0.15.0</tag>
+      <tag state="vulnerable">v0.15.1</tag>
+      <change state="vulnerable">9a6ecb308b1c668fff84d56a356dbd595c51d556</change>
+    </branch>
+    <branch>
+      <name>stable-1.0</name>
+      <tag state="vulnerable">v1.0.1</tag>
+      <change state="vulnerable">9a6ecb308b1c668fff84d56a356dbd595c51d556</change>
+    </branch>
+    <branch>
+      <name>stable-1.1</name>
+      <tag state="vulnerable">v1.1.1</tag>
+      <tag state="vulnerable">v1.1.2</tag>
+      <change state="vulnerable">9a6ecb308b1c668fff84d56a356dbd595c51d556</change>
+    </branch>
+    <branch>
+      <name>stable-1.2</name>
+      <tag state="vulnerable">v1.2.1</tag>
+      <tag state="vulnerable">v1.2.2</tag>
+      <change state="vulnerable">9a6ecb308b1c668fff84d56a356dbd595c51d556</change>
+    </branch>
+    <branch>
+      <name>stable-1.3</name>
+      <tag state="vulnerable">v1.3.1</tag>
+      <change state="vulnerable">9a6ecb308b1c668fff84d56a356dbd595c51d556</change>
+    </branch>
+    <branch>
+      <name>stable-1.4</name>
+      <tag state="vulnerable">v1.4.1</tag>
+      <tag state="vulnerable">v1.4.2</tag>
+      <change state="vulnerable">9a6ecb308b1c668fff84d56a356dbd595c51d556</change>
+    </branch>
+    <branch>
+      <name>stable-1.5</name>
+      <tag state="vulnerable">v1.5.1</tag>
+      <tag state="vulnerable">v1.5.2</tag>
+      <tag state="vulnerable">v1.5.3</tag>
+      <change state="vulnerable">9a6ecb308b1c668fff84d56a356dbd595c51d556</change>
+    </branch>
+    <branch>
+      <name>stable-1.6</name>
+      <tag state="vulnerable">v1.6.1</tag>
+      <tag state="vulnerable">v1.6.2</tag>
+      <change state="vulnerable">9a6ecb308b1c668fff84d56a356dbd595c51d556</change>
+    </branch>
+    <branch>
+      <name>stable-1.7</name>
+      <tag state="vulnerable">v1.7.1</tag>
+      <tag state="vulnerable">v1.7.2</tag>
+      <change state="vulnerable">9a6ecb308b1c668fff84d56a356dbd595c51d556</change>
+    </branch>
+    <branch>
+      <name>stable-2.0</name>
+      <tag state="vulnerable">v2.0.1</tag>
+      <tag state="vulnerable">v2.0.2</tag>
+      <change state="vulnerable">9a6ecb308b1c668fff84d56a356dbd595c51d556</change>
+    </branch>
+    <branch>
+      <name>stable-2.1</name>
+      <tag state="vulnerable">v2.1.1</tag>
+      <tag state="vulnerable">v2.1.2</tag>
+      <tag state="vulnerable">v2.1.3</tag>
+      <change state="vulnerable">9a6ecb308b1c668fff84d56a356dbd595c51d556</change>
+    </branch>
+    <branch>
+      <name>stable-2.2</name>
+      <tag state="vulnerable">v2.2.1</tag>
+      <change state="vulnerable">9a6ecb308b1c668fff84d56a356dbd595c51d556</change>
+    </branch>
+    <branch>
+      <name>stable-2.3</name>
+      <tag state="vulnerable">v2.3.1</tag>
+      <change state="vulnerable">9a6ecb308b1c668fff84d56a356dbd595c51d556</change>
+    </branch>
+    <branch>
+      <name>stable-2.4</name>
+      <tag state="vulnerable">v2.4.0.1</tag>
+      <tag state="vulnerable">v2.4.1</tag>
+      <change state="vulnerable">9a6ecb308b1c668fff84d56a356dbd595c51d556</change>
+    </branch>
+    <branch>
+      <name>stable-2.5</name>
+      <tag state="vulnerable">v2.5.1</tag>
+      <tag state="vulnerable">v2.5.1.1</tag>
+      <change state="vulnerable">9a6ecb308b1c668fff84d56a356dbd595c51d556</change>
+    </branch>
+    <branch>
+      <name>stable-2.6</name>
+      <tag state="vulnerable">v2.6.1</tag>
+      <tag state="vulnerable">v2.6.2</tag>
+      <change state="vulnerable">9a6ecb308b1c668fff84d56a356dbd595c51d556</change>
+    </branch>
+    <branch>
+      <name>stable-2.7</name>
+      <tag state="vulnerable">v2.7.1</tag>
+      <change state="vulnerable">9a6ecb308b1c668fff84d56a356dbd595c51d556</change>
+    </branch>
+    <branch>
+      <name>stable-2.8</name>
+      <tag state="vulnerable">v2.8.1</tag>
+      <tag state="vulnerable">v2.8.1.1</tag>
+      <change state="vulnerable">9a6ecb308b1c668fff84d56a356dbd595c51d556</change>
+    </branch>
+    <branch>
+      <name>stable-2.9</name>
+      <tag state="vulnerable">v2.9.1</tag>
+      <change state="vulnerable">9a6ecb308b1c668fff84d56a356dbd595c51d556</change>
+    </branch>
+    <branch>
+      <name>stable-2.10</name>
+      <tag state="vulnerable">v2.10.1</tag>
+      <tag state="vulnerable">v2.10.2</tag>
+      <change state="vulnerable">9a6ecb308b1c668fff84d56a356dbd595c51d556</change>
+    </branch>
+    <branch>
+      <name>stable-2.11</name>
+      <tag state="vulnerable">v2.11.1</tag>
+      <tag state="vulnerable">v2.11.2</tag>
+      <change state="vulnerable">9a6ecb308b1c668fff84d56a356dbd595c51d556</change>
+    </branch>
+    <branch>
+      <name>stable-2.12</name>
+      <tag state="vulnerable">v2.12.1</tag>
+      <change state="vulnerable">9a6ecb308b1c668fff84d56a356dbd595c51d556</change>
+    </branch>
+  </repository>
+
+</security-notice>
diff --git a/secnotice/2018/011.xml b/secnotice/2018/011.xml
new file mode 100644
index 0000000..811df0d
--- /dev/null
+++ b/secnotice/2018/011.xml
@@ -0,0 +1,199 @@
+<security-notice xmlns="http://qemu.org/xmlns/security-notice/1.0">
+  <id>2018-011</id>
+
+  <summary>CCID integer overflow reading data</summary>
+
+  <description>
+<![CDATA[An integer overflow issue was found in the CCID Passthru card device emulation, while reading card data in ccid_card_vscard_read() function. The ccid_card_vscard_read() function accepts a signed integer 'size' argument, which is subsequently used as unsigned size_t value in memcpy(), copying large amounts of memory.
+]]>
+  </description>
+
+  <impact>
+<![CDATA[A user inside guest could use this flaw to crash the Qemu process resulting in DoS.]]>
+  </impact>
+
+  <mitigation>
+<![CDATA[Remove the CCID device emulation from virtual machines]]>
+  </mitigation>
+
+  <credits>
+    <reporter>
+      <name>Arash Tohidi</name>
+      <email>tohidi.arash@gmail.com</email>
+    </reporter>
+    <patcher>
+      <name>Philippe Mathieu-Daudé</name>
+      <email>philmd@redhat.com</email>
+    </patcher>
+  </credits>
+
+  <lifecycle>
+    <reported>20180726</reported>
+    <published>20181011</published>
+    <fixed></fixed>
+  </lifecycle>
+
+  <reference>
+    <advisory type="CVE" id="2018-18438"/>
+  </reference>
+
+  <repository>
+    <branch>
+      <name>master</name>
+      <change state="fixed"></change>
+      <change state="merged"></change>
+      <tag state="fixed"></tag>
+      <tag state="vulnerable">v1.0</tag>
+      <tag state="vulnerable">v1.1.0</tag>
+      <tag state="vulnerable">v1.2.0</tag>
+      <tag state="vulnerable">v1.3.0</tag>
+      <tag state="vulnerable">v1.4.0</tag>
+      <tag state="vulnerable">v1.5.0</tag>
+      <tag state="vulnerable">v1.6.0</tag>
+      <tag state="vulnerable">v1.7.0</tag>
+      <tag state="vulnerable">v2.0.0</tag>
+      <tag state="vulnerable">v2.1.0</tag>
+      <tag state="vulnerable">v2.2.0</tag>
+      <tag state="vulnerable">v2.3.0</tag>
+      <tag state="vulnerable">v2.4.0</tag>
+      <tag state="vulnerable">v2.5.0</tag>
+      <tag state="vulnerable">v2.6.0</tag>
+      <tag state="vulnerable">v2.7.0</tag>
+      <tag state="vulnerable">v2.8.0</tag>
+      <tag state="vulnerable">v2.9.0</tag>
+      <tag state="vulnerable">v2.10.0</tag>
+      <tag state="vulnerable">v2.11.0</tag>
+      <tag state="vulnerable">v2.12.0</tag>
+      <tag state="vulnerable">v3.0.0</tag>
+      <change state="vulnerable">edbb21363fbfe40e050f583df921484cbc31c79d</change>
+    </branch>
+    <branch>
+      <name>stable-0.15</name>
+      <tag state="vulnerable">v0.15.0</tag>
+      <tag state="vulnerable">v0.15.1</tag>
+      <change state="vulnerable">edbb21363fbfe40e050f583df921484cbc31c79d</change>
+    </branch>
+    <branch>
+      <name>stable-1.0</name>
+      <tag state="vulnerable">v1.0.1</tag>
+      <change state="vulnerable">edbb21363fbfe40e050f583df921484cbc31c79d</change>
+    </branch>
+    <branch>
+      <name>stable-1.1</name>
+      <tag state="vulnerable">v1.1.1</tag>
+      <tag state="vulnerable">v1.1.2</tag>
+      <change state="vulnerable">edbb21363fbfe40e050f583df921484cbc31c79d</change>
+    </branch>
+    <branch>
+      <name>stable-1.2</name>
+      <tag state="vulnerable">v1.2.1</tag>
+      <tag state="vulnerable">v1.2.2</tag>
+      <change state="vulnerable">edbb21363fbfe40e050f583df921484cbc31c79d</change>
+    </branch>
+    <branch>
+      <name>stable-1.3</name>
+      <tag state="vulnerable">v1.3.1</tag>
+      <change state="vulnerable">edbb21363fbfe40e050f583df921484cbc31c79d</change>
+    </branch>
+    <branch>
+      <name>stable-1.4</name>
+      <tag state="vulnerable">v1.4.1</tag>
+      <tag state="vulnerable">v1.4.2</tag>
+      <change state="vulnerable">edbb21363fbfe40e050f583df921484cbc31c79d</change>
+    </branch>
+    <branch>
+      <name>stable-1.5</name>
+      <tag state="vulnerable">v1.5.1</tag>
+      <tag state="vulnerable">v1.5.2</tag>
+      <tag state="vulnerable">v1.5.3</tag>
+      <change state="vulnerable">edbb21363fbfe40e050f583df921484cbc31c79d</change>
+    </branch>
+    <branch>
+      <name>stable-1.6</name>
+      <tag state="vulnerable">v1.6.1</tag>
+      <tag state="vulnerable">v1.6.2</tag>
+      <change state="vulnerable">edbb21363fbfe40e050f583df921484cbc31c79d</change>
+    </branch>
+    <branch>
+      <name>stable-1.7</name>
+      <tag state="vulnerable">v1.7.1</tag>
+      <tag state="vulnerable">v1.7.2</tag>
+      <change state="vulnerable">edbb21363fbfe40e050f583df921484cbc31c79d</change>
+    </branch>
+    <branch>
+      <name>stable-2.0</name>
+      <tag state="vulnerable">v2.0.1</tag>
+      <tag state="vulnerable">v2.0.2</tag>
+      <change state="vulnerable">edbb21363fbfe40e050f583df921484cbc31c79d</change>
+    </branch>
+    <branch>
+      <name>stable-2.1</name>
+      <tag state="vulnerable">v2.1.1</tag>
+      <tag state="vulnerable">v2.1.2</tag>
+      <tag state="vulnerable">v2.1.3</tag>
+      <change state="vulnerable">edbb21363fbfe40e050f583df921484cbc31c79d</change>
+    </branch>
+    <branch>
+      <name>stable-2.2</name>
+      <tag state="vulnerable">v2.2.1</tag>
+      <change state="vulnerable">edbb21363fbfe40e050f583df921484cbc31c79d</change>
+    </branch>
+    <branch>
+      <name>stable-2.3</name>
+      <tag state="vulnerable">v2.3.1</tag>
+      <change state="vulnerable">edbb21363fbfe40e050f583df921484cbc31c79d</change>
+    </branch>
+    <branch>
+      <name>stable-2.4</name>
+      <tag state="vulnerable">v2.4.0.1</tag>
+      <tag state="vulnerable">v2.4.1</tag>
+      <change state="vulnerable">edbb21363fbfe40e050f583df921484cbc31c79d</change>
+    </branch>
+    <branch>
+      <name>stable-2.5</name>
+      <tag state="vulnerable">v2.5.1</tag>
+      <tag state="vulnerable">v2.5.1.1</tag>
+      <change state="vulnerable">edbb21363fbfe40e050f583df921484cbc31c79d</change>
+    </branch>
+    <branch>
+      <name>stable-2.6</name>
+      <tag state="vulnerable">v2.6.1</tag>
+      <tag state="vulnerable">v2.6.2</tag>
+      <change state="vulnerable">edbb21363fbfe40e050f583df921484cbc31c79d</change>
+    </branch>
+    <branch>
+      <name>stable-2.7</name>
+      <tag state="vulnerable">v2.7.1</tag>
+      <change state="vulnerable">edbb21363fbfe40e050f583df921484cbc31c79d</change>
+    </branch>
+    <branch>
+      <name>stable-2.8</name>
+      <tag state="vulnerable">v2.8.1</tag>
+      <tag state="vulnerable">v2.8.1.1</tag>
+      <change state="vulnerable">edbb21363fbfe40e050f583df921484cbc31c79d</change>
+    </branch>
+    <branch>
+      <name>stable-2.9</name>
+      <tag state="vulnerable">v2.9.1</tag>
+      <change state="vulnerable">edbb21363fbfe40e050f583df921484cbc31c79d</change>
+    </branch>
+    <branch>
+      <name>stable-2.10</name>
+      <tag state="vulnerable">v2.10.1</tag>
+      <tag state="vulnerable">v2.10.2</tag>
+      <change state="vulnerable">edbb21363fbfe40e050f583df921484cbc31c79d</change>
+    </branch>
+    <branch>
+      <name>stable-2.11</name>
+      <tag state="vulnerable">v2.11.1</tag>
+      <tag state="vulnerable">v2.11.2</tag>
+      <change state="vulnerable">edbb21363fbfe40e050f583df921484cbc31c79d</change>
+    </branch>
+    <branch>
+      <name>stable-2.12</name>
+      <tag state="vulnerable">v2.12.1</tag>
+      <change state="vulnerable">edbb21363fbfe40e050f583df921484cbc31c79d</change>
+    </branch>
+  </repository>
+
+</security-notice>
-- 
2.17.2

[Qemu-devel] [web PATCH 4/4] Update pre-rendered content

[Daniel P. Berrangé]

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
 secnotice/2018/001.html   | 1043 ++++++++++++++++++++++++++++++++++++
 secnotice/2018/001.txt    |  210 ++++++++
 secnotice/2018/002.html   | 1044 ++++++++++++++++++++++++++++++++++++
 secnotice/2018/002.txt    |  206 ++++++++
 secnotice/2018/003.html   |  766 +++++++++++++++++++++++++++
 secnotice/2018/003.txt    |  160 ++++++
 secnotice/2018/004.html   | 1045 ++++++++++++++++++++++++++++++++++++
 secnotice/2018/004.txt    |  206 ++++++++
 secnotice/2018/005.html   |  952 +++++++++++++++++++++++++++++++++
 secnotice/2018/005.txt    |  191 +++++++
 secnotice/2018/006.html   | 1056 +++++++++++++++++++++++++++++++++++++
 secnotice/2018/006.txt    |  210 ++++++++
 secnotice/2018/007.html   |  820 ++++++++++++++++++++++++++++
 secnotice/2018/007.txt    |  169 ++++++
 secnotice/2018/008.html   |  952 +++++++++++++++++++++++++++++++++
 secnotice/2018/008.txt    |  191 +++++++
 secnotice/2018/009.html   |  952 +++++++++++++++++++++++++++++++++
 secnotice/2018/009.txt    |  192 +++++++
 secnotice/2018/010.html   |  940 +++++++++++++++++++++++++++++++++
 secnotice/2018/010.txt    |  188 +++++++
 secnotice/2018/011.html   |  823 +++++++++++++++++++++++++++++
 secnotice/2018/011.txt    |  169 ++++++
 secnotice/2018/index.html |   46 ++
 secnotice/2018/index.xml  |   13 +
 secnotice/index.html      |   46 ++
 secnotice/index.xml       |   13 +
 26 files changed, 12603 insertions(+)
 create mode 100644 secnotice/2018/001.html
 create mode 100644 secnotice/2018/001.txt
 create mode 100644 secnotice/2018/002.html
 create mode 100644 secnotice/2018/002.txt
 create mode 100644 secnotice/2018/003.html
 create mode 100644 secnotice/2018/003.txt
 create mode 100644 secnotice/2018/004.html
 create mode 100644 secnotice/2018/004.txt
 create mode 100644 secnotice/2018/005.html
 create mode 100644 secnotice/2018/005.txt
 create mode 100644 secnotice/2018/006.html
 create mode 100644 secnotice/2018/006.txt
 create mode 100644 secnotice/2018/007.html
 create mode 100644 secnotice/2018/007.txt
 create mode 100644 secnotice/2018/008.html
 create mode 100644 secnotice/2018/008.txt
 create mode 100644 secnotice/2018/009.html
 create mode 100644 secnotice/2018/009.txt
 create mode 100644 secnotice/2018/010.html
 create mode 100644 secnotice/2018/010.txt
 create mode 100644 secnotice/2018/011.html
 create mode 100644 secnotice/2018/011.txt
 create mode 100644 secnotice/2018/index.html
 create mode 100644 secnotice/2018/index.xml
 create mode 100644 secnotice/index.html
 create mode 100644 secnotice/index.xml

diff --git a/secnotice/2018/001.html b/secnotice/2018/001.html
new file mode 100644
index 0000000..5395079
--- /dev/null
+++ b/secnotice/2018/001.html
@@ -0,0 +1,1043 @@
+---
+title: 'QSN-2018-001: Speculative store bypass'
+layout: secnotice
+permalink: /secnotice/2018/001
+---
+
+    <div xmlns="http://www.w3.org/1999/xhtml" id="main">
+  <div class="container">
+    <h2>Speculative store bypass</h2>
+    <h3>Lifecycle</h3>
+    <table>
+      <tr>
+        <th>Reported on:</th>
+        <td>20180312</td>
+      </tr>
+      <tr>
+        <th>Published on:</th>
+        <td>20180521</td>
+      </tr>
+      <tr>
+        <th>Fixed on:</th>
+        <td>20180626</td>
+      </tr>
+    </table>
+    <h3>Credits</h3>
+    <table>
+      <tr>
+        <th>Reported by:</th>
+        <td>
+          <a href="mailto:">Ken Johnson (Microsoft Security Response Center)</a>
+        </td>
+      </tr>
+      <tr>
+        <th/>
+        <td>
+          <a href="mailto:">Jann Horn (Google Project Zero)</a>
+        </td>
+      </tr>
+      <tr>
+        <th>Patched by:</th>
+        <td>
+          <a href="mailto:berrange@redhat.com">Daniel P. Berrangé</a>
+        </td>
+      </tr>
+      <tr>
+        <th/>
+        <td>
+          <a href="mailto:konrad.wilk@oracle.com">Konrad Rzeszutek Wilk</a>
+        </td>
+      </tr>
+    </table>
+    <h3>See also</h3>
+    <ul>
+      <li>
+        <a href="https://nvd.nist.gov/vuln/detail/CVE-2018-3639">CVE-2018-3639</a>
+      </li>
+    </ul>
+    <h3>Description</h3>
+    <p>
+An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load &amp; Store instructions (a commonly used performance optimization).
+
+It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire).
+
+  </p>
+    <h3>Impact</h3>
+    <p>
+As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks.
+  </p>
+    <h3>Mitigation</h3>
+    <p>
+None
+  </p>
+    <p class="altformat">
+      Alternative formats:
+      <a href="/secnotice/2018/001.xml">[xml]</a> <a href="/secnotice/2018/001.txt">[text]</a></p>
+  </div>
+</div><div xmlns="http://www.w3.org/1999/xhtml" id="sidebar">
+  <div class="container">
+    <section>
+      <header>
+        <h2>Related commits</h2>
+      </header>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/master">master</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Fixed in:</th>
+            <td class="fixedtag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h="/>
+            </td>
+          </tr>
+          <tr>
+            <th>Fixed by:</th>
+            <td class="fixedcommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=d19d1f965904a533998739698020ff4ee8a103da">d19d1f965904a533998739698020ff4ee8a103da</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Fixed by:</th>
+            <td class="fixedcommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=403503b162ffc33fb64cfefdf7b880acf41772cd">403503b162ffc33fb64cfefdf7b880acf41772cd</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Fixed by:</th>
+            <td class="fixedcommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=a764f3f7197f4d7ad8fe8424269933de912224cb">a764f3f7197f4d7ad8fe8424269933de912224cb</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Merged by:</th>
+            <td class="mergedcommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f50c1673a89b07f376ce5c42d22d79a79cd466d">4f50c1673a89b07f376ce5c42d22d79a79cd466d</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Merged by:</th>
+            <td class="mergedcommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e409d9a158c77c650651e8118f6c86c8dc76eba6">e409d9a158c77c650651e8118f6c86c8dc76eba6</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.10.1">v0.10.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.10.2">v0.10.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.0">v1.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.1.0">v1.1.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.2.0">v1.2.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.3.0">v1.3.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.4.0">v1.4.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.5.0">v1.5.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.6.0">v1.6.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.7.0">v1.7.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.0.0">v2.0.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.1.0">v2.1.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.2.0">v2.2.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.3.0">v2.3.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.4.0">v2.4.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.5.0">v2.5.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.6.0">v2.6.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.7.0">v2.7.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.8.0">v2.8.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.9.0">v2.9.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.10.0">v2.10.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.11.0">v2.11.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.12.0">v2.12.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v3.0.0">v3.0.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=7ba1e61953f4592606e60b2e7507ff6a6faf861a">7ba1e61953f4592606e60b2e7507ff6a6faf861a</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-0.10">stable-0.10</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.10.0">v0.10.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.10.3">v0.10.3</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.10.4">v0.10.4</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.10.5">v0.10.5</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.10.6">v0.10.6</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=7ba1e61953f4592606e60b2e7507ff6a6faf861a">7ba1e61953f4592606e60b2e7507ff6a6faf861a</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-0.11">stable-0.11</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.11.0">v0.11.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.11.1">v0.11.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=7ba1e61953f4592606e60b2e7507ff6a6faf861a">7ba1e61953f4592606e60b2e7507ff6a6faf861a</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-0.12">stable-0.12</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.12.0">v0.12.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.12.1">v0.12.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.12.2">v0.12.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.12.3">v0.12.3</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.12.4">v0.12.4</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.12.5">v0.12.5</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=7ba1e61953f4592606e60b2e7507ff6a6faf861a">7ba1e61953f4592606e60b2e7507ff6a6faf861a</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-0.13">stable-0.13</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.13.0">v0.13.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=7ba1e61953f4592606e60b2e7507ff6a6faf861a">7ba1e61953f4592606e60b2e7507ff6a6faf861a</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-0.14">stable-0.14</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.14.0">v0.14.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.14.1">v0.14.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=7ba1e61953f4592606e60b2e7507ff6a6faf861a">7ba1e61953f4592606e60b2e7507ff6a6faf861a</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-0.15">stable-0.15</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.15.0">v0.15.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.15.1">v0.15.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=7ba1e61953f4592606e60b2e7507ff6a6faf861a">7ba1e61953f4592606e60b2e7507ff6a6faf861a</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.0">stable-1.0</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.0.1">v1.0.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=7ba1e61953f4592606e60b2e7507ff6a6faf861a">7ba1e61953f4592606e60b2e7507ff6a6faf861a</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.1">stable-1.1</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.1.1">v1.1.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.1.2">v1.1.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=7ba1e61953f4592606e60b2e7507ff6a6faf861a">7ba1e61953f4592606e60b2e7507ff6a6faf861a</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.2">stable-1.2</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.2.1">v1.2.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.2.2">v1.2.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=7ba1e61953f4592606e60b2e7507ff6a6faf861a">7ba1e61953f4592606e60b2e7507ff6a6faf861a</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.3">stable-1.3</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.3.1">v1.3.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=7ba1e61953f4592606e60b2e7507ff6a6faf861a">7ba1e61953f4592606e60b2e7507ff6a6faf861a</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.4">stable-1.4</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.4.1">v1.4.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.4.2">v1.4.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=7ba1e61953f4592606e60b2e7507ff6a6faf861a">7ba1e61953f4592606e60b2e7507ff6a6faf861a</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.5">stable-1.5</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.5.1">v1.5.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.5.2">v1.5.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.5.3">v1.5.3</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=7ba1e61953f4592606e60b2e7507ff6a6faf861a">7ba1e61953f4592606e60b2e7507ff6a6faf861a</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.6">stable-1.6</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.6.1">v1.6.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.6.2">v1.6.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=7ba1e61953f4592606e60b2e7507ff6a6faf861a">7ba1e61953f4592606e60b2e7507ff6a6faf861a</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.7">stable-1.7</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.7.1">v1.7.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.7.2">v1.7.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=7ba1e61953f4592606e60b2e7507ff6a6faf861a">7ba1e61953f4592606e60b2e7507ff6a6faf861a</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.0">stable-2.0</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.0.1">v2.0.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.0.2">v2.0.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=7ba1e61953f4592606e60b2e7507ff6a6faf861a">7ba1e61953f4592606e60b2e7507ff6a6faf861a</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.1">stable-2.1</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.1.1">v2.1.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.1.2">v2.1.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.1.3">v2.1.3</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=7ba1e61953f4592606e60b2e7507ff6a6faf861a">7ba1e61953f4592606e60b2e7507ff6a6faf861a</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.2">stable-2.2</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.2.1">v2.2.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=7ba1e61953f4592606e60b2e7507ff6a6faf861a">7ba1e61953f4592606e60b2e7507ff6a6faf861a</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.3">stable-2.3</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.3.1">v2.3.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=7ba1e61953f4592606e60b2e7507ff6a6faf861a">7ba1e61953f4592606e60b2e7507ff6a6faf861a</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.4">stable-2.4</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.4.0.1">v2.4.0.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.4.1">v2.4.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=7ba1e61953f4592606e60b2e7507ff6a6faf861a">7ba1e61953f4592606e60b2e7507ff6a6faf861a</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.5">stable-2.5</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.5.1">v2.5.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.5.1.1">v2.5.1.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=7ba1e61953f4592606e60b2e7507ff6a6faf861a">7ba1e61953f4592606e60b2e7507ff6a6faf861a</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.6">stable-2.6</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.6.1">v2.6.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.6.2">v2.6.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=7ba1e61953f4592606e60b2e7507ff6a6faf861a">7ba1e61953f4592606e60b2e7507ff6a6faf861a</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.7">stable-2.7</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.7.1">v2.7.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=7ba1e61953f4592606e60b2e7507ff6a6faf861a">7ba1e61953f4592606e60b2e7507ff6a6faf861a</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.8">stable-2.8</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.8.1">v2.8.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.8.1.1">v2.8.1.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=7ba1e61953f4592606e60b2e7507ff6a6faf861a">7ba1e61953f4592606e60b2e7507ff6a6faf861a</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.9">stable-2.9</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.9.1">v2.9.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=7ba1e61953f4592606e60b2e7507ff6a6faf861a">7ba1e61953f4592606e60b2e7507ff6a6faf861a</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.10">stable-2.10</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.10.1">v2.10.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.10.2">v2.10.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=7ba1e61953f4592606e60b2e7507ff6a6faf861a">7ba1e61953f4592606e60b2e7507ff6a6faf861a</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.11">stable-2.11</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.11.1">v2.11.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.11.2">v2.11.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=7ba1e61953f4592606e60b2e7507ff6a6faf861a">7ba1e61953f4592606e60b2e7507ff6a6faf861a</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.12">stable-2.12</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.12.1">v2.12.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=7ba1e61953f4592606e60b2e7507ff6a6faf861a">7ba1e61953f4592606e60b2e7507ff6a6faf861a</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+    </section>
+  </div>
+</div>
diff --git a/secnotice/2018/001.txt b/secnotice/2018/001.txt
new file mode 100644
index 0000000..3d75341
--- /dev/null
+++ b/secnotice/2018/001.txt
@@ -0,0 +1,210 @@
+        QEMU Security Notice: QSN-2018-001
+        ==================================
+
+       Summary: Speculative store bypass
+   Reported on: 20180312
+  Published on: 20180521
+      Fixed on: 20180626
+   Reported by: Ken Johnson (Microsoft Security Response Center) <>
+                Jann Horn (Google Project Zero) <>
+    Patched by: Daniel P. Berrangé <berrange@redhat.com>,
+                Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
+      See also: CVE-2018-3639
+
+Description
+-----------
+
+An industry-wide issue was found in the way many modern
+microprocessor designs have implemented speculative execution of
+Load & Store instructions (a commonly used performance
+optimization). It relies on the presence of a precisely-defined
+instruction sequence in the privileged code as well as the fact that
+memory read from address to which a recent memory write has occurred
+may see an older value and subsequently cause an update into the
+microprocessor's data cache even for speculatively executed
+instructions that never actually commit (retire).
+
+Impact
+------
+
+As a result, an unprivileged attacker could use this flaw to read
+privileged memory by conducting targeted cache side-channel attacks.
+
+Mitigation
+----------
+
+None
+
+Related commits
+----------------
+
+  git://git.qemu.org/qemu.git
+  https://git.qemu.org/?p=qemu.git
+
+      Branch: master
+   Broken in: v0.10.1
+   Broken in: v0.10.2
+   Broken in: v1.0
+   Broken in: v1.1.0
+   Broken in: v1.2.0
+   Broken in: v1.3.0
+   Broken in: v1.4.0
+   Broken in: v1.5.0
+   Broken in: v1.6.0
+   Broken in: v1.7.0
+   Broken in: v2.0.0
+   Broken in: v2.1.0
+   Broken in: v2.2.0
+   Broken in: v2.3.0
+   Broken in: v2.4.0
+   Broken in: v2.5.0
+   Broken in: v2.6.0
+   Broken in: v2.7.0
+   Broken in: v2.8.0
+   Broken in: v2.9.0
+   Broken in: v2.10.0
+   Broken in: v2.11.0
+   Broken in: v2.12.0
+   Broken in: v3.0.0
+    Fixed in: 
+   Broken by: 7ba1e61953f4592606e60b2e7507ff6a6faf861a
+    Fixed by: d19d1f965904a533998739698020ff4ee8a103da
+    Fixed by: 403503b162ffc33fb64cfefdf7b880acf41772cd
+    Fixed by: a764f3f7197f4d7ad8fe8424269933de912224cb
+
+      Branch: stable-0.10
+   Broken in: v0.10.0
+   Broken in: v0.10.3
+   Broken in: v0.10.4
+   Broken in: v0.10.5
+   Broken in: v0.10.6
+   Broken by: 7ba1e61953f4592606e60b2e7507ff6a6faf861a
+
+      Branch: stable-0.11
+   Broken in: v0.11.0
+   Broken in: v0.11.1
+   Broken by: 7ba1e61953f4592606e60b2e7507ff6a6faf861a
+
+      Branch: stable-0.12
+   Broken in: v0.12.0
+   Broken in: v0.12.1
+   Broken in: v0.12.2
+   Broken in: v0.12.3
+   Broken in: v0.12.4
+   Broken in: v0.12.5
+   Broken by: 7ba1e61953f4592606e60b2e7507ff6a6faf861a
+
+      Branch: stable-0.13
+   Broken in: v0.13.0
+   Broken by: 7ba1e61953f4592606e60b2e7507ff6a6faf861a
+
+      Branch: stable-0.14
+   Broken in: v0.14.0
+   Broken in: v0.14.1
+   Broken by: 7ba1e61953f4592606e60b2e7507ff6a6faf861a
+
+      Branch: stable-0.15
+   Broken in: v0.15.0
+   Broken in: v0.15.1
+   Broken by: 7ba1e61953f4592606e60b2e7507ff6a6faf861a
+
+      Branch: stable-1.0
+   Broken in: v1.0.1
+   Broken by: 7ba1e61953f4592606e60b2e7507ff6a6faf861a
+
+      Branch: stable-1.1
+   Broken in: v1.1.1
+   Broken in: v1.1.2
+   Broken by: 7ba1e61953f4592606e60b2e7507ff6a6faf861a
+
+      Branch: stable-1.2
+   Broken in: v1.2.1
+   Broken in: v1.2.2
+   Broken by: 7ba1e61953f4592606e60b2e7507ff6a6faf861a
+
+      Branch: stable-1.3
+   Broken in: v1.3.1
+   Broken by: 7ba1e61953f4592606e60b2e7507ff6a6faf861a
+
+      Branch: stable-1.4
+   Broken in: v1.4.1
+   Broken in: v1.4.2
+   Broken by: 7ba1e61953f4592606e60b2e7507ff6a6faf861a
+
+      Branch: stable-1.5
+   Broken in: v1.5.1
+   Broken in: v1.5.2
+   Broken in: v1.5.3
+   Broken by: 7ba1e61953f4592606e60b2e7507ff6a6faf861a
+
+      Branch: stable-1.6
+   Broken in: v1.6.1
+   Broken in: v1.6.2
+   Broken by: 7ba1e61953f4592606e60b2e7507ff6a6faf861a
+
+      Branch: stable-1.7
+   Broken in: v1.7.1
+   Broken in: v1.7.2
+   Broken by: 7ba1e61953f4592606e60b2e7507ff6a6faf861a
+
+      Branch: stable-2.0
+   Broken in: v2.0.1
+   Broken in: v2.0.2
+   Broken by: 7ba1e61953f4592606e60b2e7507ff6a6faf861a
+
+      Branch: stable-2.1
+   Broken in: v2.1.1
+   Broken in: v2.1.2
+   Broken in: v2.1.3
+   Broken by: 7ba1e61953f4592606e60b2e7507ff6a6faf861a
+
+      Branch: stable-2.2
+   Broken in: v2.2.1
+   Broken by: 7ba1e61953f4592606e60b2e7507ff6a6faf861a
+
+      Branch: stable-2.3
+   Broken in: v2.3.1
+   Broken by: 7ba1e61953f4592606e60b2e7507ff6a6faf861a
+
+      Branch: stable-2.4
+   Broken in: v2.4.0.1
+   Broken in: v2.4.1
+   Broken by: 7ba1e61953f4592606e60b2e7507ff6a6faf861a
+
+      Branch: stable-2.5
+   Broken in: v2.5.1
+   Broken in: v2.5.1.1
+   Broken by: 7ba1e61953f4592606e60b2e7507ff6a6faf861a
+
+      Branch: stable-2.6
+   Broken in: v2.6.1
+   Broken in: v2.6.2
+   Broken by: 7ba1e61953f4592606e60b2e7507ff6a6faf861a
+
+      Branch: stable-2.7
+   Broken in: v2.7.1
+   Broken by: 7ba1e61953f4592606e60b2e7507ff6a6faf861a
+
+      Branch: stable-2.8
+   Broken in: v2.8.1
+   Broken in: v2.8.1.1
+   Broken by: 7ba1e61953f4592606e60b2e7507ff6a6faf861a
+
+      Branch: stable-2.9
+   Broken in: v2.9.1
+   Broken by: 7ba1e61953f4592606e60b2e7507ff6a6faf861a
+
+      Branch: stable-2.10
+   Broken in: v2.10.1
+   Broken in: v2.10.2
+   Broken by: 7ba1e61953f4592606e60b2e7507ff6a6faf861a
+
+      Branch: stable-2.11
+   Broken in: v2.11.1
+   Broken in: v2.11.2
+   Broken by: 7ba1e61953f4592606e60b2e7507ff6a6faf861a
+
+      Branch: stable-2.12
+   Broken in: v2.12.1
+   Broken by: 7ba1e61953f4592606e60b2e7507ff6a6faf861a
+
diff --git a/secnotice/2018/002.html b/secnotice/2018/002.html
new file mode 100644
index 0000000..ea8d96f
--- /dev/null
+++ b/secnotice/2018/002.html
@@ -0,0 +1,1044 @@
+---
+title: 'QSN-2018-002: VGA out of bounds in vga_draw_text'
+layout: secnotice
+permalink: /secnotice/2018/002
+---
+
+    <div xmlns="http://www.w3.org/1999/xhtml" id="main">
+  <div class="container">
+    <h2>VGA out of bounds in vga_draw_text</h2>
+    <h3>Lifecycle</h3>
+    <table>
+      <tr>
+        <th>Reported on:</th>
+        <td>20171228</td>
+      </tr>
+      <tr>
+        <th>Published on:</th>
+        <td>20171225</td>
+      </tr>
+      <tr>
+        <th>Fixed on:</th>
+        <td>20180125</td>
+      </tr>
+    </table>
+    <h3>Credits</h3>
+    <table>
+      <tr>
+        <th>Reported by:</th>
+        <td>
+          <a href="mailto:jiangxin1@huawei.com">Jiang Xin</a>
+        </td>
+      </tr>
+      <tr>
+        <th>Patched by:</th>
+        <td>
+          <a href="mailto:linzhecheng@huawei.com">Lin ZheCheng</a>
+        </td>
+      </tr>
+    </table>
+    <h3>See also</h3>
+    <ul>
+      <li>
+        <a href="https://nvd.nist.gov/vuln/detail/CVE-2018-5683">CVE-2018-5683</a>
+      </li>
+    </ul>
+    <h3>Description</h3>
+    <p>
+Quick Emulator(QEMU) built with the VGA emulator support is vulnerable to an out-of-bounds access issue in vga_draw_text. It could occur while updating vga display area.
+  </p>
+    <h3>Impact</h3>
+    <p>
+A privileged user inside guest could use this flaw to crash the Qemu process
+resulting in DoS.
+  </p>
+    <h3>Mitigation</h3>
+    <p>
+Disable graphics adapters if the virtual machines can be operated
+via the serial console
+  </p>
+    <p class="altformat">
+      Alternative formats:
+      <a href="/secnotice/2018/002.xml">[xml]</a> <a href="/secnotice/2018/002.txt">[text]</a></p>
+  </div>
+</div><div xmlns="http://www.w3.org/1999/xhtml" id="sidebar">
+  <div class="container">
+    <section>
+      <header>
+        <h2>Related commits</h2>
+      </header>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/master">master</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Fixed in:</th>
+            <td class="fixedtag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.12.0">v2.12.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Fixed by:</th>
+            <td class="fixedcommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=191f59dc17396bb5a8da50f8c59b6e0a430711a4">191f59dc17396bb5a8da50f8c59b6e0a430711a4</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Merged by:</th>
+            <td class="mergedcommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=b3bbe959b5dc3bf07041946455cc8e8d562bfd1f">b3bbe959b5dc3bf07041946455cc8e8d562bfd1f</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.4.4">v0.4.4</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.5.0">v0.5.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.5.1">v0.5.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.6.0">v0.6.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.6.1">v0.6.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.7.0">v0.7.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.7.1">v0.7.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.8.1">v0.8.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.8.2">v0.8.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.9.0">v0.9.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.9.1">v0.9.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.0">v1.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.1.0">v1.1.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.2.0">v1.2.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.3.0">v1.3.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.4.0">v1.4.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.5.0">v1.5.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.6.0">v1.6.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.7.0">v1.7.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.0.0">v2.0.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.1.0">v2.1.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.2.0">v2.2.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.3.0">v2.3.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.4.0">v2.4.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.5.0">v2.5.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.6.0">v2.6.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.7.0">v2.7.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.8.0">v2.8.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.9.0">v2.9.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.10.0">v2.10.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.11.0">v2.11.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e89f66eca974d2a9d5d89271c6041daefdab2105">e89f66eca974d2a9d5d89271c6041daefdab2105</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-0.10">stable-0.10</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.10.0">v0.10.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.10.1">v0.10.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.10.2">v0.10.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.10.3">v0.10.3</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.10.4">v0.10.4</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.10.5">v0.10.5</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.10.6">v0.10.6</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e89f66eca974d2a9d5d89271c6041daefdab2105">e89f66eca974d2a9d5d89271c6041daefdab2105</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-0.11">stable-0.11</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.11.0">v0.11.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.11.1">v0.11.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e89f66eca974d2a9d5d89271c6041daefdab2105">e89f66eca974d2a9d5d89271c6041daefdab2105</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-0.12">stable-0.12</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.12.0">v0.12.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.12.1">v0.12.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.12.2">v0.12.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.12.3">v0.12.3</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.12.4">v0.12.4</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.12.5">v0.12.5</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e89f66eca974d2a9d5d89271c6041daefdab2105">e89f66eca974d2a9d5d89271c6041daefdab2105</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-0.13">stable-0.13</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.13.0">v0.13.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e89f66eca974d2a9d5d89271c6041daefdab2105">e89f66eca974d2a9d5d89271c6041daefdab2105</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-0.14">stable-0.14</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.14.0">v0.14.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.14.1">v0.14.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e89f66eca974d2a9d5d89271c6041daefdab2105">e89f66eca974d2a9d5d89271c6041daefdab2105</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-0.15">stable-0.15</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.15.0">v0.15.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.15.1">v0.15.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e89f66eca974d2a9d5d89271c6041daefdab2105">e89f66eca974d2a9d5d89271c6041daefdab2105</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.0">stable-1.0</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.0.1">v1.0.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e89f66eca974d2a9d5d89271c6041daefdab2105">e89f66eca974d2a9d5d89271c6041daefdab2105</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.1">stable-1.1</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.1.1">v1.1.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.1.2">v1.1.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e89f66eca974d2a9d5d89271c6041daefdab2105">e89f66eca974d2a9d5d89271c6041daefdab2105</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.2">stable-1.2</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.2.1">v1.2.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.2.2">v1.2.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e89f66eca974d2a9d5d89271c6041daefdab2105">e89f66eca974d2a9d5d89271c6041daefdab2105</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.3">stable-1.3</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.3.1">v1.3.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e89f66eca974d2a9d5d89271c6041daefdab2105">e89f66eca974d2a9d5d89271c6041daefdab2105</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.4">stable-1.4</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.4.1">v1.4.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.4.2">v1.4.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e89f66eca974d2a9d5d89271c6041daefdab2105">e89f66eca974d2a9d5d89271c6041daefdab2105</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.5">stable-1.5</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.5.1">v1.5.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.5.2">v1.5.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.5.3">v1.5.3</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e89f66eca974d2a9d5d89271c6041daefdab2105">e89f66eca974d2a9d5d89271c6041daefdab2105</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.6">stable-1.6</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.6.1">v1.6.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.6.2">v1.6.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e89f66eca974d2a9d5d89271c6041daefdab2105">e89f66eca974d2a9d5d89271c6041daefdab2105</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.7">stable-1.7</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.7.1">v1.7.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.7.2">v1.7.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e89f66eca974d2a9d5d89271c6041daefdab2105">e89f66eca974d2a9d5d89271c6041daefdab2105</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.0">stable-2.0</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.0.1">v2.0.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.0.2">v2.0.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e89f66eca974d2a9d5d89271c6041daefdab2105">e89f66eca974d2a9d5d89271c6041daefdab2105</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.1">stable-2.1</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.1.1">v2.1.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.1.2">v2.1.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.1.3">v2.1.3</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e89f66eca974d2a9d5d89271c6041daefdab2105">e89f66eca974d2a9d5d89271c6041daefdab2105</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.2">stable-2.2</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.2.1">v2.2.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e89f66eca974d2a9d5d89271c6041daefdab2105">e89f66eca974d2a9d5d89271c6041daefdab2105</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.3">stable-2.3</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.3.1">v2.3.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e89f66eca974d2a9d5d89271c6041daefdab2105">e89f66eca974d2a9d5d89271c6041daefdab2105</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.4">stable-2.4</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.4.0.1">v2.4.0.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.4.1">v2.4.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e89f66eca974d2a9d5d89271c6041daefdab2105">e89f66eca974d2a9d5d89271c6041daefdab2105</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.5">stable-2.5</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.5.1">v2.5.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.5.1.1">v2.5.1.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e89f66eca974d2a9d5d89271c6041daefdab2105">e89f66eca974d2a9d5d89271c6041daefdab2105</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.6">stable-2.6</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.6.1">v2.6.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.6.2">v2.6.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e89f66eca974d2a9d5d89271c6041daefdab2105">e89f66eca974d2a9d5d89271c6041daefdab2105</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.7">stable-2.7</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.7.1">v2.7.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e89f66eca974d2a9d5d89271c6041daefdab2105">e89f66eca974d2a9d5d89271c6041daefdab2105</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.8">stable-2.8</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.8.1">v2.8.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.8.1.1">v2.8.1.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e89f66eca974d2a9d5d89271c6041daefdab2105">e89f66eca974d2a9d5d89271c6041daefdab2105</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.9">stable-2.9</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.9.1">v2.9.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e89f66eca974d2a9d5d89271c6041daefdab2105">e89f66eca974d2a9d5d89271c6041daefdab2105</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.10">stable-2.10</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.10.1">v2.10.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.10.2">v2.10.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e89f66eca974d2a9d5d89271c6041daefdab2105">e89f66eca974d2a9d5d89271c6041daefdab2105</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.11">stable-2.11</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.11.1">v2.11.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.11.2">v2.11.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e89f66eca974d2a9d5d89271c6041daefdab2105">e89f66eca974d2a9d5d89271c6041daefdab2105</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+    </section>
+  </div>
+</div>
diff --git a/secnotice/2018/002.txt b/secnotice/2018/002.txt
new file mode 100644
index 0000000..b817b7f
--- /dev/null
+++ b/secnotice/2018/002.txt
@@ -0,0 +1,206 @@
+        QEMU Security Notice: QSN-2018-002
+        ==================================
+
+       Summary: VGA out of bounds in vga_draw_text
+   Reported on: 20171228
+  Published on: 20171225
+      Fixed on: 20180125
+   Reported by: Jiang Xin <jiangxin1@huawei.com>
+    Patched by: Lin ZheCheng <linzhecheng@huawei.com>
+      See also: CVE-2018-5683
+
+Description
+-----------
+
+Quick Emulator(QEMU) built with the VGA emulator support is
+vulnerable to an out-of-bounds access issue in vga_draw_text. It
+could occur while updating vga display area.
+
+Impact
+------
+
+A privileged user inside guest could use this flaw to crash the Qemu
+process resulting in DoS.
+
+Mitigation
+----------
+
+Disable graphics adapters if the virtual machines can be operated
+via the serial console
+
+Related commits
+----------------
+
+  git://git.qemu.org/qemu.git
+  https://git.qemu.org/?p=qemu.git
+
+      Branch: master
+   Broken in: v0.4.4
+   Broken in: v0.5.0
+   Broken in: v0.5.1
+   Broken in: v0.6.0
+   Broken in: v0.6.1
+   Broken in: v0.7.0
+   Broken in: v0.7.1
+   Broken in: v0.8.1
+   Broken in: v0.8.2
+   Broken in: v0.9.0
+   Broken in: v0.9.1
+   Broken in: v1.0
+   Broken in: v1.1.0
+   Broken in: v1.2.0
+   Broken in: v1.3.0
+   Broken in: v1.4.0
+   Broken in: v1.5.0
+   Broken in: v1.6.0
+   Broken in: v1.7.0
+   Broken in: v2.0.0
+   Broken in: v2.1.0
+   Broken in: v2.2.0
+   Broken in: v2.3.0
+   Broken in: v2.4.0
+   Broken in: v2.5.0
+   Broken in: v2.6.0
+   Broken in: v2.7.0
+   Broken in: v2.8.0
+   Broken in: v2.9.0
+   Broken in: v2.10.0
+   Broken in: v2.11.0
+    Fixed in: v2.12.0
+   Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105
+    Fixed by: 191f59dc17396bb5a8da50f8c59b6e0a430711a4
+
+      Branch: stable-0.10
+   Broken in: v0.10.0
+   Broken in: v0.10.1
+   Broken in: v0.10.2
+   Broken in: v0.10.3
+   Broken in: v0.10.4
+   Broken in: v0.10.5
+   Broken in: v0.10.6
+   Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105
+
+      Branch: stable-0.11
+   Broken in: v0.11.0
+   Broken in: v0.11.1
+   Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105
+
+      Branch: stable-0.12
+   Broken in: v0.12.0
+   Broken in: v0.12.1
+   Broken in: v0.12.2
+   Broken in: v0.12.3
+   Broken in: v0.12.4
+   Broken in: v0.12.5
+   Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105
+
+      Branch: stable-0.13
+   Broken in: v0.13.0
+   Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105
+
+      Branch: stable-0.14
+   Broken in: v0.14.0
+   Broken in: v0.14.1
+   Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105
+
+      Branch: stable-0.15
+   Broken in: v0.15.0
+   Broken in: v0.15.1
+   Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105
+
+      Branch: stable-1.0
+   Broken in: v1.0.1
+   Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105
+
+      Branch: stable-1.1
+   Broken in: v1.1.1
+   Broken in: v1.1.2
+   Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105
+
+      Branch: stable-1.2
+   Broken in: v1.2.1
+   Broken in: v1.2.2
+   Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105
+
+      Branch: stable-1.3
+   Broken in: v1.3.1
+   Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105
+
+      Branch: stable-1.4
+   Broken in: v1.4.1
+   Broken in: v1.4.2
+   Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105
+
+      Branch: stable-1.5
+   Broken in: v1.5.1
+   Broken in: v1.5.2
+   Broken in: v1.5.3
+   Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105
+
+      Branch: stable-1.6
+   Broken in: v1.6.1
+   Broken in: v1.6.2
+   Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105
+
+      Branch: stable-1.7
+   Broken in: v1.7.1
+   Broken in: v1.7.2
+   Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105
+
+      Branch: stable-2.0
+   Broken in: v2.0.1
+   Broken in: v2.0.2
+   Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105
+
+      Branch: stable-2.1
+   Broken in: v2.1.1
+   Broken in: v2.1.2
+   Broken in: v2.1.3
+   Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105
+
+      Branch: stable-2.2
+   Broken in: v2.2.1
+   Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105
+
+      Branch: stable-2.3
+   Broken in: v2.3.1
+   Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105
+
+      Branch: stable-2.4
+   Broken in: v2.4.0.1
+   Broken in: v2.4.1
+   Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105
+
+      Branch: stable-2.5
+   Broken in: v2.5.1
+   Broken in: v2.5.1.1
+   Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105
+
+      Branch: stable-2.6
+   Broken in: v2.6.1
+   Broken in: v2.6.2
+   Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105
+
+      Branch: stable-2.7
+   Broken in: v2.7.1
+   Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105
+
+      Branch: stable-2.8
+   Broken in: v2.8.1
+   Broken in: v2.8.1.1
+   Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105
+
+      Branch: stable-2.9
+   Broken in: v2.9.1
+   Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105
+
+      Branch: stable-2.10
+   Broken in: v2.10.1
+   Broken in: v2.10.2
+   Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105
+
+      Branch: stable-2.11
+   Broken in: v2.11.1
+   Broken in: v2.11.2
+   Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105
+
diff --git a/secnotice/2018/003.html b/secnotice/2018/003.html
new file mode 100644
index 0000000..8e8530a
--- /dev/null
+++ b/secnotice/2018/003.html
@@ -0,0 +1,766 @@
+---
+title: 'QSN-2018-003: Multiboot out of bounds loading kernel'
+layout: secnotice
+permalink: /secnotice/2018/003
+---
+
+    <div xmlns="http://www.w3.org/1999/xhtml" id="main">
+  <div class="container">
+    <h2>Multiboot out of bounds loading kernel</h2>
+    <h3>Lifecycle</h3>
+    <table>
+      <tr>
+        <th>Reported on:</th>
+        <td>20180221</td>
+      </tr>
+      <tr>
+        <th>Published on:</th>
+        <td>20180227</td>
+      </tr>
+      <tr>
+        <th>Fixed on:</th>
+        <td>20180328</td>
+      </tr>
+    </table>
+    <h3>Credits</h3>
+    <table>
+      <tr>
+        <th>Reported by:</th>
+        <td>
+          <a href="mailto:"/>
+        </td>
+      </tr>
+      <tr>
+        <th>Patched by:</th>
+        <td>
+          <a href="mailto:"/>
+        </td>
+      </tr>
+    </table>
+    <h3>See also</h3>
+    <ul>
+      <li>
+        <a href="https://nvd.nist.gov/vuln/detail/CVE-2018-7550">CVE-2018-7550</a>
+      </li>
+    </ul>
+    <h3>Description</h3>
+    <p>
+Quick Emulator(QEMU) built with the PC System Emulator with multiboot feature
+support is vulnerable to an OOB memory access issue. It could occur while
+loading a kernel image during a guest boot if multiboot head addresses
+mh_load_end_addr was greater than mh_bss_end_addr.
+  </p>
+    <h3>Impact</h3>
+    <p>
+A user/process could use this flaw to potentially achieve arbitrary code
+execution on a host.
+  </p>
+    <h3>Mitigation</h3>
+    <p>
+Do not use the -kernel argument to QEMU for providing the boot kernel.
+Allow the guest firmware and bootloader (eg grub) to load the boot kernel from
+inside the confined guest execution environment
+  </p>
+    <p class="altformat">
+      Alternative formats:
+      <a href="/secnotice/2018/003.xml">[xml]</a> <a href="/secnotice/2018/003.txt">[text]</a></p>
+  </div>
+</div><div xmlns="http://www.w3.org/1999/xhtml" id="sidebar">
+  <div class="container">
+    <section>
+      <header>
+        <h2>Related commits</h2>
+      </header>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/master">master</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Fixed in:</th>
+            <td class="fixedtag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.12.0">v2.12.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Fixed by:</th>
+            <td class="fixedcommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=2a8fcd119eb7c6bb3837fc3669eb1b2dfb31daf8">2a8fcd119eb7c6bb3837fc3669eb1b2dfb31daf8</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Merged by:</th>
+            <td class="mergedcommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=854a4436dd313eaeb51c275d00526d60437915d2">854a4436dd313eaeb51c275d00526d60437915d2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.0">v1.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.1.0">v1.1.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.2.0">v1.2.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.3.0">v1.3.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.4.0">v1.4.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.5.0">v1.5.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.6.0">v1.6.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.7.0">v1.7.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.0.0">v2.0.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.1.0">v2.1.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.2.0">v2.2.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.3.0">v2.3.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.4.0">v2.4.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.5.0">v2.5.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.6.0">v2.6.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.7.0">v2.7.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.8.0">v2.8.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.9.0">v2.9.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.10.0">v2.10.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.11.0">v2.11.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=6b8273a1b97876950d91c228a420a851e10e12bb">6b8273a1b97876950d91c228a420a851e10e12bb</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.0">stable-1.0</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.0.1">v1.0.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=6b8273a1b97876950d91c228a420a851e10e12bb">6b8273a1b97876950d91c228a420a851e10e12bb</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.1">stable-1.1</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.1.1">v1.1.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.1.2">v1.1.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=6b8273a1b97876950d91c228a420a851e10e12bb">6b8273a1b97876950d91c228a420a851e10e12bb</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.2">stable-1.2</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.2.1">v1.2.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.2.2">v1.2.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=6b8273a1b97876950d91c228a420a851e10e12bb">6b8273a1b97876950d91c228a420a851e10e12bb</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.3">stable-1.3</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.3.1">v1.3.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=6b8273a1b97876950d91c228a420a851e10e12bb">6b8273a1b97876950d91c228a420a851e10e12bb</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.4">stable-1.4</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.4.1">v1.4.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.4.2">v1.4.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=6b8273a1b97876950d91c228a420a851e10e12bb">6b8273a1b97876950d91c228a420a851e10e12bb</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.5">stable-1.5</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.5.1">v1.5.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.5.2">v1.5.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.5.3">v1.5.3</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=6b8273a1b97876950d91c228a420a851e10e12bb">6b8273a1b97876950d91c228a420a851e10e12bb</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.6">stable-1.6</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.6.1">v1.6.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.6.2">v1.6.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=6b8273a1b97876950d91c228a420a851e10e12bb">6b8273a1b97876950d91c228a420a851e10e12bb</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.7">stable-1.7</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.7.1">v1.7.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.7.2">v1.7.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=6b8273a1b97876950d91c228a420a851e10e12bb">6b8273a1b97876950d91c228a420a851e10e12bb</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.0">stable-2.0</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.0.1">v2.0.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.0.2">v2.0.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=6b8273a1b97876950d91c228a420a851e10e12bb">6b8273a1b97876950d91c228a420a851e10e12bb</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.1">stable-2.1</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.1.1">v2.1.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.1.2">v2.1.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.1.3">v2.1.3</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=6b8273a1b97876950d91c228a420a851e10e12bb">6b8273a1b97876950d91c228a420a851e10e12bb</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.2">stable-2.2</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.2.1">v2.2.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=6b8273a1b97876950d91c228a420a851e10e12bb">6b8273a1b97876950d91c228a420a851e10e12bb</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.3">stable-2.3</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.3.1">v2.3.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=6b8273a1b97876950d91c228a420a851e10e12bb">6b8273a1b97876950d91c228a420a851e10e12bb</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.4">stable-2.4</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.4.0.1">v2.4.0.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.4.1">v2.4.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=6b8273a1b97876950d91c228a420a851e10e12bb">6b8273a1b97876950d91c228a420a851e10e12bb</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.5">stable-2.5</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.5.1">v2.5.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.5.1.1">v2.5.1.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=6b8273a1b97876950d91c228a420a851e10e12bb">6b8273a1b97876950d91c228a420a851e10e12bb</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.6">stable-2.6</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.6.1">v2.6.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.6.2">v2.6.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=6b8273a1b97876950d91c228a420a851e10e12bb">6b8273a1b97876950d91c228a420a851e10e12bb</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.7">stable-2.7</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.7.1">v2.7.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=6b8273a1b97876950d91c228a420a851e10e12bb">6b8273a1b97876950d91c228a420a851e10e12bb</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.8">stable-2.8</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.8.1">v2.8.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.8.1.1">v2.8.1.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=6b8273a1b97876950d91c228a420a851e10e12bb">6b8273a1b97876950d91c228a420a851e10e12bb</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.9">stable-2.9</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.9.1">v2.9.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=6b8273a1b97876950d91c228a420a851e10e12bb">6b8273a1b97876950d91c228a420a851e10e12bb</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.10">stable-2.10</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.10.1">v2.10.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.10.2">v2.10.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=6b8273a1b97876950d91c228a420a851e10e12bb">6b8273a1b97876950d91c228a420a851e10e12bb</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.11">stable-2.11</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.11.1">v2.11.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.11.2">v2.11.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=6b8273a1b97876950d91c228a420a851e10e12bb">6b8273a1b97876950d91c228a420a851e10e12bb</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+    </section>
+  </div>
+</div>
diff --git a/secnotice/2018/003.txt b/secnotice/2018/003.txt
new file mode 100644
index 0000000..b33b5cb
--- /dev/null
+++ b/secnotice/2018/003.txt
@@ -0,0 +1,160 @@
+        QEMU Security Notice: QSN-2018-003
+        ==================================
+
+       Summary: Multiboot out of bounds loading kernel
+   Reported on: 20180221
+  Published on: 20180227
+      Fixed on: 20180328
+   Reported by:  <>
+    Patched by:  <>
+      See also: CVE-2018-7550
+
+Description
+-----------
+
+Quick Emulator(QEMU) built with the PC System Emulator with
+multiboot feature support is vulnerable to an OOB memory access
+issue. It could occur while loading a kernel image during a guest
+boot if multiboot head addresses mh_load_end_addr was greater than
+mh_bss_end_addr.
+
+Impact
+------
+
+A user/process could use this flaw to potentially achieve arbitrary
+code execution on a host.
+
+Mitigation
+----------
+
+Do not use the -kernel argument to QEMU for providing the boot
+kernel. Allow the guest firmware and bootloader (eg grub) to load
+the boot kernel from inside the confined guest execution environment
+
+Related commits
+----------------
+
+  git://git.qemu.org/qemu.git
+  https://git.qemu.org/?p=qemu.git
+
+      Branch: master
+   Broken in: v1.0
+   Broken in: v1.1.0
+   Broken in: v1.2.0
+   Broken in: v1.3.0
+   Broken in: v1.4.0
+   Broken in: v1.5.0
+   Broken in: v1.6.0
+   Broken in: v1.7.0
+   Broken in: v2.0.0
+   Broken in: v2.1.0
+   Broken in: v2.2.0
+   Broken in: v2.3.0
+   Broken in: v2.4.0
+   Broken in: v2.5.0
+   Broken in: v2.6.0
+   Broken in: v2.7.0
+   Broken in: v2.8.0
+   Broken in: v2.9.0
+   Broken in: v2.10.0
+   Broken in: v2.11.0
+    Fixed in: v2.12.0
+   Broken by: 6b8273a1b97876950d91c228a420a851e10e12bb
+    Fixed by: 2a8fcd119eb7c6bb3837fc3669eb1b2dfb31daf8
+
+      Branch: stable-1.0
+   Broken in: v1.0.1
+   Broken by: 6b8273a1b97876950d91c228a420a851e10e12bb
+
+      Branch: stable-1.1
+   Broken in: v1.1.1
+   Broken in: v1.1.2
+   Broken by: 6b8273a1b97876950d91c228a420a851e10e12bb
+
+      Branch: stable-1.2
+   Broken in: v1.2.1
+   Broken in: v1.2.2
+   Broken by: 6b8273a1b97876950d91c228a420a851e10e12bb
+
+      Branch: stable-1.3
+   Broken in: v1.3.1
+   Broken by: 6b8273a1b97876950d91c228a420a851e10e12bb
+
+      Branch: stable-1.4
+   Broken in: v1.4.1
+   Broken in: v1.4.2
+   Broken by: 6b8273a1b97876950d91c228a420a851e10e12bb
+
+      Branch: stable-1.5
+   Broken in: v1.5.1
+   Broken in: v1.5.2
+   Broken in: v1.5.3
+   Broken by: 6b8273a1b97876950d91c228a420a851e10e12bb
+
+      Branch: stable-1.6
+   Broken in: v1.6.1
+   Broken in: v1.6.2
+   Broken by: 6b8273a1b97876950d91c228a420a851e10e12bb
+
+      Branch: stable-1.7
+   Broken in: v1.7.1
+   Broken in: v1.7.2
+   Broken by: 6b8273a1b97876950d91c228a420a851e10e12bb
+
+      Branch: stable-2.0
+   Broken in: v2.0.1
+   Broken in: v2.0.2
+   Broken by: 6b8273a1b97876950d91c228a420a851e10e12bb
+
+      Branch: stable-2.1
+   Broken in: v2.1.1
+   Broken in: v2.1.2
+   Broken in: v2.1.3
+   Broken by: 6b8273a1b97876950d91c228a420a851e10e12bb
+
+      Branch: stable-2.2
+   Broken in: v2.2.1
+   Broken by: 6b8273a1b97876950d91c228a420a851e10e12bb
+
+      Branch: stable-2.3
+   Broken in: v2.3.1
+   Broken by: 6b8273a1b97876950d91c228a420a851e10e12bb
+
+      Branch: stable-2.4
+   Broken in: v2.4.0.1
+   Broken in: v2.4.1
+   Broken by: 6b8273a1b97876950d91c228a420a851e10e12bb
+
+      Branch: stable-2.5
+   Broken in: v2.5.1
+   Broken in: v2.5.1.1
+   Broken by: 6b8273a1b97876950d91c228a420a851e10e12bb
+
+      Branch: stable-2.6
+   Broken in: v2.6.1
+   Broken in: v2.6.2
+   Broken by: 6b8273a1b97876950d91c228a420a851e10e12bb
+
+      Branch: stable-2.7
+   Broken in: v2.7.1
+   Broken by: 6b8273a1b97876950d91c228a420a851e10e12bb
+
+      Branch: stable-2.8
+   Broken in: v2.8.1
+   Broken in: v2.8.1.1
+   Broken by: 6b8273a1b97876950d91c228a420a851e10e12bb
+
+      Branch: stable-2.9
+   Broken in: v2.9.1
+   Broken by: 6b8273a1b97876950d91c228a420a851e10e12bb
+
+      Branch: stable-2.10
+   Broken in: v2.10.1
+   Broken in: v2.10.2
+   Broken by: 6b8273a1b97876950d91c228a420a851e10e12bb
+
+      Branch: stable-2.11
+   Broken in: v2.11.1
+   Broken in: v2.11.2
+   Broken by: 6b8273a1b97876950d91c228a420a851e10e12bb
+
diff --git a/secnotice/2018/004.html b/secnotice/2018/004.html
new file mode 100644
index 0000000..aee9788
--- /dev/null
+++ b/secnotice/2018/004.html
@@ -0,0 +1,1045 @@
+---
+title: 'QSN-2018-004: Cirrus out of bounds access updating VGA display'
+layout: secnotice
+permalink: /secnotice/2018/004
+---
+
+    <div xmlns="http://www.w3.org/1999/xhtml" id="main">
+  <div class="container">
+    <h2>Cirrus out of bounds access updating VGA display</h2>
+    <h3>Lifecycle</h3>
+    <table>
+      <tr>
+        <th>Reported on:</th>
+        <td>20180228</td>
+      </tr>
+      <tr>
+        <th>Published on:</th>
+        <td>20180308</td>
+      </tr>
+      <tr>
+        <th>Fixed on:</th>
+        <td>20180312</td>
+      </tr>
+    </table>
+    <h3>Credits</h3>
+    <table>
+      <tr>
+        <th>Reported by:</th>
+        <td>
+          <a href="mailto:ross.lagerwall@citrix.com">Ross Lagerwall</a>
+        </td>
+      </tr>
+      <tr>
+        <th>Patched by:</th>
+        <td>
+          <a href="mailto:kraxel@redhat.com">Gerd Hoffmann</a>
+        </td>
+      </tr>
+    </table>
+    <h3>See also</h3>
+    <ul>
+      <li>
+        <a href="https://nvd.nist.gov/vuln/detail/CVE-2018-7858">CVE-2018-7858</a>
+      </li>
+    </ul>
+    <h3>Description</h3>
+    <p>
+Quick emulator(QEMU) built with the Cirrus CLGD 54xx VGA Emulator support is
+vulnerable to an out-of-bounds access issue. It could occur while updating
+VGA display, after guest has adjusted the display dimensions.
+  </p>
+    <h3>Impact</h3>
+    <p>
+A privileged user inside guest could use this flaw to crash the Qemu process
+resulting in DoS.
+  </p>
+    <h3>Mitigation</h3>
+    <p>
+Replace use of the cirrus video adapter with an alternative model
+  </p>
+    <p class="altformat">
+      Alternative formats:
+      <a href="/secnotice/2018/004.xml">[xml]</a> <a href="/secnotice/2018/004.txt">[text]</a></p>
+  </div>
+</div><div xmlns="http://www.w3.org/1999/xhtml" id="sidebar">
+  <div class="container">
+    <section>
+      <header>
+        <h2>Related commits</h2>
+      </header>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/master">master</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Fixed in:</th>
+            <td class="fixedtag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.12.0">v2.12.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Fixed by:</th>
+            <td class="fixedcommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=7cdc61becd095b64a786b2625f321624e7111f3d">7cdc61becd095b64a786b2625f321624e7111f3d</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Merged by:</th>
+            <td class="mergedcommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=fb5fff15881ba7a002924b967eb211c002897983">fb5fff15881ba7a002924b967eb211c002897983</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.4.4">v0.4.4</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.5.0">v0.5.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.5.1">v0.5.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.6.0">v0.6.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.6.1">v0.6.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.7.0">v0.7.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.7.1">v0.7.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.8.1">v0.8.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.8.2">v0.8.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.9.0">v0.9.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.9.1">v0.9.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.0">v1.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.1.0">v1.1.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.2.0">v1.2.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.3.0">v1.3.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.4.0">v1.4.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.5.0">v1.5.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.6.0">v1.6.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.7.0">v1.7.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.0.0">v2.0.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.1.0">v2.1.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.2.0">v2.2.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.3.0">v2.3.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.4.0">v2.4.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.5.0">v2.5.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.6.0">v2.6.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.7.0">v2.7.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.8.0">v2.8.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.9.0">v2.9.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.10.0">v2.10.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.11.0">v2.11.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e89f66eca974d2a9d5d89271c6041daefdab2105">e89f66eca974d2a9d5d89271c6041daefdab2105</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-0.10">stable-0.10</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.10.0">v0.10.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.10.1">v0.10.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.10.2">v0.10.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.10.3">v0.10.3</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.10.4">v0.10.4</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.10.5">v0.10.5</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.10.6">v0.10.6</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e89f66eca974d2a9d5d89271c6041daefdab2105">e89f66eca974d2a9d5d89271c6041daefdab2105</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-0.11">stable-0.11</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.11.0">v0.11.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.11.1">v0.11.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e89f66eca974d2a9d5d89271c6041daefdab2105">e89f66eca974d2a9d5d89271c6041daefdab2105</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-0.12">stable-0.12</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.12.0">v0.12.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.12.1">v0.12.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.12.2">v0.12.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.12.3">v0.12.3</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.12.4">v0.12.4</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.12.5">v0.12.5</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e89f66eca974d2a9d5d89271c6041daefdab2105">e89f66eca974d2a9d5d89271c6041daefdab2105</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-0.13">stable-0.13</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.13.0">v0.13.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e89f66eca974d2a9d5d89271c6041daefdab2105">e89f66eca974d2a9d5d89271c6041daefdab2105</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-0.14">stable-0.14</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.14.0">v0.14.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.14.1">v0.14.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e89f66eca974d2a9d5d89271c6041daefdab2105">e89f66eca974d2a9d5d89271c6041daefdab2105</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-0.15">stable-0.15</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.15.0">v0.15.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.15.1">v0.15.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e89f66eca974d2a9d5d89271c6041daefdab2105">e89f66eca974d2a9d5d89271c6041daefdab2105</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.0">stable-1.0</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.0.1">v1.0.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e89f66eca974d2a9d5d89271c6041daefdab2105">e89f66eca974d2a9d5d89271c6041daefdab2105</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.1">stable-1.1</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.1.1">v1.1.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.1.2">v1.1.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e89f66eca974d2a9d5d89271c6041daefdab2105">e89f66eca974d2a9d5d89271c6041daefdab2105</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.2">stable-1.2</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.2.1">v1.2.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.2.2">v1.2.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e89f66eca974d2a9d5d89271c6041daefdab2105">e89f66eca974d2a9d5d89271c6041daefdab2105</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.3">stable-1.3</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.3.1">v1.3.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e89f66eca974d2a9d5d89271c6041daefdab2105">e89f66eca974d2a9d5d89271c6041daefdab2105</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.4">stable-1.4</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.4.1">v1.4.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.4.2">v1.4.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e89f66eca974d2a9d5d89271c6041daefdab2105">e89f66eca974d2a9d5d89271c6041daefdab2105</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.5">stable-1.5</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.5.1">v1.5.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.5.2">v1.5.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.5.3">v1.5.3</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e89f66eca974d2a9d5d89271c6041daefdab2105">e89f66eca974d2a9d5d89271c6041daefdab2105</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.6">stable-1.6</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.6.1">v1.6.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.6.2">v1.6.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e89f66eca974d2a9d5d89271c6041daefdab2105">e89f66eca974d2a9d5d89271c6041daefdab2105</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.7">stable-1.7</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.7.1">v1.7.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.7.2">v1.7.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e89f66eca974d2a9d5d89271c6041daefdab2105">e89f66eca974d2a9d5d89271c6041daefdab2105</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.0">stable-2.0</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.0.1">v2.0.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.0.2">v2.0.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e89f66eca974d2a9d5d89271c6041daefdab2105">e89f66eca974d2a9d5d89271c6041daefdab2105</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.1">stable-2.1</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.1.1">v2.1.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.1.2">v2.1.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.1.3">v2.1.3</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e89f66eca974d2a9d5d89271c6041daefdab2105">e89f66eca974d2a9d5d89271c6041daefdab2105</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.2">stable-2.2</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.2.1">v2.2.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e89f66eca974d2a9d5d89271c6041daefdab2105">e89f66eca974d2a9d5d89271c6041daefdab2105</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.3">stable-2.3</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.3.1">v2.3.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e89f66eca974d2a9d5d89271c6041daefdab2105">e89f66eca974d2a9d5d89271c6041daefdab2105</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.4">stable-2.4</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.4.0.1">v2.4.0.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.4.1">v2.4.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e89f66eca974d2a9d5d89271c6041daefdab2105">e89f66eca974d2a9d5d89271c6041daefdab2105</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.5">stable-2.5</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.5.1">v2.5.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.5.1.1">v2.5.1.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e89f66eca974d2a9d5d89271c6041daefdab2105">e89f66eca974d2a9d5d89271c6041daefdab2105</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.6">stable-2.6</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.6.1">v2.6.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.6.2">v2.6.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e89f66eca974d2a9d5d89271c6041daefdab2105">e89f66eca974d2a9d5d89271c6041daefdab2105</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.7">stable-2.7</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.7.1">v2.7.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e89f66eca974d2a9d5d89271c6041daefdab2105">e89f66eca974d2a9d5d89271c6041daefdab2105</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.8">stable-2.8</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.8.1">v2.8.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.8.1.1">v2.8.1.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e89f66eca974d2a9d5d89271c6041daefdab2105">e89f66eca974d2a9d5d89271c6041daefdab2105</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.9">stable-2.9</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.9.1">v2.9.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e89f66eca974d2a9d5d89271c6041daefdab2105">e89f66eca974d2a9d5d89271c6041daefdab2105</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.10">stable-2.10</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.10.1">v2.10.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.10.2">v2.10.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e89f66eca974d2a9d5d89271c6041daefdab2105">e89f66eca974d2a9d5d89271c6041daefdab2105</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.11">stable-2.11</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.11.1">v2.11.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.11.2">v2.11.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e89f66eca974d2a9d5d89271c6041daefdab2105">e89f66eca974d2a9d5d89271c6041daefdab2105</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+    </section>
+  </div>
+</div>
diff --git a/secnotice/2018/004.txt b/secnotice/2018/004.txt
new file mode 100644
index 0000000..940aab3
--- /dev/null
+++ b/secnotice/2018/004.txt
@@ -0,0 +1,206 @@
+        QEMU Security Notice: QSN-2018-004
+        ==================================
+
+       Summary: Cirrus out of bounds access updating VGA display
+   Reported on: 20180228
+  Published on: 20180308
+      Fixed on: 20180312
+   Reported by: Ross Lagerwall <ross.lagerwall@citrix.com>
+    Patched by: Gerd Hoffmann <kraxel@redhat.com>
+      See also: CVE-2018-7858
+
+Description
+-----------
+
+Quick emulator(QEMU) built with the Cirrus CLGD 54xx VGA Emulator
+support is vulnerable to an out-of-bounds access issue. It could
+occur while updating VGA display, after guest has adjusted the
+display dimensions.
+
+Impact
+------
+
+A privileged user inside guest could use this flaw to crash the Qemu
+process resulting in DoS.
+
+Mitigation
+----------
+
+Replace use of the cirrus video adapter with an alternative model
+
+Related commits
+----------------
+
+  git://git.qemu.org/qemu.git
+  https://git.qemu.org/?p=qemu.git
+
+      Branch: master
+   Broken in: v0.4.4
+   Broken in: v0.5.0
+   Broken in: v0.5.1
+   Broken in: v0.6.0
+   Broken in: v0.6.1
+   Broken in: v0.7.0
+   Broken in: v0.7.1
+   Broken in: v0.8.1
+   Broken in: v0.8.2
+   Broken in: v0.9.0
+   Broken in: v0.9.1
+   Broken in: v1.0
+   Broken in: v1.1.0
+   Broken in: v1.2.0
+   Broken in: v1.3.0
+   Broken in: v1.4.0
+   Broken in: v1.5.0
+   Broken in: v1.6.0
+   Broken in: v1.7.0
+   Broken in: v2.0.0
+   Broken in: v2.1.0
+   Broken in: v2.2.0
+   Broken in: v2.3.0
+   Broken in: v2.4.0
+   Broken in: v2.5.0
+   Broken in: v2.6.0
+   Broken in: v2.7.0
+   Broken in: v2.8.0
+   Broken in: v2.9.0
+   Broken in: v2.10.0
+   Broken in: v2.11.0
+    Fixed in: v2.12.0
+   Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105
+    Fixed by: 7cdc61becd095b64a786b2625f321624e7111f3d
+
+      Branch: stable-0.10
+   Broken in: v0.10.0
+   Broken in: v0.10.1
+   Broken in: v0.10.2
+   Broken in: v0.10.3
+   Broken in: v0.10.4
+   Broken in: v0.10.5
+   Broken in: v0.10.6
+   Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105
+
+      Branch: stable-0.11
+   Broken in: v0.11.0
+   Broken in: v0.11.1
+   Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105
+
+      Branch: stable-0.12
+   Broken in: v0.12.0
+   Broken in: v0.12.1
+   Broken in: v0.12.2
+   Broken in: v0.12.3
+   Broken in: v0.12.4
+   Broken in: v0.12.5
+   Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105
+
+      Branch: stable-0.13
+   Broken in: v0.13.0
+   Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105
+
+      Branch: stable-0.14
+   Broken in: v0.14.0
+   Broken in: v0.14.1
+   Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105
+
+      Branch: stable-0.15
+   Broken in: v0.15.0
+   Broken in: v0.15.1
+   Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105
+
+      Branch: stable-1.0
+   Broken in: v1.0.1
+   Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105
+
+      Branch: stable-1.1
+   Broken in: v1.1.1
+   Broken in: v1.1.2
+   Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105
+
+      Branch: stable-1.2
+   Broken in: v1.2.1
+   Broken in: v1.2.2
+   Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105
+
+      Branch: stable-1.3
+   Broken in: v1.3.1
+   Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105
+
+      Branch: stable-1.4
+   Broken in: v1.4.1
+   Broken in: v1.4.2
+   Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105
+
+      Branch: stable-1.5
+   Broken in: v1.5.1
+   Broken in: v1.5.2
+   Broken in: v1.5.3
+   Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105
+
+      Branch: stable-1.6
+   Broken in: v1.6.1
+   Broken in: v1.6.2
+   Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105
+
+      Branch: stable-1.7
+   Broken in: v1.7.1
+   Broken in: v1.7.2
+   Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105
+
+      Branch: stable-2.0
+   Broken in: v2.0.1
+   Broken in: v2.0.2
+   Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105
+
+      Branch: stable-2.1
+   Broken in: v2.1.1
+   Broken in: v2.1.2
+   Broken in: v2.1.3
+   Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105
+
+      Branch: stable-2.2
+   Broken in: v2.2.1
+   Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105
+
+      Branch: stable-2.3
+   Broken in: v2.3.1
+   Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105
+
+      Branch: stable-2.4
+   Broken in: v2.4.0.1
+   Broken in: v2.4.1
+   Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105
+
+      Branch: stable-2.5
+   Broken in: v2.5.1
+   Broken in: v2.5.1.1
+   Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105
+
+      Branch: stable-2.6
+   Broken in: v2.6.1
+   Broken in: v2.6.2
+   Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105
+
+      Branch: stable-2.7
+   Broken in: v2.7.1
+   Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105
+
+      Branch: stable-2.8
+   Broken in: v2.8.1
+   Broken in: v2.8.1.1
+   Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105
+
+      Branch: stable-2.9
+   Broken in: v2.9.1
+   Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105
+
+      Branch: stable-2.10
+   Broken in: v2.10.1
+   Broken in: v2.10.2
+   Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105
+
+      Branch: stable-2.11
+   Broken in: v2.11.1
+   Broken in: v2.11.2
+   Broken by: e89f66eca974d2a9d5d89271c6041daefdab2105
+
diff --git a/secnotice/2018/005.html b/secnotice/2018/005.html
new file mode 100644
index 0000000..f3ba09d
--- /dev/null
+++ b/secnotice/2018/005.html
@@ -0,0 +1,952 @@
+---
+title: 'QSN-2018-005: ne2000 integer overflow in buffer access'
+layout: secnotice
+permalink: /secnotice/2018/005
+---
+
+    <div xmlns="http://www.w3.org/1999/xhtml" id="main">
+  <div class="container">
+    <h2>ne2000 integer overflow in buffer access</h2>
+    <h3>Lifecycle</h3>
+    <table>
+      <tr>
+        <th>Reported on:</th>
+        <td>20180522</td>
+      </tr>
+      <tr>
+        <th>Published on:</th>
+        <td>20180926</td>
+      </tr>
+      <tr>
+        <th>Fixed on:</th>
+        <td/>
+      </tr>
+    </table>
+    <h3>Credits</h3>
+    <table>
+      <tr>
+        <th>Reported by:</th>
+        <td>
+          <a href="mailto:daniel@twistlock.com">Daniel Shapira</a>
+        </td>
+      </tr>
+      <tr>
+        <th>Patched by:</th>
+        <td>
+          <a href="mailto:jasonwang@redhat.com">Jason Wang</a>
+        </td>
+      </tr>
+    </table>
+    <h3>See also</h3>
+    <ul>
+      <li>
+        <a href="https://nvd.nist.gov/vuln/detail/CVE-2018-10839">CVE-2018-10839</a>
+      </li>
+    </ul>
+    <h3>Description</h3>
+    <p>
+Qemu emulator built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network.
+  </p>
+    <h3>Impact</h3>
+    <p>
+A user inside guest could use this flaw to crash the Qemu process resulting in DoS.
+  </p>
+    <h3>Mitigation</h3>
+    <p>
+Replace use of the NE2000 network adapter with an alternative model
+  </p>
+    <p class="altformat">
+      Alternative formats:
+      <a href="/secnotice/2018/005.xml">[xml]</a> <a href="/secnotice/2018/005.txt">[text]</a></p>
+  </div>
+</div><div xmlns="http://www.w3.org/1999/xhtml" id="sidebar">
+  <div class="container">
+    <section>
+      <header>
+        <h2>Related commits</h2>
+      </header>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/master">master</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Fixed in:</th>
+            <td class="fixedtag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h="/>
+            </td>
+          </tr>
+          <tr>
+            <th>Fixed by:</th>
+            <td class="fixedcommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=0caf499e2f26ae305a16ae2c4e7a2f295ddf64d1">0caf499e2f26ae305a16ae2c4e7a2f295ddf64d1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Merged by:</th>
+            <td class="mergedcommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h="/>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.0">v1.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.1.0">v1.1.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.2.0">v1.2.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.3.0">v1.3.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.4.0">v1.4.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.5.0">v1.5.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.6.0">v1.6.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.7.0">v1.7.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.0.0">v2.0.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.1.0">v2.1.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.2.0">v2.2.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.3.0">v2.3.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.4.0">v2.4.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.5.0">v2.5.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.6.0">v2.6.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.7.0">v2.7.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.8.0">v2.8.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.9.0">v2.9.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.10.0">v2.10.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.11.0">v2.11.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.12.0">v2.12.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v3.0.0">v3.0.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-0.11">stable-0.11</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.11.0">v0.11.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.11.1">v0.11.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-0.12">stable-0.12</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.12.0">v0.12.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.12.1">v0.12.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.12.2">v0.12.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.12.3">v0.12.3</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.12.4">v0.12.4</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.12.5">v0.12.5</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-0.13">stable-0.13</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.13.0">v0.13.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-0.14">stable-0.14</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.14.0">v0.14.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.14.1">v0.14.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-0.15">stable-0.15</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.15.0">v0.15.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.15.1">v0.15.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.0">stable-1.0</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.0.1">v1.0.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.1">stable-1.1</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.1.1">v1.1.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.1.2">v1.1.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.2">stable-1.2</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.2.1">v1.2.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.2.2">v1.2.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.3">stable-1.3</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.3.1">v1.3.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.4">stable-1.4</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.4.1">v1.4.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.4.2">v1.4.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.5">stable-1.5</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.5.1">v1.5.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.5.2">v1.5.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.5.3">v1.5.3</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.6">stable-1.6</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.6.1">v1.6.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.6.2">v1.6.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.7">stable-1.7</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.7.1">v1.7.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.7.2">v1.7.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.0">stable-2.0</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.0.1">v2.0.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.0.2">v2.0.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.1">stable-2.1</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.1.1">v2.1.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.1.2">v2.1.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.1.3">v2.1.3</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.2">stable-2.2</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.2.1">v2.2.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.3">stable-2.3</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.3.1">v2.3.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.4">stable-2.4</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.4.0.1">v2.4.0.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.4.1">v2.4.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.5">stable-2.5</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.5.1">v2.5.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.5.1.1">v2.5.1.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.6">stable-2.6</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.6.1">v2.6.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.6.2">v2.6.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.7">stable-2.7</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.7.1">v2.7.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.8">stable-2.8</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.8.1">v2.8.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.8.1.1">v2.8.1.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.9">stable-2.9</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.9.1">v2.9.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.10">stable-2.10</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.10.1">v2.10.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.10.2">v2.10.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.11">stable-2.11</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.11.1">v2.11.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.11.2">v2.11.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.12">stable-2.12</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.12.1">v2.12.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+    </section>
+  </div>
+</div>
diff --git a/secnotice/2018/005.txt b/secnotice/2018/005.txt
new file mode 100644
index 0000000..c80107b
--- /dev/null
+++ b/secnotice/2018/005.txt
@@ -0,0 +1,191 @@
+        QEMU Security Notice: QSN-2018-005
+        ==================================
+
+       Summary: ne2000 integer overflow in buffer access
+   Reported on: 20180522
+  Published on: 20180926
+      Fixed on: 
+   Reported by: Daniel Shapira <daniel@twistlock.com>
+    Patched by: Jason Wang <jasonwang@redhat.com>
+      See also: CVE-2018-10839
+
+Description
+-----------
+
+Qemu emulator built with the NE2000 NIC emulation support is
+vulnerable to an integer overflow, which could lead to buffer
+overflow issue. It could occur when receiving packets over the
+network.
+
+Impact
+------
+
+A user inside guest could use this flaw to crash the Qemu process
+resulting in DoS.
+
+Mitigation
+----------
+
+Replace use of the NE2000 network adapter with an alternative model
+
+Related commits
+----------------
+
+  git://git.qemu.org/qemu.git
+  https://git.qemu.org/?p=qemu.git
+
+      Branch: master
+   Broken in: v1.0
+   Broken in: v1.1.0
+   Broken in: v1.2.0
+   Broken in: v1.3.0
+   Broken in: v1.4.0
+   Broken in: v1.5.0
+   Broken in: v1.6.0
+   Broken in: v1.7.0
+   Broken in: v2.0.0
+   Broken in: v2.1.0
+   Broken in: v2.2.0
+   Broken in: v2.3.0
+   Broken in: v2.4.0
+   Broken in: v2.5.0
+   Broken in: v2.6.0
+   Broken in: v2.7.0
+   Broken in: v2.8.0
+   Broken in: v2.9.0
+   Broken in: v2.10.0
+   Broken in: v2.11.0
+   Broken in: v2.12.0
+   Broken in: v3.0.0
+    Fixed in: 
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+    Fixed by: 0caf499e2f26ae305a16ae2c4e7a2f295ddf64d1
+
+      Branch: stable-0.11
+   Broken in: v0.11.0
+   Broken in: v0.11.1
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
+      Branch: stable-0.12
+   Broken in: v0.12.0
+   Broken in: v0.12.1
+   Broken in: v0.12.2
+   Broken in: v0.12.3
+   Broken in: v0.12.4
+   Broken in: v0.12.5
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
+      Branch: stable-0.13
+   Broken in: v0.13.0
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
+      Branch: stable-0.14
+   Broken in: v0.14.0
+   Broken in: v0.14.1
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
+      Branch: stable-0.15
+   Broken in: v0.15.0
+   Broken in: v0.15.1
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
+      Branch: stable-1.0
+   Broken in: v1.0.1
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
+      Branch: stable-1.1
+   Broken in: v1.1.1
+   Broken in: v1.1.2
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
+      Branch: stable-1.2
+   Broken in: v1.2.1
+   Broken in: v1.2.2
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
+      Branch: stable-1.3
+   Broken in: v1.3.1
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
+      Branch: stable-1.4
+   Broken in: v1.4.1
+   Broken in: v1.4.2
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
+      Branch: stable-1.5
+   Broken in: v1.5.1
+   Broken in: v1.5.2
+   Broken in: v1.5.3
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
+      Branch: stable-1.6
+   Broken in: v1.6.1
+   Broken in: v1.6.2
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
+      Branch: stable-1.7
+   Broken in: v1.7.1
+   Broken in: v1.7.2
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
+      Branch: stable-2.0
+   Broken in: v2.0.1
+   Broken in: v2.0.2
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
+      Branch: stable-2.1
+   Broken in: v2.1.1
+   Broken in: v2.1.2
+   Broken in: v2.1.3
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
+      Branch: stable-2.2
+   Broken in: v2.2.1
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
+      Branch: stable-2.3
+   Broken in: v2.3.1
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
+      Branch: stable-2.4
+   Broken in: v2.4.0.1
+   Broken in: v2.4.1
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
+      Branch: stable-2.5
+   Broken in: v2.5.1
+   Broken in: v2.5.1.1
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
+      Branch: stable-2.6
+   Broken in: v2.6.1
+   Broken in: v2.6.2
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
+      Branch: stable-2.7
+   Broken in: v2.7.1
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
+      Branch: stable-2.8
+   Broken in: v2.8.1
+   Broken in: v2.8.1.1
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
+      Branch: stable-2.9
+   Broken in: v2.9.1
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
+      Branch: stable-2.10
+   Broken in: v2.10.1
+   Broken in: v2.10.2
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
+      Branch: stable-2.11
+   Broken in: v2.11.1
+   Broken in: v2.11.2
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
+      Branch: stable-2.12
+   Broken in: v2.12.1
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
diff --git a/secnotice/2018/006.html b/secnotice/2018/006.html
new file mode 100644
index 0000000..16039d4
--- /dev/null
+++ b/secnotice/2018/006.html
@@ -0,0 +1,1056 @@
+---
+title: 'QSN-2018-006: slirp buffer overflow assembling fragmented datastream'
+layout: secnotice
+permalink: /secnotice/2018/006
+---
+
+    <div xmlns="http://www.w3.org/1999/xhtml" id="main">
+  <div class="container">
+    <h2>slirp buffer overflow assembling fragmented datastream</h2>
+    <h3>Lifecycle</h3>
+    <table>
+      <tr>
+        <th>Reported on:</th>
+        <td>20180427</td>
+      </tr>
+      <tr>
+        <th>Published on:</th>
+        <td>20180605</td>
+      </tr>
+      <tr>
+        <th>Fixed on:</th>
+        <td>20180608</td>
+      </tr>
+    </table>
+    <h3>Credits</h3>
+    <table>
+      <tr>
+        <th>Reported by:</th>
+        <td>
+          <a href="mailto:zdi-disclosures@trendmicro.com">ZDI Disclosures</a>
+        </td>
+      </tr>
+      <tr>
+        <th>Patched by:</th>
+        <td>
+          <a href="mailto:pjp@fedoraproject.org">Prasad J Pandit</a>
+        </td>
+      </tr>
+    </table>
+    <h3>See also</h3>
+    <ul>
+      <li>
+        <a href="https://nvd.nist.gov/vuln/detail/CVE-2018-11806">CVE-2018-11806</a>
+      </li>
+    </ul>
+    <h3>Description</h3>
+    <p>
+A heap buffer overflow issue was found in the way Slirp networking back-end
+in QEMU processes fragmented packets. It could occur while reassembling the
+fragmented datagrams of an incoming packet.
+  </p>
+    <h3>Impact</h3>
+    <p>
+A privileged user/process inside guest could use this flaw to crash the QEMU
+process resulting in DoS OR potentially leverage it to execute arbitrary code
+on the host with privileges of the QEMU process.
+  </p>
+    <h3>Mitigation</h3>
+    <p>
+Replace use of the "user" network backend with an alternative choice
+  </p>
+    <p class="altformat">
+      Alternative formats:
+      <a href="/secnotice/2018/006.xml">[xml]</a> <a href="/secnotice/2018/006.txt">[text]</a></p>
+  </div>
+</div><div xmlns="http://www.w3.org/1999/xhtml" id="sidebar">
+  <div class="container">
+    <section>
+      <header>
+        <h2>Related commits</h2>
+      </header>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/master">master</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Fixed in:</th>
+            <td class="fixedtag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v3.0.0">v3.0.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Fixed by:</th>
+            <td class="fixedcommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=864036e251f54c99d31df124aad7f34f01f5344c">864036e251f54c99d31df124aad7f34f01f5344c</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Merged by:</th>
+            <td class="mergedcommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=bac5ba3dc5da706f52c149fa6c0bd1dc96899bec">bac5ba3dc5da706f52c149fa6c0bd1dc96899bec</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.6.0">v0.6.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.6.1">v0.6.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.7.0">v0.7.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.7.1">v0.7.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.8.1">v0.8.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.8.2">v0.8.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.9.0">v0.9.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.9.1">v0.9.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.0">v1.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.1.0">v1.1.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.2.0">v1.2.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.3.0">v1.3.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.4.0">v1.4.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.5.0">v1.5.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.6.0">v1.6.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.7.0">v1.7.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.0.0">v2.0.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.1.0">v2.1.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.2.0">v2.2.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.3.0">v2.3.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.4.0">v2.4.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.5.0">v2.5.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.6.0">v2.6.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.7.0">v2.7.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.8.0">v2.8.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.9.0">v2.9.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.10.0">v2.10.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.11.0">v2.11.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.12.0">v2.12.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=f0cbd3ec9f4a3de1a9ef94deda09704543889f44">f0cbd3ec9f4a3de1a9ef94deda09704543889f44</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-0.10">stable-0.10</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.10.0">v0.10.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.10.1">v0.10.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.10.2">v0.10.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.10.3">v0.10.3</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.10.4">v0.10.4</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.10.5">v0.10.5</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.10.6">v0.10.6</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=f0cbd3ec9f4a3de1a9ef94deda09704543889f44">f0cbd3ec9f4a3de1a9ef94deda09704543889f44</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-0.11">stable-0.11</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.11.0">v0.11.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.11.1">v0.11.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=f0cbd3ec9f4a3de1a9ef94deda09704543889f44">f0cbd3ec9f4a3de1a9ef94deda09704543889f44</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-0.12">stable-0.12</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.12.0">v0.12.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.12.1">v0.12.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.12.2">v0.12.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.12.3">v0.12.3</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.12.4">v0.12.4</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.12.5">v0.12.5</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=f0cbd3ec9f4a3de1a9ef94deda09704543889f44">f0cbd3ec9f4a3de1a9ef94deda09704543889f44</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-0.13">stable-0.13</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.13.0">v0.13.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=f0cbd3ec9f4a3de1a9ef94deda09704543889f44">f0cbd3ec9f4a3de1a9ef94deda09704543889f44</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-0.14">stable-0.14</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.14.0">v0.14.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.14.1">v0.14.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=f0cbd3ec9f4a3de1a9ef94deda09704543889f44">f0cbd3ec9f4a3de1a9ef94deda09704543889f44</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-0.15">stable-0.15</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.15.0">v0.15.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.15.1">v0.15.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=f0cbd3ec9f4a3de1a9ef94deda09704543889f44">f0cbd3ec9f4a3de1a9ef94deda09704543889f44</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.0">stable-1.0</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.0.1">v1.0.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=f0cbd3ec9f4a3de1a9ef94deda09704543889f44">f0cbd3ec9f4a3de1a9ef94deda09704543889f44</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.1">stable-1.1</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.1.1">v1.1.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.1.2">v1.1.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=f0cbd3ec9f4a3de1a9ef94deda09704543889f44">f0cbd3ec9f4a3de1a9ef94deda09704543889f44</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.2">stable-1.2</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.2.1">v1.2.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.2.2">v1.2.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=f0cbd3ec9f4a3de1a9ef94deda09704543889f44">f0cbd3ec9f4a3de1a9ef94deda09704543889f44</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.3">stable-1.3</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.3.1">v1.3.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=f0cbd3ec9f4a3de1a9ef94deda09704543889f44">f0cbd3ec9f4a3de1a9ef94deda09704543889f44</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.4">stable-1.4</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.4.1">v1.4.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.4.2">v1.4.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=f0cbd3ec9f4a3de1a9ef94deda09704543889f44">f0cbd3ec9f4a3de1a9ef94deda09704543889f44</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.5">stable-1.5</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.5.1">v1.5.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.5.2">v1.5.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.5.3">v1.5.3</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=f0cbd3ec9f4a3de1a9ef94deda09704543889f44">f0cbd3ec9f4a3de1a9ef94deda09704543889f44</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.6">stable-1.6</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.6.1">v1.6.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.6.2">v1.6.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=f0cbd3ec9f4a3de1a9ef94deda09704543889f44">f0cbd3ec9f4a3de1a9ef94deda09704543889f44</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.7">stable-1.7</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.7.1">v1.7.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.7.2">v1.7.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=f0cbd3ec9f4a3de1a9ef94deda09704543889f44">f0cbd3ec9f4a3de1a9ef94deda09704543889f44</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.0">stable-2.0</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.0.1">v2.0.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.0.2">v2.0.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=f0cbd3ec9f4a3de1a9ef94deda09704543889f44">f0cbd3ec9f4a3de1a9ef94deda09704543889f44</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.1">stable-2.1</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.1.1">v2.1.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.1.2">v2.1.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.1.3">v2.1.3</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=f0cbd3ec9f4a3de1a9ef94deda09704543889f44">f0cbd3ec9f4a3de1a9ef94deda09704543889f44</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.2">stable-2.2</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.2.1">v2.2.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=f0cbd3ec9f4a3de1a9ef94deda09704543889f44">f0cbd3ec9f4a3de1a9ef94deda09704543889f44</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.3">stable-2.3</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.3.1">v2.3.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=f0cbd3ec9f4a3de1a9ef94deda09704543889f44">f0cbd3ec9f4a3de1a9ef94deda09704543889f44</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.4">stable-2.4</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.4.0.1">v2.4.0.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.4.1">v2.4.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=f0cbd3ec9f4a3de1a9ef94deda09704543889f44">f0cbd3ec9f4a3de1a9ef94deda09704543889f44</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.5">stable-2.5</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.5.1">v2.5.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.5.1.1">v2.5.1.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=f0cbd3ec9f4a3de1a9ef94deda09704543889f44">f0cbd3ec9f4a3de1a9ef94deda09704543889f44</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.6">stable-2.6</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.6.1">v2.6.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.6.2">v2.6.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=f0cbd3ec9f4a3de1a9ef94deda09704543889f44">f0cbd3ec9f4a3de1a9ef94deda09704543889f44</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.7">stable-2.7</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.7.1">v2.7.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=f0cbd3ec9f4a3de1a9ef94deda09704543889f44">f0cbd3ec9f4a3de1a9ef94deda09704543889f44</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.8">stable-2.8</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.8.1">v2.8.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.8.1.1">v2.8.1.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=f0cbd3ec9f4a3de1a9ef94deda09704543889f44">f0cbd3ec9f4a3de1a9ef94deda09704543889f44</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.9">stable-2.9</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.9.1">v2.9.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=f0cbd3ec9f4a3de1a9ef94deda09704543889f44">f0cbd3ec9f4a3de1a9ef94deda09704543889f44</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.10">stable-2.10</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.10.1">v2.10.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.10.2">v2.10.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=f0cbd3ec9f4a3de1a9ef94deda09704543889f44">f0cbd3ec9f4a3de1a9ef94deda09704543889f44</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.11">stable-2.11</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.11.1">v2.11.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.11.2">v2.11.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=f0cbd3ec9f4a3de1a9ef94deda09704543889f44">f0cbd3ec9f4a3de1a9ef94deda09704543889f44</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.12">stable-2.12</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.12.1">v2.12.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=f0cbd3ec9f4a3de1a9ef94deda09704543889f44">f0cbd3ec9f4a3de1a9ef94deda09704543889f44</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+    </section>
+  </div>
+</div>
diff --git a/secnotice/2018/006.txt b/secnotice/2018/006.txt
new file mode 100644
index 0000000..cbb2b8d
--- /dev/null
+++ b/secnotice/2018/006.txt
@@ -0,0 +1,210 @@
+        QEMU Security Notice: QSN-2018-006
+        ==================================
+
+       Summary: slirp buffer overflow assembling fragmented
+                datastream
+   Reported on: 20180427
+  Published on: 20180605
+      Fixed on: 20180608
+   Reported by: ZDI Disclosures <zdi-disclosures@trendmicro.com>
+    Patched by: Prasad J Pandit <pjp@fedoraproject.org>
+      See also: CVE-2018-11806
+
+Description
+-----------
+
+A heap buffer overflow issue was found in the way Slirp networking
+back-end in QEMU processes fragmented packets. It could occur while
+reassembling the fragmented datagrams of an incoming packet.
+
+Impact
+------
+
+A privileged user/process inside guest could use this flaw to crash
+the QEMU process resulting in DoS OR potentially leverage it to
+execute arbitrary code on the host with privileges of the QEMU
+process.
+
+Mitigation
+----------
+
+Replace use of the "user" network backend with an alternative choice
+
+Related commits
+----------------
+
+  git://git.qemu.org/qemu.git
+  https://git.qemu.org/?p=qemu.git
+
+      Branch: master
+   Broken in: v0.6.0
+   Broken in: v0.6.1
+   Broken in: v0.7.0
+   Broken in: v0.7.1
+   Broken in: v0.8.1
+   Broken in: v0.8.2
+   Broken in: v0.9.0
+   Broken in: v0.9.1
+   Broken in: v1.0
+   Broken in: v1.1.0
+   Broken in: v1.2.0
+   Broken in: v1.3.0
+   Broken in: v1.4.0
+   Broken in: v1.5.0
+   Broken in: v1.6.0
+   Broken in: v1.7.0
+   Broken in: v2.0.0
+   Broken in: v2.1.0
+   Broken in: v2.2.0
+   Broken in: v2.3.0
+   Broken in: v2.4.0
+   Broken in: v2.5.0
+   Broken in: v2.6.0
+   Broken in: v2.7.0
+   Broken in: v2.8.0
+   Broken in: v2.9.0
+   Broken in: v2.10.0
+   Broken in: v2.11.0
+   Broken in: v2.12.0
+    Fixed in: v3.0.0
+   Broken by: f0cbd3ec9f4a3de1a9ef94deda09704543889f44
+    Fixed by: 864036e251f54c99d31df124aad7f34f01f5344c
+
+      Branch: stable-0.10
+   Broken in: v0.10.0
+   Broken in: v0.10.1
+   Broken in: v0.10.2
+   Broken in: v0.10.3
+   Broken in: v0.10.4
+   Broken in: v0.10.5
+   Broken in: v0.10.6
+   Broken by: f0cbd3ec9f4a3de1a9ef94deda09704543889f44
+
+      Branch: stable-0.11
+   Broken in: v0.11.0
+   Broken in: v0.11.1
+   Broken by: f0cbd3ec9f4a3de1a9ef94deda09704543889f44
+
+      Branch: stable-0.12
+   Broken in: v0.12.0
+   Broken in: v0.12.1
+   Broken in: v0.12.2
+   Broken in: v0.12.3
+   Broken in: v0.12.4
+   Broken in: v0.12.5
+   Broken by: f0cbd3ec9f4a3de1a9ef94deda09704543889f44
+
+      Branch: stable-0.13
+   Broken in: v0.13.0
+   Broken by: f0cbd3ec9f4a3de1a9ef94deda09704543889f44
+
+      Branch: stable-0.14
+   Broken in: v0.14.0
+   Broken in: v0.14.1
+   Broken by: f0cbd3ec9f4a3de1a9ef94deda09704543889f44
+
+      Branch: stable-0.15
+   Broken in: v0.15.0
+   Broken in: v0.15.1
+   Broken by: f0cbd3ec9f4a3de1a9ef94deda09704543889f44
+
+      Branch: stable-1.0
+   Broken in: v1.0.1
+   Broken by: f0cbd3ec9f4a3de1a9ef94deda09704543889f44
+
+      Branch: stable-1.1
+   Broken in: v1.1.1
+   Broken in: v1.1.2
+   Broken by: f0cbd3ec9f4a3de1a9ef94deda09704543889f44
+
+      Branch: stable-1.2
+   Broken in: v1.2.1
+   Broken in: v1.2.2
+   Broken by: f0cbd3ec9f4a3de1a9ef94deda09704543889f44
+
+      Branch: stable-1.3
+   Broken in: v1.3.1
+   Broken by: f0cbd3ec9f4a3de1a9ef94deda09704543889f44
+
+      Branch: stable-1.4
+   Broken in: v1.4.1
+   Broken in: v1.4.2
+   Broken by: f0cbd3ec9f4a3de1a9ef94deda09704543889f44
+
+      Branch: stable-1.5
+   Broken in: v1.5.1
+   Broken in: v1.5.2
+   Broken in: v1.5.3
+   Broken by: f0cbd3ec9f4a3de1a9ef94deda09704543889f44
+
+      Branch: stable-1.6
+   Broken in: v1.6.1
+   Broken in: v1.6.2
+   Broken by: f0cbd3ec9f4a3de1a9ef94deda09704543889f44
+
+      Branch: stable-1.7
+   Broken in: v1.7.1
+   Broken in: v1.7.2
+   Broken by: f0cbd3ec9f4a3de1a9ef94deda09704543889f44
+
+      Branch: stable-2.0
+   Broken in: v2.0.1
+   Broken in: v2.0.2
+   Broken by: f0cbd3ec9f4a3de1a9ef94deda09704543889f44
+
+      Branch: stable-2.1
+   Broken in: v2.1.1
+   Broken in: v2.1.2
+   Broken in: v2.1.3
+   Broken by: f0cbd3ec9f4a3de1a9ef94deda09704543889f44
+
+      Branch: stable-2.2
+   Broken in: v2.2.1
+   Broken by: f0cbd3ec9f4a3de1a9ef94deda09704543889f44
+
+      Branch: stable-2.3
+   Broken in: v2.3.1
+   Broken by: f0cbd3ec9f4a3de1a9ef94deda09704543889f44
+
+      Branch: stable-2.4
+   Broken in: v2.4.0.1
+   Broken in: v2.4.1
+   Broken by: f0cbd3ec9f4a3de1a9ef94deda09704543889f44
+
+      Branch: stable-2.5
+   Broken in: v2.5.1
+   Broken in: v2.5.1.1
+   Broken by: f0cbd3ec9f4a3de1a9ef94deda09704543889f44
+
+      Branch: stable-2.6
+   Broken in: v2.6.1
+   Broken in: v2.6.2
+   Broken by: f0cbd3ec9f4a3de1a9ef94deda09704543889f44
+
+      Branch: stable-2.7
+   Broken in: v2.7.1
+   Broken by: f0cbd3ec9f4a3de1a9ef94deda09704543889f44
+
+      Branch: stable-2.8
+   Broken in: v2.8.1
+   Broken in: v2.8.1.1
+   Broken by: f0cbd3ec9f4a3de1a9ef94deda09704543889f44
+
+      Branch: stable-2.9
+   Broken in: v2.9.1
+   Broken by: f0cbd3ec9f4a3de1a9ef94deda09704543889f44
+
+      Branch: stable-2.10
+   Broken in: v2.10.1
+   Broken in: v2.10.2
+   Broken by: f0cbd3ec9f4a3de1a9ef94deda09704543889f44
+
+      Branch: stable-2.11
+   Broken in: v2.11.1
+   Broken in: v2.11.2
+   Broken by: f0cbd3ec9f4a3de1a9ef94deda09704543889f44
+
+      Branch: stable-2.12
+   Broken in: v2.12.1
+   Broken by: f0cbd3ec9f4a3de1a9ef94deda09704543889f44
+
diff --git a/secnotice/2018/007.html b/secnotice/2018/007.html
new file mode 100644
index 0000000..3084493
--- /dev/null
+++ b/secnotice/2018/007.html
@@ -0,0 +1,820 @@
+---
+title: 'QSN-2018-007: qemu-guest-agent integer overflow reading guest file'
+layout: secnotice
+permalink: /secnotice/2018/007
+---
+
+    <div xmlns="http://www.w3.org/1999/xhtml" id="main">
+  <div class="container">
+    <h2>qemu-guest-agent integer overflow reading guest file</h2>
+    <h3>Lifecycle</h3>
+    <table>
+      <tr>
+        <th>Reported on:</th>
+        <td>20180622</td>
+      </tr>
+      <tr>
+        <th>Published on:</th>
+        <td>20180622</td>
+      </tr>
+      <tr>
+        <th>Fixed on:</th>
+        <td>20180705</td>
+      </tr>
+    </table>
+    <h3>Credits</h3>
+    <table>
+      <tr>
+        <th>Reported by:</th>
+        <td>
+          <a href="mailto:mohdfakhrizulkifli@gmail.com">Fakhri Zulkifli</a>
+        </td>
+      </tr>
+      <tr>
+        <th>Patched by:</th>
+        <td>
+          <a href="mailto:pjp@fedoraproject.org">Prasad J Pandit</a>
+        </td>
+      </tr>
+    </table>
+    <h3>See also</h3>
+    <ul>
+      <li>
+        <a href="https://nvd.nist.gov/vuln/detail/CVE-2018-12617">CVE-2018-12617</a>
+      </li>
+    </ul>
+    <h3>Description</h3>
+    <p>
+The QEMU Guest Agent in QEMU is vulnerable to an integer overflow in the 
+qmp_guest_file_read(). An attacker could exploit this by sending a crafted QMP 
+command (including guest-file-read with a large count value) to the agent via 
+the listening socket to trigger a g_malloc() call with a large memory chunk 
+resulting in a segmentation fault.
+  </p>
+    <h3>Impact</h3>
+    <p>
+A user could use this flaw to crash the QEMU guest agent process resulting in DoS.
+  </p>
+    <h3>Mitigation</h3>
+    <p>
+Disable the QEMU guest agent or blacklist the guest-file-read command
+  </p>
+    <p class="altformat">
+      Alternative formats:
+      <a href="/secnotice/2018/007.xml">[xml]</a> <a href="/secnotice/2018/007.txt">[text]</a></p>
+  </div>
+</div><div xmlns="http://www.w3.org/1999/xhtml" id="sidebar">
+  <div class="container">
+    <section>
+      <header>
+        <h2>Related commits</h2>
+      </header>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/master">master</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Fixed in:</th>
+            <td class="fixedtag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v3.0.0">v3.0.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Fixed by:</th>
+            <td class="fixedcommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=141b197408ab398c4f474ac1a728ab316e921f2b">141b197408ab398c4f474ac1a728ab316e921f2b</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Merged by:</th>
+            <td class="mergedcommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=8beb8cc64da2868acec270e4becb9fea8f9093dc">8beb8cc64da2868acec270e4becb9fea8f9093dc</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.0">v1.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.1.0">v1.1.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.2.0">v1.2.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.3.0">v1.3.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.4.0">v1.4.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.5.0">v1.5.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.6.0">v1.6.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.7.0">v1.7.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.0.0">v2.0.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.1.0">v2.1.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.2.0">v2.2.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.3.0">v2.3.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.4.0">v2.4.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.5.0">v2.5.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.6.0">v2.6.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.7.0">v2.7.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.8.0">v2.8.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.9.0">v2.9.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.10.0">v2.10.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.11.0">v2.11.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.12.0">v2.12.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e3d4d25206a13ca48936e4357a53591997ce6d57">e3d4d25206a13ca48936e4357a53591997ce6d57</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-0.15">stable-0.15</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.15.0">v0.15.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.15.1">v0.15.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e3d4d25206a13ca48936e4357a53591997ce6d57">e3d4d25206a13ca48936e4357a53591997ce6d57</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.0">stable-1.0</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.0.1">v1.0.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e3d4d25206a13ca48936e4357a53591997ce6d57">e3d4d25206a13ca48936e4357a53591997ce6d57</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.1">stable-1.1</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.1.1">v1.1.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.1.2">v1.1.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e3d4d25206a13ca48936e4357a53591997ce6d57">e3d4d25206a13ca48936e4357a53591997ce6d57</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.2">stable-1.2</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.2.1">v1.2.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.2.2">v1.2.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e3d4d25206a13ca48936e4357a53591997ce6d57">e3d4d25206a13ca48936e4357a53591997ce6d57</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.3">stable-1.3</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.3.1">v1.3.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e3d4d25206a13ca48936e4357a53591997ce6d57">e3d4d25206a13ca48936e4357a53591997ce6d57</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.4">stable-1.4</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.4.1">v1.4.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.4.2">v1.4.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e3d4d25206a13ca48936e4357a53591997ce6d57">e3d4d25206a13ca48936e4357a53591997ce6d57</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.5">stable-1.5</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.5.1">v1.5.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.5.2">v1.5.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.5.3">v1.5.3</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e3d4d25206a13ca48936e4357a53591997ce6d57">e3d4d25206a13ca48936e4357a53591997ce6d57</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.6">stable-1.6</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.6.1">v1.6.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.6.2">v1.6.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e3d4d25206a13ca48936e4357a53591997ce6d57">e3d4d25206a13ca48936e4357a53591997ce6d57</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.7">stable-1.7</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.7.1">v1.7.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.7.2">v1.7.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e3d4d25206a13ca48936e4357a53591997ce6d57">e3d4d25206a13ca48936e4357a53591997ce6d57</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.0">stable-2.0</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.0.1">v2.0.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.0.2">v2.0.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e3d4d25206a13ca48936e4357a53591997ce6d57">e3d4d25206a13ca48936e4357a53591997ce6d57</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.1">stable-2.1</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.1.1">v2.1.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.1.2">v2.1.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.1.3">v2.1.3</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e3d4d25206a13ca48936e4357a53591997ce6d57">e3d4d25206a13ca48936e4357a53591997ce6d57</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.2">stable-2.2</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.2.1">v2.2.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e3d4d25206a13ca48936e4357a53591997ce6d57">e3d4d25206a13ca48936e4357a53591997ce6d57</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.3">stable-2.3</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.3.1">v2.3.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e3d4d25206a13ca48936e4357a53591997ce6d57">e3d4d25206a13ca48936e4357a53591997ce6d57</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.4">stable-2.4</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.4.0.1">v2.4.0.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.4.1">v2.4.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e3d4d25206a13ca48936e4357a53591997ce6d57">e3d4d25206a13ca48936e4357a53591997ce6d57</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.5">stable-2.5</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.5.1">v2.5.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.5.1.1">v2.5.1.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e3d4d25206a13ca48936e4357a53591997ce6d57">e3d4d25206a13ca48936e4357a53591997ce6d57</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.6">stable-2.6</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.6.1">v2.6.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.6.2">v2.6.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e3d4d25206a13ca48936e4357a53591997ce6d57">e3d4d25206a13ca48936e4357a53591997ce6d57</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.7">stable-2.7</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.7.1">v2.7.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e3d4d25206a13ca48936e4357a53591997ce6d57">e3d4d25206a13ca48936e4357a53591997ce6d57</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.8">stable-2.8</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.8.1">v2.8.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.8.1.1">v2.8.1.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e3d4d25206a13ca48936e4357a53591997ce6d57">e3d4d25206a13ca48936e4357a53591997ce6d57</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.9">stable-2.9</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.9.1">v2.9.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e3d4d25206a13ca48936e4357a53591997ce6d57">e3d4d25206a13ca48936e4357a53591997ce6d57</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.10">stable-2.10</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.10.1">v2.10.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.10.2">v2.10.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e3d4d25206a13ca48936e4357a53591997ce6d57">e3d4d25206a13ca48936e4357a53591997ce6d57</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.11">stable-2.11</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.11.1">v2.11.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.11.2">v2.11.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e3d4d25206a13ca48936e4357a53591997ce6d57">e3d4d25206a13ca48936e4357a53591997ce6d57</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.12">stable-2.12</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.12.1">v2.12.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=e3d4d25206a13ca48936e4357a53591997ce6d57">e3d4d25206a13ca48936e4357a53591997ce6d57</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+    </section>
+  </div>
+</div>
diff --git a/secnotice/2018/007.txt b/secnotice/2018/007.txt
new file mode 100644
index 0000000..5bbb6cc
--- /dev/null
+++ b/secnotice/2018/007.txt
@@ -0,0 +1,169 @@
+        QEMU Security Notice: QSN-2018-007
+        ==================================
+
+       Summary: qemu-guest-agent integer overflow reading guest
+                file
+   Reported on: 20180622
+  Published on: 20180622
+      Fixed on: 20180705
+   Reported by: Fakhri Zulkifli <mohdfakhrizulkifli@gmail.com>
+    Patched by: Prasad J Pandit <pjp@fedoraproject.org>
+      See also: CVE-2018-12617
+
+Description
+-----------
+
+The QEMU Guest Agent in QEMU is vulnerable to an integer overflow in
+the qmp_guest_file_read(). An attacker could exploit this by sending
+a crafted QMP command (including guest-file-read with a large count
+value) to the agent via the listening socket to trigger a g_malloc()
+call with a large memory chunk resulting in a segmentation fault.
+
+Impact
+------
+
+A user could use this flaw to crash the QEMU guest agent process
+resulting in DoS.
+
+Mitigation
+----------
+
+Disable the QEMU guest agent or blacklist the guest-file-read command
+
+Related commits
+----------------
+
+  git://git.qemu.org/qemu.git
+  https://git.qemu.org/?p=qemu.git
+
+      Branch: master
+   Broken in: v1.0
+   Broken in: v1.1.0
+   Broken in: v1.2.0
+   Broken in: v1.3.0
+   Broken in: v1.4.0
+   Broken in: v1.5.0
+   Broken in: v1.6.0
+   Broken in: v1.7.0
+   Broken in: v2.0.0
+   Broken in: v2.1.0
+   Broken in: v2.2.0
+   Broken in: v2.3.0
+   Broken in: v2.4.0
+   Broken in: v2.5.0
+   Broken in: v2.6.0
+   Broken in: v2.7.0
+   Broken in: v2.8.0
+   Broken in: v2.9.0
+   Broken in: v2.10.0
+   Broken in: v2.11.0
+   Broken in: v2.12.0
+    Fixed in: v3.0.0
+   Broken by: e3d4d25206a13ca48936e4357a53591997ce6d57
+    Fixed by: 141b197408ab398c4f474ac1a728ab316e921f2b
+
+      Branch: stable-0.15
+   Broken in: v0.15.0
+   Broken in: v0.15.1
+   Broken by: e3d4d25206a13ca48936e4357a53591997ce6d57
+
+      Branch: stable-1.0
+   Broken in: v1.0.1
+   Broken by: e3d4d25206a13ca48936e4357a53591997ce6d57
+
+      Branch: stable-1.1
+   Broken in: v1.1.1
+   Broken in: v1.1.2
+   Broken by: e3d4d25206a13ca48936e4357a53591997ce6d57
+
+      Branch: stable-1.2
+   Broken in: v1.2.1
+   Broken in: v1.2.2
+   Broken by: e3d4d25206a13ca48936e4357a53591997ce6d57
+
+      Branch: stable-1.3
+   Broken in: v1.3.1
+   Broken by: e3d4d25206a13ca48936e4357a53591997ce6d57
+
+      Branch: stable-1.4
+   Broken in: v1.4.1
+   Broken in: v1.4.2
+   Broken by: e3d4d25206a13ca48936e4357a53591997ce6d57
+
+      Branch: stable-1.5
+   Broken in: v1.5.1
+   Broken in: v1.5.2
+   Broken in: v1.5.3
+   Broken by: e3d4d25206a13ca48936e4357a53591997ce6d57
+
+      Branch: stable-1.6
+   Broken in: v1.6.1
+   Broken in: v1.6.2
+   Broken by: e3d4d25206a13ca48936e4357a53591997ce6d57
+
+      Branch: stable-1.7
+   Broken in: v1.7.1
+   Broken in: v1.7.2
+   Broken by: e3d4d25206a13ca48936e4357a53591997ce6d57
+
+      Branch: stable-2.0
+   Broken in: v2.0.1
+   Broken in: v2.0.2
+   Broken by: e3d4d25206a13ca48936e4357a53591997ce6d57
+
+      Branch: stable-2.1
+   Broken in: v2.1.1
+   Broken in: v2.1.2
+   Broken in: v2.1.3
+   Broken by: e3d4d25206a13ca48936e4357a53591997ce6d57
+
+      Branch: stable-2.2
+   Broken in: v2.2.1
+   Broken by: e3d4d25206a13ca48936e4357a53591997ce6d57
+
+      Branch: stable-2.3
+   Broken in: v2.3.1
+   Broken by: e3d4d25206a13ca48936e4357a53591997ce6d57
+
+      Branch: stable-2.4
+   Broken in: v2.4.0.1
+   Broken in: v2.4.1
+   Broken by: e3d4d25206a13ca48936e4357a53591997ce6d57
+
+      Branch: stable-2.5
+   Broken in: v2.5.1
+   Broken in: v2.5.1.1
+   Broken by: e3d4d25206a13ca48936e4357a53591997ce6d57
+
+      Branch: stable-2.6
+   Broken in: v2.6.1
+   Broken in: v2.6.2
+   Broken by: e3d4d25206a13ca48936e4357a53591997ce6d57
+
+      Branch: stable-2.7
+   Broken in: v2.7.1
+   Broken by: e3d4d25206a13ca48936e4357a53591997ce6d57
+
+      Branch: stable-2.8
+   Broken in: v2.8.1
+   Broken in: v2.8.1.1
+   Broken by: e3d4d25206a13ca48936e4357a53591997ce6d57
+
+      Branch: stable-2.9
+   Broken in: v2.9.1
+   Broken by: e3d4d25206a13ca48936e4357a53591997ce6d57
+
+      Branch: stable-2.10
+   Broken in: v2.10.1
+   Broken in: v2.10.2
+   Broken by: e3d4d25206a13ca48936e4357a53591997ce6d57
+
+      Branch: stable-2.11
+   Broken in: v2.11.1
+   Broken in: v2.11.2
+   Broken by: e3d4d25206a13ca48936e4357a53591997ce6d57
+
+      Branch: stable-2.12
+   Broken in: v2.12.1
+   Broken by: e3d4d25206a13ca48936e4357a53591997ce6d57
+
diff --git a/secnotice/2018/008.html b/secnotice/2018/008.html
new file mode 100644
index 0000000..68b326e
--- /dev/null
+++ b/secnotice/2018/008.html
@@ -0,0 +1,952 @@
+---
+title: 'QSN-2018-008: rtl8139 integer overflow accessing buffer'
+layout: secnotice
+permalink: /secnotice/2018/008
+---
+
+    <div xmlns="http://www.w3.org/1999/xhtml" id="main">
+  <div class="container">
+    <h2>rtl8139 integer overflow accessing buffer</h2>
+    <h3>Lifecycle</h3>
+    <table>
+      <tr>
+        <th>Reported on:</th>
+        <td>20180521</td>
+      </tr>
+      <tr>
+        <th>Published on:</th>
+        <td>20180926</td>
+      </tr>
+      <tr>
+        <th>Fixed on:</th>
+        <td/>
+      </tr>
+    </table>
+    <h3>Credits</h3>
+    <table>
+      <tr>
+        <th>Reported by:</th>
+        <td>
+          <a href="mailto:daniel@twistlock.com">Daniel Shapira</a>
+        </td>
+      </tr>
+      <tr>
+        <th>Patched by:</th>
+        <td>
+          <a href="mailto:jasonwang@redhat.com">Jason Wang</a>
+        </td>
+      </tr>
+    </table>
+    <h3>See also</h3>
+    <ul>
+      <li>
+        <a href="https://nvd.nist.gov/vuln/detail/CVE-2018-17958">CVE-2018-17958</a>
+      </li>
+    </ul>
+    <h3>Description</h3>
+    <p>
+Qemu emulator built with the RTL8139 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network.
+  </p>
+    <h3>Impact</h3>
+    <p>
+A user inside guest could use this flaw to crash the Qemu process resulting in DoS.
+  </p>
+    <h3>Mitigation</h3>
+    <p>
+Replace use of the RTL8139 network adapter with an alternative model
+  </p>
+    <p class="altformat">
+      Alternative formats:
+      <a href="/secnotice/2018/008.xml">[xml]</a> <a href="/secnotice/2018/008.txt">[text]</a></p>
+  </div>
+</div><div xmlns="http://www.w3.org/1999/xhtml" id="sidebar">
+  <div class="container">
+    <section>
+      <header>
+        <h2>Related commits</h2>
+      </header>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/master">master</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Fixed in:</th>
+            <td class="fixedtag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h="/>
+            </td>
+          </tr>
+          <tr>
+            <th>Fixed by:</th>
+            <td class="fixedcommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=784b912f722bc86126b290c00de72c1bc8d34950">784b912f722bc86126b290c00de72c1bc8d34950</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Merged by:</th>
+            <td class="mergedcommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h="/>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.0">v1.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.1.0">v1.1.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.2.0">v1.2.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.3.0">v1.3.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.4.0">v1.4.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.5.0">v1.5.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.6.0">v1.6.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.7.0">v1.7.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.0.0">v2.0.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.1.0">v2.1.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.2.0">v2.2.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.3.0">v2.3.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.4.0">v2.4.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.5.0">v2.5.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.6.0">v2.6.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.7.0">v2.7.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.8.0">v2.8.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.9.0">v2.9.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.10.0">v2.10.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.11.0">v2.11.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.12.0">v2.12.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v3.0.0">v3.0.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-0.11">stable-0.11</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.11.0">v0.11.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.11.1">v0.11.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-0.12">stable-0.12</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.12.0">v0.12.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.12.1">v0.12.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.12.2">v0.12.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.12.3">v0.12.3</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.12.4">v0.12.4</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.12.5">v0.12.5</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-0.13">stable-0.13</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.13.0">v0.13.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-0.14">stable-0.14</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.14.0">v0.14.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.14.1">v0.14.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-0.15">stable-0.15</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.15.0">v0.15.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.15.1">v0.15.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.0">stable-1.0</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.0.1">v1.0.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.1">stable-1.1</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.1.1">v1.1.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.1.2">v1.1.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.2">stable-1.2</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.2.1">v1.2.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.2.2">v1.2.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.3">stable-1.3</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.3.1">v1.3.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.4">stable-1.4</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.4.1">v1.4.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.4.2">v1.4.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.5">stable-1.5</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.5.1">v1.5.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.5.2">v1.5.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.5.3">v1.5.3</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.6">stable-1.6</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.6.1">v1.6.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.6.2">v1.6.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.7">stable-1.7</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.7.1">v1.7.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.7.2">v1.7.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.0">stable-2.0</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.0.1">v2.0.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.0.2">v2.0.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.1">stable-2.1</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.1.1">v2.1.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.1.2">v2.1.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.1.3">v2.1.3</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.2">stable-2.2</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.2.1">v2.2.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.3">stable-2.3</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.3.1">v2.3.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.4">stable-2.4</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.4.0.1">v2.4.0.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.4.1">v2.4.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.5">stable-2.5</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.5.1">v2.5.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.5.1.1">v2.5.1.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.6">stable-2.6</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.6.1">v2.6.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.6.2">v2.6.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.7">stable-2.7</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.7.1">v2.7.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.8">stable-2.8</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.8.1">v2.8.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.8.1.1">v2.8.1.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.9">stable-2.9</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.9.1">v2.9.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.10">stable-2.10</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.10.1">v2.10.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.10.2">v2.10.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.11">stable-2.11</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.11.1">v2.11.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.11.2">v2.11.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.12">stable-2.12</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.12.1">v2.12.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+    </section>
+  </div>
+</div>
diff --git a/secnotice/2018/008.txt b/secnotice/2018/008.txt
new file mode 100644
index 0000000..d05705b
--- /dev/null
+++ b/secnotice/2018/008.txt
@@ -0,0 +1,191 @@
+        QEMU Security Notice: QSN-2018-008
+        ==================================
+
+       Summary: rtl8139 integer overflow accessing buffer
+   Reported on: 20180521
+  Published on: 20180926
+      Fixed on: 
+   Reported by: Daniel Shapira <daniel@twistlock.com>
+    Patched by: Jason Wang <jasonwang@redhat.com>
+      See also: CVE-2018-17958
+
+Description
+-----------
+
+Qemu emulator built with the RTL8139 NIC emulation support is
+vulnerable to an integer overflow, which could lead to buffer
+overflow issue. It could occur when receiving packets over the
+network.
+
+Impact
+------
+
+A user inside guest could use this flaw to crash the Qemu process
+resulting in DoS.
+
+Mitigation
+----------
+
+Replace use of the RTL8139 network adapter with an alternative model
+
+Related commits
+----------------
+
+  git://git.qemu.org/qemu.git
+  https://git.qemu.org/?p=qemu.git
+
+      Branch: master
+   Broken in: v1.0
+   Broken in: v1.1.0
+   Broken in: v1.2.0
+   Broken in: v1.3.0
+   Broken in: v1.4.0
+   Broken in: v1.5.0
+   Broken in: v1.6.0
+   Broken in: v1.7.0
+   Broken in: v2.0.0
+   Broken in: v2.1.0
+   Broken in: v2.2.0
+   Broken in: v2.3.0
+   Broken in: v2.4.0
+   Broken in: v2.5.0
+   Broken in: v2.6.0
+   Broken in: v2.7.0
+   Broken in: v2.8.0
+   Broken in: v2.9.0
+   Broken in: v2.10.0
+   Broken in: v2.11.0
+   Broken in: v2.12.0
+   Broken in: v3.0.0
+    Fixed in: 
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+    Fixed by: 784b912f722bc86126b290c00de72c1bc8d34950
+
+      Branch: stable-0.11
+   Broken in: v0.11.0
+   Broken in: v0.11.1
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
+      Branch: stable-0.12
+   Broken in: v0.12.0
+   Broken in: v0.12.1
+   Broken in: v0.12.2
+   Broken in: v0.12.3
+   Broken in: v0.12.4
+   Broken in: v0.12.5
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
+      Branch: stable-0.13
+   Broken in: v0.13.0
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
+      Branch: stable-0.14
+   Broken in: v0.14.0
+   Broken in: v0.14.1
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
+      Branch: stable-0.15
+   Broken in: v0.15.0
+   Broken in: v0.15.1
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
+      Branch: stable-1.0
+   Broken in: v1.0.1
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
+      Branch: stable-1.1
+   Broken in: v1.1.1
+   Broken in: v1.1.2
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
+      Branch: stable-1.2
+   Broken in: v1.2.1
+   Broken in: v1.2.2
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
+      Branch: stable-1.3
+   Broken in: v1.3.1
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
+      Branch: stable-1.4
+   Broken in: v1.4.1
+   Broken in: v1.4.2
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
+      Branch: stable-1.5
+   Broken in: v1.5.1
+   Broken in: v1.5.2
+   Broken in: v1.5.3
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
+      Branch: stable-1.6
+   Broken in: v1.6.1
+   Broken in: v1.6.2
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
+      Branch: stable-1.7
+   Broken in: v1.7.1
+   Broken in: v1.7.2
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
+      Branch: stable-2.0
+   Broken in: v2.0.1
+   Broken in: v2.0.2
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
+      Branch: stable-2.1
+   Broken in: v2.1.1
+   Broken in: v2.1.2
+   Broken in: v2.1.3
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
+      Branch: stable-2.2
+   Broken in: v2.2.1
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
+      Branch: stable-2.3
+   Broken in: v2.3.1
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
+      Branch: stable-2.4
+   Broken in: v2.4.0.1
+   Broken in: v2.4.1
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
+      Branch: stable-2.5
+   Broken in: v2.5.1
+   Broken in: v2.5.1.1
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
+      Branch: stable-2.6
+   Broken in: v2.6.1
+   Broken in: v2.6.2
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
+      Branch: stable-2.7
+   Broken in: v2.7.1
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
+      Branch: stable-2.8
+   Broken in: v2.8.1
+   Broken in: v2.8.1.1
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
+      Branch: stable-2.9
+   Broken in: v2.9.1
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
+      Branch: stable-2.10
+   Broken in: v2.10.1
+   Broken in: v2.10.2
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
+      Branch: stable-2.11
+   Broken in: v2.11.1
+   Broken in: v2.11.2
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
+      Branch: stable-2.12
+   Broken in: v2.12.1
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
diff --git a/secnotice/2018/009.html b/secnotice/2018/009.html
new file mode 100644
index 0000000..327b022
--- /dev/null
+++ b/secnotice/2018/009.html
@@ -0,0 +1,952 @@
+---
+title: 'QSN-2018-009: pcnet integer overflow accessing buffer'
+layout: secnotice
+permalink: /secnotice/2018/009
+---
+
+    <div xmlns="http://www.w3.org/1999/xhtml" id="main">
+  <div class="container">
+    <h2>pcnet integer overflow accessing buffer</h2>
+    <h3>Lifecycle</h3>
+    <table>
+      <tr>
+        <th>Reported on:</th>
+        <td>20180521</td>
+      </tr>
+      <tr>
+        <th>Published on:</th>
+        <td>20180926</td>
+      </tr>
+      <tr>
+        <th>Fixed on:</th>
+        <td/>
+      </tr>
+    </table>
+    <h3>Credits</h3>
+    <table>
+      <tr>
+        <th>Reported by:</th>
+        <td>
+          <a href="mailto:daniel@twistlock.com">Daniel Shapira</a>
+        </td>
+      </tr>
+      <tr>
+        <th>Patched by:</th>
+        <td>
+          <a href="mailto:jasonwang@redhat.com">Jason Wang</a>
+        </td>
+      </tr>
+    </table>
+    <h3>See also</h3>
+    <ul>
+      <li>
+        <a href="https://nvd.nist.gov/vuln/detail/CVE-2018-17962">CVE-2018-17962</a>
+      </li>
+    </ul>
+    <h3>Description</h3>
+    <p>
+Qemu emulator built with the AMD PC-Net II (Am79C970A) emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network.
+  </p>
+    <h3>Impact</h3>
+    <p>
+A user inside guest could use this flaw to crash the Qemu process resulting in DoS.
+  </p>
+    <h3>Mitigation</h3>
+    <p>
+Replace use of the AMD PC-Net II network adapter with an alternative model
+  </p>
+    <p class="altformat">
+      Alternative formats:
+      <a href="/secnotice/2018/009.xml">[xml]</a> <a href="/secnotice/2018/009.txt">[text]</a></p>
+  </div>
+</div><div xmlns="http://www.w3.org/1999/xhtml" id="sidebar">
+  <div class="container">
+    <section>
+      <header>
+        <h2>Related commits</h2>
+      </header>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/master">master</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Fixed in:</th>
+            <td class="fixedtag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h="/>
+            </td>
+          </tr>
+          <tr>
+            <th>Fixed by:</th>
+            <td class="fixedcommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=2fc84f6b39577ccd6fd57bdd270902f5098c3a88">2fc84f6b39577ccd6fd57bdd270902f5098c3a88</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Merged by:</th>
+            <td class="mergedcommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h="/>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.0">v1.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.1.0">v1.1.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.2.0">v1.2.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.3.0">v1.3.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.4.0">v1.4.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.5.0">v1.5.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.6.0">v1.6.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.7.0">v1.7.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.0.0">v2.0.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.1.0">v2.1.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.2.0">v2.2.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.3.0">v2.3.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.4.0">v2.4.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.5.0">v2.5.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.6.0">v2.6.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.7.0">v2.7.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.8.0">v2.8.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.9.0">v2.9.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.10.0">v2.10.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.11.0">v2.11.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.12.0">v2.12.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v3.0.0">v3.0.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-0.11">stable-0.11</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.11.0">v0.11.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.11.1">v0.11.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-0.12">stable-0.12</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.12.0">v0.12.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.12.1">v0.12.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.12.2">v0.12.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.12.3">v0.12.3</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.12.4">v0.12.4</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.12.5">v0.12.5</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-0.13">stable-0.13</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.13.0">v0.13.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-0.14">stable-0.14</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.14.0">v0.14.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.14.1">v0.14.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-0.15">stable-0.15</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.15.0">v0.15.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.15.1">v0.15.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.0">stable-1.0</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.0.1">v1.0.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.1">stable-1.1</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.1.1">v1.1.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.1.2">v1.1.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.2">stable-1.2</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.2.1">v1.2.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.2.2">v1.2.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.3">stable-1.3</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.3.1">v1.3.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.4">stable-1.4</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.4.1">v1.4.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.4.2">v1.4.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.5">stable-1.5</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.5.1">v1.5.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.5.2">v1.5.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.5.3">v1.5.3</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.6">stable-1.6</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.6.1">v1.6.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.6.2">v1.6.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.7">stable-1.7</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.7.1">v1.7.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.7.2">v1.7.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.0">stable-2.0</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.0.1">v2.0.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.0.2">v2.0.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.1">stable-2.1</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.1.1">v2.1.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.1.2">v2.1.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.1.3">v2.1.3</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.2">stable-2.2</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.2.1">v2.2.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.3">stable-2.3</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.3.1">v2.3.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.4">stable-2.4</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.4.0.1">v2.4.0.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.4.1">v2.4.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.5">stable-2.5</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.5.1">v2.5.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.5.1.1">v2.5.1.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.6">stable-2.6</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.6.1">v2.6.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.6.2">v2.6.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.7">stable-2.7</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.7.1">v2.7.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.8">stable-2.8</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.8.1">v2.8.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.8.1.1">v2.8.1.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.9">stable-2.9</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.9.1">v2.9.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.10">stable-2.10</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.10.1">v2.10.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.10.2">v2.10.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.11">stable-2.11</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.11.1">v2.11.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.11.2">v2.11.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.12">stable-2.12</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.12.1">v2.12.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=4f1c942b7fb29864ad86cb3af9076da38f38f74e">4f1c942b7fb29864ad86cb3af9076da38f38f74e</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+    </section>
+  </div>
+</div>
diff --git a/secnotice/2018/009.txt b/secnotice/2018/009.txt
new file mode 100644
index 0000000..ab19a83
--- /dev/null
+++ b/secnotice/2018/009.txt
@@ -0,0 +1,192 @@
+        QEMU Security Notice: QSN-2018-009
+        ==================================
+
+       Summary: pcnet integer overflow accessing buffer
+   Reported on: 20180521
+  Published on: 20180926
+      Fixed on: 
+   Reported by: Daniel Shapira <daniel@twistlock.com>
+    Patched by: Jason Wang <jasonwang@redhat.com>
+      See also: CVE-2018-17962
+
+Description
+-----------
+
+Qemu emulator built with the AMD PC-Net II (Am79C970A) emulation
+support is vulnerable to an integer overflow, which could lead to
+buffer overflow issue. It could occur when receiving packets over
+the network.
+
+Impact
+------
+
+A user inside guest could use this flaw to crash the Qemu process
+resulting in DoS.
+
+Mitigation
+----------
+
+Replace use of the AMD PC-Net II network adapter with an alternative
+model
+
+Related commits
+----------------
+
+  git://git.qemu.org/qemu.git
+  https://git.qemu.org/?p=qemu.git
+
+      Branch: master
+   Broken in: v1.0
+   Broken in: v1.1.0
+   Broken in: v1.2.0
+   Broken in: v1.3.0
+   Broken in: v1.4.0
+   Broken in: v1.5.0
+   Broken in: v1.6.0
+   Broken in: v1.7.0
+   Broken in: v2.0.0
+   Broken in: v2.1.0
+   Broken in: v2.2.0
+   Broken in: v2.3.0
+   Broken in: v2.4.0
+   Broken in: v2.5.0
+   Broken in: v2.6.0
+   Broken in: v2.7.0
+   Broken in: v2.8.0
+   Broken in: v2.9.0
+   Broken in: v2.10.0
+   Broken in: v2.11.0
+   Broken in: v2.12.0
+   Broken in: v3.0.0
+    Fixed in: 
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+    Fixed by: 2fc84f6b39577ccd6fd57bdd270902f5098c3a88
+
+      Branch: stable-0.11
+   Broken in: v0.11.0
+   Broken in: v0.11.1
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
+      Branch: stable-0.12
+   Broken in: v0.12.0
+   Broken in: v0.12.1
+   Broken in: v0.12.2
+   Broken in: v0.12.3
+   Broken in: v0.12.4
+   Broken in: v0.12.5
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
+      Branch: stable-0.13
+   Broken in: v0.13.0
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
+      Branch: stable-0.14
+   Broken in: v0.14.0
+   Broken in: v0.14.1
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
+      Branch: stable-0.15
+   Broken in: v0.15.0
+   Broken in: v0.15.1
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
+      Branch: stable-1.0
+   Broken in: v1.0.1
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
+      Branch: stable-1.1
+   Broken in: v1.1.1
+   Broken in: v1.1.2
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
+      Branch: stable-1.2
+   Broken in: v1.2.1
+   Broken in: v1.2.2
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
+      Branch: stable-1.3
+   Broken in: v1.3.1
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
+      Branch: stable-1.4
+   Broken in: v1.4.1
+   Broken in: v1.4.2
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
+      Branch: stable-1.5
+   Broken in: v1.5.1
+   Broken in: v1.5.2
+   Broken in: v1.5.3
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
+      Branch: stable-1.6
+   Broken in: v1.6.1
+   Broken in: v1.6.2
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
+      Branch: stable-1.7
+   Broken in: v1.7.1
+   Broken in: v1.7.2
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
+      Branch: stable-2.0
+   Broken in: v2.0.1
+   Broken in: v2.0.2
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
+      Branch: stable-2.1
+   Broken in: v2.1.1
+   Broken in: v2.1.2
+   Broken in: v2.1.3
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
+      Branch: stable-2.2
+   Broken in: v2.2.1
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
+      Branch: stable-2.3
+   Broken in: v2.3.1
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
+      Branch: stable-2.4
+   Broken in: v2.4.0.1
+   Broken in: v2.4.1
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
+      Branch: stable-2.5
+   Broken in: v2.5.1
+   Broken in: v2.5.1.1
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
+      Branch: stable-2.6
+   Broken in: v2.6.1
+   Broken in: v2.6.2
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
+      Branch: stable-2.7
+   Broken in: v2.7.1
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
+      Branch: stable-2.8
+   Broken in: v2.8.1
+   Broken in: v2.8.1.1
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
+      Branch: stable-2.9
+   Broken in: v2.9.1
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
+      Branch: stable-2.10
+   Broken in: v2.10.1
+   Broken in: v2.10.2
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
+      Branch: stable-2.11
+   Broken in: v2.11.1
+   Broken in: v2.11.2
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
+      Branch: stable-2.12
+   Broken in: v2.12.1
+   Broken by: 4f1c942b7fb29864ad86cb3af9076da38f38f74e
+
diff --git a/secnotice/2018/010.html b/secnotice/2018/010.html
new file mode 100644
index 0000000..192c21c
--- /dev/null
+++ b/secnotice/2018/010.html
@@ -0,0 +1,940 @@
+---
+title: 'QSN-2018-010: Ignore network packet sizes larger than INT_MAX'
+layout: secnotice
+permalink: /secnotice/2018/010
+---
+
+    <div xmlns="http://www.w3.org/1999/xhtml" id="main">
+  <div class="container">
+    <h2>Ignore network packet sizes larger than INT_MAX</h2>
+    <h3>Lifecycle</h3>
+    <table>
+      <tr>
+        <th>Reported on:</th>
+        <td>20180521</td>
+      </tr>
+      <tr>
+        <th>Published on:</th>
+        <td>20180926</td>
+      </tr>
+      <tr>
+        <th>Fixed on:</th>
+        <td/>
+      </tr>
+    </table>
+    <h3>Credits</h3>
+    <table>
+      <tr>
+        <th>Reported by:</th>
+        <td>
+          <a href="mailto:daniel@twistlock.com">Daniel Shapira</a>
+        </td>
+      </tr>
+      <tr>
+        <th>Patched by:</th>
+        <td>
+          <a href="mailto:jasonwang@redhat.com">Jason Wang</a>
+        </td>
+      </tr>
+    </table>
+    <h3>See also</h3>
+    <ul>
+      <li>
+        <a href="https://nvd.nist.gov/vuln/detail/CVE-2018-17963">CVE-2018-17963</a>
+      </li>
+    </ul>
+    <h3>Description</h3>
+    <p>
+A potential integer overflow issue was found in the QEMU emulator. It could occur when a packet with large packet size is accepted and processed.
+  </p>
+    <h3>Impact</h3>
+    <p>
+A user inside guest could use this flaw to crash the Qemu process resulting in DoS.
+  </p>
+    <h3>Mitigation</h3>
+    <p>
+None
+  </p>
+    <p class="altformat">
+      Alternative formats:
+      <a href="/secnotice/2018/010.xml">[xml]</a> <a href="/secnotice/2018/010.txt">[text]</a></p>
+  </div>
+</div><div xmlns="http://www.w3.org/1999/xhtml" id="sidebar">
+  <div class="container">
+    <section>
+      <header>
+        <h2>Related commits</h2>
+      </header>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/master">master</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=9a6ecb308b1c668fff84d56a356dbd595c51d556">9a6ecb308b1c668fff84d56a356dbd595c51d556</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/master">master</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Fixed in:</th>
+            <td class="fixedtag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h="/>
+            </td>
+          </tr>
+          <tr>
+            <th>Fixed by:</th>
+            <td class="fixedcommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=36772a6341af7c0f100b8e55a1e779db5fe818da">36772a6341af7c0f100b8e55a1e779db5fe818da</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Merged by:</th>
+            <td class="mergedcommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h="/>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.0">v1.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.1.0">v1.1.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.2.0">v1.2.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.3.0">v1.3.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.4.0">v1.4.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.5.0">v1.5.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.6.0">v1.6.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.7.0">v1.7.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.0.0">v2.0.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.1.0">v2.1.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.2.0">v2.2.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.3.0">v2.3.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.4.0">v2.4.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.5.0">v2.5.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.6.0">v2.6.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.7.0">v2.7.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.8.0">v2.8.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.9.0">v2.9.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.10.0">v2.10.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.11.0">v2.11.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.12.0">v2.12.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v3.0.0">v3.0.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=9a6ecb308b1c668fff84d56a356dbd595c51d556">9a6ecb308b1c668fff84d56a356dbd595c51d556</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-0.12">stable-0.12</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.12.0">v0.12.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.12.1">v0.12.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.12.2">v0.12.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.12.3">v0.12.3</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.12.4">v0.12.4</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.12.5">v0.12.5</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=9a6ecb308b1c668fff84d56a356dbd595c51d556">9a6ecb308b1c668fff84d56a356dbd595c51d556</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-0.13">stable-0.13</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.13.0">v0.13.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=9a6ecb308b1c668fff84d56a356dbd595c51d556">9a6ecb308b1c668fff84d56a356dbd595c51d556</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-0.14">stable-0.14</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.14.0">v0.14.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.14.1">v0.14.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=9a6ecb308b1c668fff84d56a356dbd595c51d556">9a6ecb308b1c668fff84d56a356dbd595c51d556</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-0.15">stable-0.15</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.15.0">v0.15.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.15.1">v0.15.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=9a6ecb308b1c668fff84d56a356dbd595c51d556">9a6ecb308b1c668fff84d56a356dbd595c51d556</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.0">stable-1.0</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.0.1">v1.0.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=9a6ecb308b1c668fff84d56a356dbd595c51d556">9a6ecb308b1c668fff84d56a356dbd595c51d556</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.1">stable-1.1</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.1.1">v1.1.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.1.2">v1.1.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=9a6ecb308b1c668fff84d56a356dbd595c51d556">9a6ecb308b1c668fff84d56a356dbd595c51d556</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.2">stable-1.2</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.2.1">v1.2.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.2.2">v1.2.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=9a6ecb308b1c668fff84d56a356dbd595c51d556">9a6ecb308b1c668fff84d56a356dbd595c51d556</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.3">stable-1.3</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.3.1">v1.3.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=9a6ecb308b1c668fff84d56a356dbd595c51d556">9a6ecb308b1c668fff84d56a356dbd595c51d556</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.4">stable-1.4</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.4.1">v1.4.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.4.2">v1.4.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=9a6ecb308b1c668fff84d56a356dbd595c51d556">9a6ecb308b1c668fff84d56a356dbd595c51d556</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.5">stable-1.5</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.5.1">v1.5.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.5.2">v1.5.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.5.3">v1.5.3</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=9a6ecb308b1c668fff84d56a356dbd595c51d556">9a6ecb308b1c668fff84d56a356dbd595c51d556</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.6">stable-1.6</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.6.1">v1.6.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.6.2">v1.6.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=9a6ecb308b1c668fff84d56a356dbd595c51d556">9a6ecb308b1c668fff84d56a356dbd595c51d556</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.7">stable-1.7</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.7.1">v1.7.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.7.2">v1.7.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=9a6ecb308b1c668fff84d56a356dbd595c51d556">9a6ecb308b1c668fff84d56a356dbd595c51d556</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.0">stable-2.0</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.0.1">v2.0.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.0.2">v2.0.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=9a6ecb308b1c668fff84d56a356dbd595c51d556">9a6ecb308b1c668fff84d56a356dbd595c51d556</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.1">stable-2.1</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.1.1">v2.1.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.1.2">v2.1.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.1.3">v2.1.3</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=9a6ecb308b1c668fff84d56a356dbd595c51d556">9a6ecb308b1c668fff84d56a356dbd595c51d556</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.2">stable-2.2</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.2.1">v2.2.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=9a6ecb308b1c668fff84d56a356dbd595c51d556">9a6ecb308b1c668fff84d56a356dbd595c51d556</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.3">stable-2.3</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.3.1">v2.3.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=9a6ecb308b1c668fff84d56a356dbd595c51d556">9a6ecb308b1c668fff84d56a356dbd595c51d556</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.4">stable-2.4</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.4.0.1">v2.4.0.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.4.1">v2.4.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=9a6ecb308b1c668fff84d56a356dbd595c51d556">9a6ecb308b1c668fff84d56a356dbd595c51d556</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.5">stable-2.5</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.5.1">v2.5.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.5.1.1">v2.5.1.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=9a6ecb308b1c668fff84d56a356dbd595c51d556">9a6ecb308b1c668fff84d56a356dbd595c51d556</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.6">stable-2.6</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.6.1">v2.6.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.6.2">v2.6.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=9a6ecb308b1c668fff84d56a356dbd595c51d556">9a6ecb308b1c668fff84d56a356dbd595c51d556</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.7">stable-2.7</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.7.1">v2.7.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=9a6ecb308b1c668fff84d56a356dbd595c51d556">9a6ecb308b1c668fff84d56a356dbd595c51d556</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.8">stable-2.8</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.8.1">v2.8.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.8.1.1">v2.8.1.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=9a6ecb308b1c668fff84d56a356dbd595c51d556">9a6ecb308b1c668fff84d56a356dbd595c51d556</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.9">stable-2.9</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.9.1">v2.9.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=9a6ecb308b1c668fff84d56a356dbd595c51d556">9a6ecb308b1c668fff84d56a356dbd595c51d556</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.10">stable-2.10</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.10.1">v2.10.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.10.2">v2.10.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=9a6ecb308b1c668fff84d56a356dbd595c51d556">9a6ecb308b1c668fff84d56a356dbd595c51d556</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.11">stable-2.11</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.11.1">v2.11.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.11.2">v2.11.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=9a6ecb308b1c668fff84d56a356dbd595c51d556">9a6ecb308b1c668fff84d56a356dbd595c51d556</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.12">stable-2.12</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.12.1">v2.12.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=9a6ecb308b1c668fff84d56a356dbd595c51d556">9a6ecb308b1c668fff84d56a356dbd595c51d556</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+    </section>
+  </div>
+</div>
diff --git a/secnotice/2018/010.txt b/secnotice/2018/010.txt
new file mode 100644
index 0000000..918ac7f
--- /dev/null
+++ b/secnotice/2018/010.txt
@@ -0,0 +1,188 @@
+        QEMU Security Notice: QSN-2018-010
+        ==================================
+
+       Summary: Ignore network packet sizes larger than INT_MAX
+   Reported on: 20180521
+  Published on: 20180926
+      Fixed on: 
+   Reported by: Daniel Shapira <daniel@twistlock.com>
+    Patched by: Jason Wang <jasonwang@redhat.com>
+      See also: CVE-2018-17963
+
+Description
+-----------
+
+A potential integer overflow issue was found in the QEMU emulator.
+It could occur when a packet with large packet size is accepted and
+processed.
+
+Impact
+------
+
+A user inside guest could use this flaw to crash the Qemu process
+resulting in DoS.
+
+Mitigation
+----------
+
+None
+
+Related commits
+----------------
+
+  git://git.qemu.org/qemu.git
+  https://git.qemu.org/?p=qemu.git
+
+      Branch: master
+   Broken by: 9a6ecb308b1c668fff84d56a356dbd595c51d556
+
+      Branch: master
+   Broken in: v1.0
+   Broken in: v1.1.0
+   Broken in: v1.2.0
+   Broken in: v1.3.0
+   Broken in: v1.4.0
+   Broken in: v1.5.0
+   Broken in: v1.6.0
+   Broken in: v1.7.0
+   Broken in: v2.0.0
+   Broken in: v2.1.0
+   Broken in: v2.2.0
+   Broken in: v2.3.0
+   Broken in: v2.4.0
+   Broken in: v2.5.0
+   Broken in: v2.6.0
+   Broken in: v2.7.0
+   Broken in: v2.8.0
+   Broken in: v2.9.0
+   Broken in: v2.10.0
+   Broken in: v2.11.0
+   Broken in: v2.12.0
+   Broken in: v3.0.0
+    Fixed in: 
+   Broken by: 9a6ecb308b1c668fff84d56a356dbd595c51d556
+    Fixed by: 36772a6341af7c0f100b8e55a1e779db5fe818da
+
+      Branch: stable-0.12
+   Broken in: v0.12.0
+   Broken in: v0.12.1
+   Broken in: v0.12.2
+   Broken in: v0.12.3
+   Broken in: v0.12.4
+   Broken in: v0.12.5
+   Broken by: 9a6ecb308b1c668fff84d56a356dbd595c51d556
+
+      Branch: stable-0.13
+   Broken in: v0.13.0
+   Broken by: 9a6ecb308b1c668fff84d56a356dbd595c51d556
+
+      Branch: stable-0.14
+   Broken in: v0.14.0
+   Broken in: v0.14.1
+   Broken by: 9a6ecb308b1c668fff84d56a356dbd595c51d556
+
+      Branch: stable-0.15
+   Broken in: v0.15.0
+   Broken in: v0.15.1
+   Broken by: 9a6ecb308b1c668fff84d56a356dbd595c51d556
+
+      Branch: stable-1.0
+   Broken in: v1.0.1
+   Broken by: 9a6ecb308b1c668fff84d56a356dbd595c51d556
+
+      Branch: stable-1.1
+   Broken in: v1.1.1
+   Broken in: v1.1.2
+   Broken by: 9a6ecb308b1c668fff84d56a356dbd595c51d556
+
+      Branch: stable-1.2
+   Broken in: v1.2.1
+   Broken in: v1.2.2
+   Broken by: 9a6ecb308b1c668fff84d56a356dbd595c51d556
+
+      Branch: stable-1.3
+   Broken in: v1.3.1
+   Broken by: 9a6ecb308b1c668fff84d56a356dbd595c51d556
+
+      Branch: stable-1.4
+   Broken in: v1.4.1
+   Broken in: v1.4.2
+   Broken by: 9a6ecb308b1c668fff84d56a356dbd595c51d556
+
+      Branch: stable-1.5
+   Broken in: v1.5.1
+   Broken in: v1.5.2
+   Broken in: v1.5.3
+   Broken by: 9a6ecb308b1c668fff84d56a356dbd595c51d556
+
+      Branch: stable-1.6
+   Broken in: v1.6.1
+   Broken in: v1.6.2
+   Broken by: 9a6ecb308b1c668fff84d56a356dbd595c51d556
+
+      Branch: stable-1.7
+   Broken in: v1.7.1
+   Broken in: v1.7.2
+   Broken by: 9a6ecb308b1c668fff84d56a356dbd595c51d556
+
+      Branch: stable-2.0
+   Broken in: v2.0.1
+   Broken in: v2.0.2
+   Broken by: 9a6ecb308b1c668fff84d56a356dbd595c51d556
+
+      Branch: stable-2.1
+   Broken in: v2.1.1
+   Broken in: v2.1.2
+   Broken in: v2.1.3
+   Broken by: 9a6ecb308b1c668fff84d56a356dbd595c51d556
+
+      Branch: stable-2.2
+   Broken in: v2.2.1
+   Broken by: 9a6ecb308b1c668fff84d56a356dbd595c51d556
+
+      Branch: stable-2.3
+   Broken in: v2.3.1
+   Broken by: 9a6ecb308b1c668fff84d56a356dbd595c51d556
+
+      Branch: stable-2.4
+   Broken in: v2.4.0.1
+   Broken in: v2.4.1
+   Broken by: 9a6ecb308b1c668fff84d56a356dbd595c51d556
+
+      Branch: stable-2.5
+   Broken in: v2.5.1
+   Broken in: v2.5.1.1
+   Broken by: 9a6ecb308b1c668fff84d56a356dbd595c51d556
+
+      Branch: stable-2.6
+   Broken in: v2.6.1
+   Broken in: v2.6.2
+   Broken by: 9a6ecb308b1c668fff84d56a356dbd595c51d556
+
+      Branch: stable-2.7
+   Broken in: v2.7.1
+   Broken by: 9a6ecb308b1c668fff84d56a356dbd595c51d556
+
+      Branch: stable-2.8
+   Broken in: v2.8.1
+   Broken in: v2.8.1.1
+   Broken by: 9a6ecb308b1c668fff84d56a356dbd595c51d556
+
+      Branch: stable-2.9
+   Broken in: v2.9.1
+   Broken by: 9a6ecb308b1c668fff84d56a356dbd595c51d556
+
+      Branch: stable-2.10
+   Broken in: v2.10.1
+   Broken in: v2.10.2
+   Broken by: 9a6ecb308b1c668fff84d56a356dbd595c51d556
+
+      Branch: stable-2.11
+   Broken in: v2.11.1
+   Broken in: v2.11.2
+   Broken by: 9a6ecb308b1c668fff84d56a356dbd595c51d556
+
+      Branch: stable-2.12
+   Broken in: v2.12.1
+   Broken by: 9a6ecb308b1c668fff84d56a356dbd595c51d556
+
diff --git a/secnotice/2018/011.html b/secnotice/2018/011.html
new file mode 100644
index 0000000..7f56380
--- /dev/null
+++ b/secnotice/2018/011.html
@@ -0,0 +1,823 @@
+---
+title: 'QSN-2018-011: CCID integer overflow reading data'
+layout: secnotice
+permalink: /secnotice/2018/011
+---
+
+    <div xmlns="http://www.w3.org/1999/xhtml" id="main">
+  <div class="container">
+    <h2>CCID integer overflow reading data</h2>
+    <h3>Lifecycle</h3>
+    <table>
+      <tr>
+        <th>Reported on:</th>
+        <td>20180726</td>
+      </tr>
+      <tr>
+        <th>Published on:</th>
+        <td>20181011</td>
+      </tr>
+      <tr>
+        <th>Fixed on:</th>
+        <td/>
+      </tr>
+    </table>
+    <h3>Credits</h3>
+    <table>
+      <tr>
+        <th>Reported by:</th>
+        <td>
+          <a href="mailto:tohidi.arash@gmail.com">Arash Tohidi</a>
+        </td>
+      </tr>
+      <tr>
+        <th>Patched by:</th>
+        <td>
+          <a href="mailto:philmd@redhat.com">Philippe Mathieu-Daudé</a>
+        </td>
+      </tr>
+    </table>
+    <h3>See also</h3>
+    <ul>
+      <li>
+        <a href="https://nvd.nist.gov/vuln/detail/CVE-2018-18438">CVE-2018-18438</a>
+      </li>
+    </ul>
+    <h3>Description</h3>
+    <p>
+An integer overflow issue was found in the CCID Passthru card device emulation, while reading card data in ccid_card_vscard_read() function. The ccid_card_vscard_read() function accepts a signed integer 'size' argument, which is subsequently used as unsigned size_t value in memcpy(), copying large amounts of memory.
+
+  </p>
+    <h3>Impact</h3>
+    <p>
+A user inside guest could use this flaw to crash the Qemu process resulting in DoS.
+  </p>
+    <h3>Mitigation</h3>
+    <p>
+Remove the CCID device emulation from virtual machines
+  </p>
+    <p class="altformat">
+      Alternative formats:
+      <a href="/secnotice/2018/011.xml">[xml]</a> <a href="/secnotice/2018/011.txt">[text]</a></p>
+  </div>
+</div><div xmlns="http://www.w3.org/1999/xhtml" id="sidebar">
+  <div class="container">
+    <section>
+      <header>
+        <h2>Related commits</h2>
+      </header>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/master">master</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Fixed in:</th>
+            <td class="fixedtag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h="/>
+            </td>
+          </tr>
+          <tr>
+            <th>Fixed by:</th>
+            <td class="fixedcommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h="/>
+            </td>
+          </tr>
+          <tr>
+            <th>Merged by:</th>
+            <td class="mergedcommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h="/>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.0">v1.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.1.0">v1.1.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.2.0">v1.2.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.3.0">v1.3.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.4.0">v1.4.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.5.0">v1.5.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.6.0">v1.6.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.7.0">v1.7.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.0.0">v2.0.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.1.0">v2.1.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.2.0">v2.2.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.3.0">v2.3.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.4.0">v2.4.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.5.0">v2.5.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.6.0">v2.6.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.7.0">v2.7.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.8.0">v2.8.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.9.0">v2.9.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.10.0">v2.10.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.11.0">v2.11.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.12.0">v2.12.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v3.0.0">v3.0.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=edbb21363fbfe40e050f583df921484cbc31c79d">edbb21363fbfe40e050f583df921484cbc31c79d</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-0.15">stable-0.15</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.15.0">v0.15.0</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v0.15.1">v0.15.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=edbb21363fbfe40e050f583df921484cbc31c79d">edbb21363fbfe40e050f583df921484cbc31c79d</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.0">stable-1.0</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.0.1">v1.0.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=edbb21363fbfe40e050f583df921484cbc31c79d">edbb21363fbfe40e050f583df921484cbc31c79d</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.1">stable-1.1</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.1.1">v1.1.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.1.2">v1.1.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=edbb21363fbfe40e050f583df921484cbc31c79d">edbb21363fbfe40e050f583df921484cbc31c79d</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.2">stable-1.2</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.2.1">v1.2.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.2.2">v1.2.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=edbb21363fbfe40e050f583df921484cbc31c79d">edbb21363fbfe40e050f583df921484cbc31c79d</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.3">stable-1.3</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.3.1">v1.3.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=edbb21363fbfe40e050f583df921484cbc31c79d">edbb21363fbfe40e050f583df921484cbc31c79d</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.4">stable-1.4</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.4.1">v1.4.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.4.2">v1.4.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=edbb21363fbfe40e050f583df921484cbc31c79d">edbb21363fbfe40e050f583df921484cbc31c79d</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.5">stable-1.5</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.5.1">v1.5.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.5.2">v1.5.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.5.3">v1.5.3</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=edbb21363fbfe40e050f583df921484cbc31c79d">edbb21363fbfe40e050f583df921484cbc31c79d</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.6">stable-1.6</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.6.1">v1.6.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.6.2">v1.6.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=edbb21363fbfe40e050f583df921484cbc31c79d">edbb21363fbfe40e050f583df921484cbc31c79d</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.7">stable-1.7</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.7.1">v1.7.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v1.7.2">v1.7.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=edbb21363fbfe40e050f583df921484cbc31c79d">edbb21363fbfe40e050f583df921484cbc31c79d</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.0">stable-2.0</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.0.1">v2.0.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.0.2">v2.0.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=edbb21363fbfe40e050f583df921484cbc31c79d">edbb21363fbfe40e050f583df921484cbc31c79d</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.1">stable-2.1</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.1.1">v2.1.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.1.2">v2.1.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.1.3">v2.1.3</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=edbb21363fbfe40e050f583df921484cbc31c79d">edbb21363fbfe40e050f583df921484cbc31c79d</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.2">stable-2.2</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.2.1">v2.2.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=edbb21363fbfe40e050f583df921484cbc31c79d">edbb21363fbfe40e050f583df921484cbc31c79d</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.3">stable-2.3</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.3.1">v2.3.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=edbb21363fbfe40e050f583df921484cbc31c79d">edbb21363fbfe40e050f583df921484cbc31c79d</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.4">stable-2.4</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.4.0.1">v2.4.0.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.4.1">v2.4.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=edbb21363fbfe40e050f583df921484cbc31c79d">edbb21363fbfe40e050f583df921484cbc31c79d</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.5">stable-2.5</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.5.1">v2.5.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.5.1.1">v2.5.1.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=edbb21363fbfe40e050f583df921484cbc31c79d">edbb21363fbfe40e050f583df921484cbc31c79d</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.6">stable-2.6</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.6.1">v2.6.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.6.2">v2.6.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=edbb21363fbfe40e050f583df921484cbc31c79d">edbb21363fbfe40e050f583df921484cbc31c79d</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.7">stable-2.7</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.7.1">v2.7.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=edbb21363fbfe40e050f583df921484cbc31c79d">edbb21363fbfe40e050f583df921484cbc31c79d</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.8">stable-2.8</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.8.1">v2.8.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.8.1.1">v2.8.1.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=edbb21363fbfe40e050f583df921484cbc31c79d">edbb21363fbfe40e050f583df921484cbc31c79d</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.9">stable-2.9</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.9.1">v2.9.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=edbb21363fbfe40e050f583df921484cbc31c79d">edbb21363fbfe40e050f583df921484cbc31c79d</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.10">stable-2.10</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.10.1">v2.10.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.10.2">v2.10.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=edbb21363fbfe40e050f583df921484cbc31c79d">edbb21363fbfe40e050f583df921484cbc31c79d</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.11">stable-2.11</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.11.1">v2.11.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.11.2">v2.11.2</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=edbb21363fbfe40e050f583df921484cbc31c79d">edbb21363fbfe40e050f583df921484cbc31c79d</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+      <table class="repository">
+        <thead>
+          <tr>
+            <th colspan="2">Branch:
+	      <a href="http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.12">stable-2.12</a></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <th>Broken in:</th>
+            <td class="brokentag">
+              <a href="http://git.qemu.org/?p=qemu.git;a=tag;h=v2.12.1">v2.12.1</a>
+            </td>
+          </tr>
+          <tr>
+            <th>Broken by:</th>
+            <td class="brokencommit">
+              <a href="http://git.qemu.org/?p=qemu.git;a=commit;h=edbb21363fbfe40e050f583df921484cbc31c79d">edbb21363fbfe40e050f583df921484cbc31c79d</a>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+    </section>
+  </div>
+</div>
diff --git a/secnotice/2018/011.txt b/secnotice/2018/011.txt
new file mode 100644
index 0000000..6907178
--- /dev/null
+++ b/secnotice/2018/011.txt
@@ -0,0 +1,169 @@
+        QEMU Security Notice: QSN-2018-011
+        ==================================
+
+       Summary: CCID integer overflow reading data
+   Reported on: 20180726
+  Published on: 20181011
+      Fixed on: 
+   Reported by: Arash Tohidi <tohidi.arash@gmail.com>
+    Patched by: Philippe Mathieu-Daudé <philmd@redhat.com>
+      See also: CVE-2018-18438
+
+Description
+-----------
+
+An integer overflow issue was found in the CCID Passthru card device
+emulation, while reading card data in ccid_card_vscard_read()
+function. The ccid_card_vscard_read() function accepts a signed
+integer 'size' argument, which is subsequently used as unsigned
+size_t value in memcpy(), copying large amounts of memory.
+
+Impact
+------
+
+A user inside guest could use this flaw to crash the Qemu process
+resulting in DoS.
+
+Mitigation
+----------
+
+Remove the CCID device emulation from virtual machines
+
+Related commits
+----------------
+
+  git://git.qemu.org/qemu.git
+  https://git.qemu.org/?p=qemu.git
+
+      Branch: master
+   Broken in: v1.0
+   Broken in: v1.1.0
+   Broken in: v1.2.0
+   Broken in: v1.3.0
+   Broken in: v1.4.0
+   Broken in: v1.5.0
+   Broken in: v1.6.0
+   Broken in: v1.7.0
+   Broken in: v2.0.0
+   Broken in: v2.1.0
+   Broken in: v2.2.0
+   Broken in: v2.3.0
+   Broken in: v2.4.0
+   Broken in: v2.5.0
+   Broken in: v2.6.0
+   Broken in: v2.7.0
+   Broken in: v2.8.0
+   Broken in: v2.9.0
+   Broken in: v2.10.0
+   Broken in: v2.11.0
+   Broken in: v2.12.0
+   Broken in: v3.0.0
+    Fixed in: 
+   Broken by: edbb21363fbfe40e050f583df921484cbc31c79d
+    Fixed by: 
+
+      Branch: stable-0.15
+   Broken in: v0.15.0
+   Broken in: v0.15.1
+   Broken by: edbb21363fbfe40e050f583df921484cbc31c79d
+
+      Branch: stable-1.0
+   Broken in: v1.0.1
+   Broken by: edbb21363fbfe40e050f583df921484cbc31c79d
+
+      Branch: stable-1.1
+   Broken in: v1.1.1
+   Broken in: v1.1.2
+   Broken by: edbb21363fbfe40e050f583df921484cbc31c79d
+
+      Branch: stable-1.2
+   Broken in: v1.2.1
+   Broken in: v1.2.2
+   Broken by: edbb21363fbfe40e050f583df921484cbc31c79d
+
+      Branch: stable-1.3
+   Broken in: v1.3.1
+   Broken by: edbb21363fbfe40e050f583df921484cbc31c79d
+
+      Branch: stable-1.4
+   Broken in: v1.4.1
+   Broken in: v1.4.2
+   Broken by: edbb21363fbfe40e050f583df921484cbc31c79d
+
+      Branch: stable-1.5
+   Broken in: v1.5.1
+   Broken in: v1.5.2
+   Broken in: v1.5.3
+   Broken by: edbb21363fbfe40e050f583df921484cbc31c79d
+
+      Branch: stable-1.6
+   Broken in: v1.6.1
+   Broken in: v1.6.2
+   Broken by: edbb21363fbfe40e050f583df921484cbc31c79d
+
+      Branch: stable-1.7
+   Broken in: v1.7.1
+   Broken in: v1.7.2
+   Broken by: edbb21363fbfe40e050f583df921484cbc31c79d
+
+      Branch: stable-2.0
+   Broken in: v2.0.1
+   Broken in: v2.0.2
+   Broken by: edbb21363fbfe40e050f583df921484cbc31c79d
+
+      Branch: stable-2.1
+   Broken in: v2.1.1
+   Broken in: v2.1.2
+   Broken in: v2.1.3
+   Broken by: edbb21363fbfe40e050f583df921484cbc31c79d
+
+      Branch: stable-2.2
+   Broken in: v2.2.1
+   Broken by: edbb21363fbfe40e050f583df921484cbc31c79d
+
+      Branch: stable-2.3
+   Broken in: v2.3.1
+   Broken by: edbb21363fbfe40e050f583df921484cbc31c79d
+
+      Branch: stable-2.4
+   Broken in: v2.4.0.1
+   Broken in: v2.4.1
+   Broken by: edbb21363fbfe40e050f583df921484cbc31c79d
+
+      Branch: stable-2.5
+   Broken in: v2.5.1
+   Broken in: v2.5.1.1
+   Broken by: edbb21363fbfe40e050f583df921484cbc31c79d
+
+      Branch: stable-2.6
+   Broken in: v2.6.1
+   Broken in: v2.6.2
+   Broken by: edbb21363fbfe40e050f583df921484cbc31c79d
+
+      Branch: stable-2.7
+   Broken in: v2.7.1
+   Broken by: edbb21363fbfe40e050f583df921484cbc31c79d
+
+      Branch: stable-2.8
+   Broken in: v2.8.1
+   Broken in: v2.8.1.1
+   Broken by: edbb21363fbfe40e050f583df921484cbc31c79d
+
+      Branch: stable-2.9
+   Broken in: v2.9.1
+   Broken by: edbb21363fbfe40e050f583df921484cbc31c79d
+
+      Branch: stable-2.10
+   Broken in: v2.10.1
+   Broken in: v2.10.2
+   Broken by: edbb21363fbfe40e050f583df921484cbc31c79d
+
+      Branch: stable-2.11
+   Broken in: v2.11.1
+   Broken in: v2.11.2
+   Broken by: edbb21363fbfe40e050f583df921484cbc31c79d
+
+      Branch: stable-2.12
+   Broken in: v2.12.1
+   Broken by: edbb21363fbfe40e050f583df921484cbc31c79d
+
diff --git a/secnotice/2018/index.html b/secnotice/2018/index.html
new file mode 100644
index 0000000..cdc9bf6
--- /dev/null
+++ b/secnotice/2018/index.html
@@ -0,0 +1,46 @@
+---
+title: QEMU Security Notices
+permalink: /secnotice/2018/
+---
+
+   <p xmlns="http://www.w3.org/1999/xhtml">
+     If you believe you have identified a new security issue in QEMU, please
+     follow the <a href="https://wiki.qemu.org/SecurityProcess">security process</a>
+     to report it in a non-public way. Do <strong>NOT</strong> use the bug tracker,
+     mailing lists, or IRC to report non-public security issues.
+   </p><ul xmlns="http://www.w3.org/1999/xhtml">
+  <li>
+    <a href="2018/011">QSN-2018-011: CCID integer overflow reading data</a>
+  </li>
+  <li>
+    <a href="2018/010">QSN-2018-010: Ignore network packet sizes larger than INT_MAX</a>
+  </li>
+  <li>
+    <a href="2018/009">QSN-2018-009: pcnet integer overflow accessing buffer</a>
+  </li>
+  <li>
+    <a href="2018/008">QSN-2018-008: rtl8139 integer overflow accessing buffer</a>
+  </li>
+  <li>
+    <a href="2018/007">QSN-2018-007: qemu-guest-agent integer overflow reading guest file</a>
+  </li>
+  <li>
+    <a href="2018/006">QSN-2018-006: slirp buffer overflow assembling fragmented datastream</a>
+  </li>
+  <li>
+    <a href="2018/005">QSN-2018-005: ne2000 integer overflow in buffer access</a>
+  </li>
+  <li>
+    <a href="2018/004">QSN-2018-004: Cirrus out of bounds access updating VGA display</a>
+  </li>
+  <li>
+    <a href="2018/003">QSN-2018-003: Multiboot out of bounds loading kernel</a>
+  </li>
+  <li>
+    <a href="2018/002">QSN-2018-002: VGA out of bounds in vga_draw_text</a>
+  </li>
+  <li>
+    <a href="2018/001">QSN-2018-001: Speculative store bypass</a>
+  </li>
+</ul><p xmlns="http://www.w3.org/1999/xhtml" class="alt">
+      Alternative formats: <a href="index.xml">[xml]</a></p>
diff --git a/secnotice/2018/index.xml b/secnotice/2018/index.xml
new file mode 100644
index 0000000..aa57594
--- /dev/null
+++ b/secnotice/2018/index.xml
@@ -0,0 +1,13 @@
+<security-notice-list xmlns="http://qemu.org/xmlns/security-notice-list/1.0">
+  <security-notice name='/secnotice/2018/001.xml'/>
+  <security-notice name='/secnotice/2018/002.xml'/>
+  <security-notice name='/secnotice/2018/003.xml'/>
+  <security-notice name='/secnotice/2018/004.xml'/>
+  <security-notice name='/secnotice/2018/005.xml'/>
+  <security-notice name='/secnotice/2018/006.xml'/>
+  <security-notice name='/secnotice/2018/007.xml'/>
+  <security-notice name='/secnotice/2018/008.xml'/>
+  <security-notice name='/secnotice/2018/009.xml'/>
+  <security-notice name='/secnotice/2018/010.xml'/>
+  <security-notice name='/secnotice/2018/011.xml'/>
+</security-notice-list>
diff --git a/secnotice/index.html b/secnotice/index.html
new file mode 100644
index 0000000..c2a87c6
--- /dev/null
+++ b/secnotice/index.html
@@ -0,0 +1,46 @@
+---
+title: QEMU Security Notices
+permalink: /secnotice/
+---
+
+   <p xmlns="http://www.w3.org/1999/xhtml">
+     If you believe you have identified a new security issue in QEMU, please
+     follow the <a href="https://wiki.qemu.org/SecurityProcess">security process</a>
+     to report it in a non-public way. Do <strong>NOT</strong> use the bug tracker,
+     mailing lists, or IRC to report non-public security issues.
+   </p><ul xmlns="http://www.w3.org/1999/xhtml">
+  <li>
+    <a href="2018/011">QSN-2018-011: CCID integer overflow reading data</a>
+  </li>
+  <li>
+    <a href="2018/010">QSN-2018-010: Ignore network packet sizes larger than INT_MAX</a>
+  </li>
+  <li>
+    <a href="2018/009">QSN-2018-009: pcnet integer overflow accessing buffer</a>
+  </li>
+  <li>
+    <a href="2018/008">QSN-2018-008: rtl8139 integer overflow accessing buffer</a>
+  </li>
+  <li>
+    <a href="2018/007">QSN-2018-007: qemu-guest-agent integer overflow reading guest file</a>
+  </li>
+  <li>
+    <a href="2018/006">QSN-2018-006: slirp buffer overflow assembling fragmented datastream</a>
+  </li>
+  <li>
+    <a href="2018/005">QSN-2018-005: ne2000 integer overflow in buffer access</a>
+  </li>
+  <li>
+    <a href="2018/004">QSN-2018-004: Cirrus out of bounds access updating VGA display</a>
+  </li>
+  <li>
+    <a href="2018/003">QSN-2018-003: Multiboot out of bounds loading kernel</a>
+  </li>
+  <li>
+    <a href="2018/002">QSN-2018-002: VGA out of bounds in vga_draw_text</a>
+  </li>
+  <li>
+    <a href="2018/001">QSN-2018-001: Speculative store bypass</a>
+  </li>
+</ul><p xmlns="http://www.w3.org/1999/xhtml" class="alt">
+      Alternative formats: <a href="index.xml">[xml]</a></p>
diff --git a/secnotice/index.xml b/secnotice/index.xml
new file mode 100644
index 0000000..aa57594
--- /dev/null
+++ b/secnotice/index.xml
@@ -0,0 +1,13 @@
+<security-notice-list xmlns="http://qemu.org/xmlns/security-notice-list/1.0">
+  <security-notice name='/secnotice/2018/001.xml'/>
+  <security-notice name='/secnotice/2018/002.xml'/>
+  <security-notice name='/secnotice/2018/003.xml'/>
+  <security-notice name='/secnotice/2018/004.xml'/>
+  <security-notice name='/secnotice/2018/005.xml'/>
+  <security-notice name='/secnotice/2018/006.xml'/>
+  <security-notice name='/secnotice/2018/007.xml'/>
+  <security-notice name='/secnotice/2018/008.xml'/>
+  <security-notice name='/secnotice/2018/009.xml'/>
+  <security-notice name='/secnotice/2018/010.xml'/>
+  <security-notice name='/secnotice/2018/011.xml'/>
+</security-notice-list>
-- 
2.17.2

Re: [Qemu-devel] [web PATCH 0/4] Add web section reporting information about CVEs in QEMU

[Paolo Bonzini]

On 18/10/2018 16:51, Daniel P. Berrangé wrote:
> 
> After adding the new $YEAR/$ID.xml file, 'make' will build the
> corresponding indexes and HTML/TXT renderings. Ideally the machine which
> is hosting the QEMU website would run 'make' after pulling new
> commits. In this series, however, I have just commited the rendered
> content to git.

"git push" is already running Jekyll, which has a templating mechanism
similar to the one used for blog posts
(https://jekyllrb.com/docs/collections/).  Basically one security notice
would be a file in a _secnotices directory, with the metadata in a YAML
preamble like this:

---
title: Speculative store bypass
id: 2018-001
date: 2018-05-21
reported: 2018-03-12
fixed: 2018-06-26

credits:
  - reporter:
    - name: Ken Johnson (Microsoft Security Response Center)
    - name: Jann Horn (Google Project Zero)
  - patcher:
    - name: Daniel P. Berrangé
      email: berrange@redhat.com
    - name: Konrad Rzeszutek Wilk
      email: konrad.wilk@oracle.com

advisories:
  - type: CVE
    id: 2018-3639

branches:
  - master:
      state: fixed
      change:
      - d19d1f965904a533998739698020ff4ee8a103da: fixed
      - 403503b162ffc33fb64cfefdf7b880acf41772cd: fixed
      - 4f50c1673a89b07f376ce5c42d22d79a79cd466d: merged
      - a764f3f7197f4d7ad8fe8424269933de912224cb: fixed
      - e409d9a158c77c650651e8118f6c86c8dc76eba6: merged
      - 7ba1e61953f4592606e60b2e7507ff6a6faf861a: vulnerable
      tag:
      - v0.10.1: vulnerable
    ...
+---

{% contentfor description %}
An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store
instructions (a commonly used performance optimization).
+
+It relies on the presence of a precisely-defined instruction sequence
in the privileged code as well as the fact that memory read from address
to which a recent memory write has occurred may see an older value and
subsequently cause an update into the microprocessor's data cache even
for speculatively executed instructions that never actually commit (retire).
{% endcontentfor %}

{% contentfor impact %}
As a result, an unprivileged attacker could use this flaw to read
privileged memory by conducting targeted cache side-channel attacks.
{% endcontentfor %}

{% contentfor mitigation %}
None
{% endcontentfor %}


(Requires the jekyll-contentblocks plugin).

I am not a YAML fan, but I still would probably have to hide if I
suggested using XSLT to convert the XML files to YAML. :)  Still, one
question is obvious: is the XML an industry standard?  That would make
it more palatable...

Re: [Qemu-devel] [web PATCH 0/4] Add web section reporting information about CVEs in QEMU

[Daniel P. Berrangé]

On Thu, Oct 18, 2018 at 11:36:39PM +0200, Paolo Bonzini wrote:
> On 18/10/2018 16:51, Daniel P. Berrangé wrote:
> > 
> > After adding the new $YEAR/$ID.xml file, 'make' will build the
> > corresponding indexes and HTML/TXT renderings. Ideally the machine which
> > is hosting the QEMU website would run 'make' after pulling new
> > commits. In this series, however, I have just commited the rendered
> > content to git.
> 
> "git push" is already running Jekyll, which has a templating mechanism
> similar to the one used for blog posts
> (https://jekyllrb.com/docs/collections/).  Basically one security notice
> would be a file in a _secnotices directory, with the metadata in a YAML
> preamble like this:
> 
> ---
> title: Speculative store bypass
> id: 2018-001
> date: 2018-05-21
> reported: 2018-03-12
> fixed: 2018-06-26
> 
> credits:
>   - reporter:
>     - name: Ken Johnson (Microsoft Security Response Center)
>     - name: Jann Horn (Google Project Zero)
>   - patcher:
>     - name: Daniel P. Berrangé
>       email: berrange@redhat.com
>     - name: Konrad Rzeszutek Wilk
>       email: konrad.wilk@oracle.com
> 
> advisories:
>   - type: CVE
>     id: 2018-3639
> 
> branches:
>   - master:
>       state: fixed
>       change:
>       - d19d1f965904a533998739698020ff4ee8a103da: fixed
>       - 403503b162ffc33fb64cfefdf7b880acf41772cd: fixed
>       - 4f50c1673a89b07f376ce5c42d22d79a79cd466d: merged
>       - a764f3f7197f4d7ad8fe8424269933de912224cb: fixed
>       - e409d9a158c77c650651e8118f6c86c8dc76eba6: merged
>       - 7ba1e61953f4592606e60b2e7507ff6a6faf861a: vulnerable
>       tag:
>       - v0.10.1: vulnerable
>     ...
> +---
> 
> {% contentfor description %}
> An industry-wide issue was found in the way many modern microprocessor
> designs have implemented speculative execution of Load & Store
> instructions (a commonly used performance optimization).
> +
> +It relies on the presence of a precisely-defined instruction sequence
> in the privileged code as well as the fact that memory read from address
> to which a recent memory write has occurred may see an older value and
> subsequently cause an update into the microprocessor's data cache even
> for speculatively executed instructions that never actually commit (retire).
> {% endcontentfor %}
> 
> {% contentfor impact %}
> As a result, an unprivileged attacker could use this flaw to read
> privileged memory by conducting targeted cache side-channel attacks.
> {% endcontentfor %}
> 
> {% contentfor mitigation %}
> None
> {% endcontentfor %}
> 
> 
> (Requires the jekyll-contentblocks plugin).

I really don't want to use an application specific templating system.
While we're using Jekyll for the website today, I don't think it is
a good idea to assume that for the longer term.

Even today I can't actually run the jekyll website on my laptop because
the qemu-web content uses templating syntax from an older version of
Jekyll that has been deleted in the current Jekyll versions. So I have
to hack the code to remove pieces, in order to do testing.

> I am not a YAML fan, but I still would probably have to hide if I
> suggested using XSLT to convert the XML files to YAML. :)  Still, one
> question is obvious: is the XML an industry standard?  That would make
> it more palatable...

XML itself is an industry standard, so every OS has tools for querying
and transforming the documents in standard manner, which is the key thing
which is appealing to me.

Even though JSON itself is a standard, there's no standard equvalent to
XSLT or XPath for querying and transforming JSON. You end up having to
write programs to parse, and then reformat the data in alternative formats,
and the program itself has to be written portably. Document format
transformation is what XSLT excells at, IMHO.

This particular XML format isn't an industry standard.  NIST has an XML
schema for reporting CVEs, but it only partially overlaps with the bits
of data I record here.  So we would have to use XML namespaces to add
fields for the extra pieces we want - the GIT data is the biggest
pieces.

As with many standards though, NIST schema goes for extreme generality
at the cost of making it a very unfriendly document format for humans
to read. So don't think I could recommend using the NIST schema as a
master format - even I would hate using it. It is the kind of thing
you would want to generate from our more friendly format instead.

eg compare this NIST data for a recent QEMU flaw:

  <entry id="CVE-2018-5683">
    <vuln:vulnerable-configuration id="http://nvd.nist.gov/">
      <cpe-lang:logical-test operator="OR" negate="false">
        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu"/>
      </cpe-lang:logical-test>
    </vuln:vulnerable-configuration>
    <vuln:vulnerable-software-list>
      <vuln:product>cpe:/a:qemu:qemu</vuln:product>
    </vuln:vulnerable-software-list>
    <vuln:cve-id>CVE-2018-5683</vuln:cve-id>
    <vuln:published-datetime>2018-01-23T13:29:00.580-05:00</vuln:published-datetime>
    <vuln:last-modified-datetime>2018-09-07T06:29:06.303-04:00</vuln:last-modified-datetime>
    <vuln:cvss>
      <cvss:base_metrics>
        <cvss:score>2.1</cvss:score>
        <cvss:access-vector>LOCAL</cvss:access-vector>
        <cvss:access-complexity>LOW</cvss:access-complexity>
        <cvss:authentication>NONE</cvss:authentication>
        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
        <cvss:integrity-impact>NONE</cvss:integrity-impact>
        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
        <cvss:source>http://nvd.nist.gov</cvss:source>
        <cvss:generated-on-datetime>2018-02-12T11:20:01.123-05:00</cvss:generated-on-datetime>
      </cvss:base_metrics>
    </vuln:cvss>
    <vuln:cwe id="CWE-125"/>
    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
      <vuln:source>MLIST</vuln:source>
      <vuln:reference href="http://www.openwall.com/lists/oss-security/2018/01/15/2" xml:lang="en">[oss-security] 20180115 CVE-2018-5683 Qemu: Out-of-bounds read in vga_draw_text routine</vuln:reference>
    </vuln:references>
    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
      <vuln:source>BID</vuln:source>
      <vuln:reference href="http://www.securityfocus.com/bid/102518" xml:lang="en">102518</vuln:reference>
    </vuln:references>
    <vuln:references xml:lang="en" reference_type="UNKNOWN">
      <vuln:source>REDHAT</vuln:source>
      <vuln:reference href="https://access.redhat.com/errata/RHSA-2018:0816" xml:lang="en">RHSA-2018:0816</vuln:reference>
    </vuln:references>
    <vuln:references xml:lang="en" reference_type="UNKNOWN">
      <vuln:source>REDHAT</vuln:source>
      <vuln:reference href="https://access.redhat.com/errata/RHSA-2018:1104" xml:lang="en">RHSA-2018:1104</vuln:reference>
    </vuln:references>
    <vuln:references xml:lang="en" reference_type="UNKNOWN">
      <vuln:source>REDHAT</vuln:source>
      <vuln:reference href="https://access.redhat.com/errata/RHSA-2018:2162" xml:lang="en">RHSA-2018:2162</vuln:reference>
    </vuln:references>
    <vuln:references xml:lang="en" reference_type="UNKNOWN">
      <vuln:source>MLIST</vuln:source>
      <vuln:reference href="https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html" xml:lang="en">[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update</vuln:reference>
    </vuln:references>
    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
      <vuln:source>MLIST</vuln:source>
      <vuln:reference href="https://lists.gnu.org/archive/html/qemu-devel/2018-01/msg02597.html" xml:lang="en">[Qemu-devel] 20180112 Re: [Qemu-devel] [PATCH v3] vga: check the validation of memory addr when draw text</vuln:reference>
    </vuln:references>
    <vuln:references xml:lang="en" reference_type="UNKNOWN">
      <vuln:source>UBUNTU</vuln:source>
      <vuln:reference href="https://usn.ubuntu.com/3575-1/" xml:lang="en">USN-3575-1</vuln:reference>
    </vuln:references>
    <vuln:references xml:lang="en" reference_type="UNKNOWN">
      <vuln:source>DEBIAN</vuln:source>
      <vuln:reference href="https://www.debian.org/security/2018/dsa-4213" xml:lang="en">DSA-4213</vuln:reference>
    </vuln:references>
    <vuln:summary>The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.</vuln:summary>
  </entry>

With what I have proposed here:

    <security-notice xmlns="http://qemu.org/xmlns/security-notice/1.0">
      <id>2018-002</id>
    
      <summary>VGA out of bounds in vga_draw_text</summary>
    
      <description>
    <![CDATA[Quick Emulator(QEMU) built with the VGA emulator support is
    vulnerable to an out-of-bounds access issue in vga_draw_text. It
    could occur while updating vga display area.]]>
      </description>
    
      <impact>
    <![CDATA[A privileged user inside guest could use this flaw to crash
    the Qemu process resulting in DoS.]]>
      </impact>
    
      <mitigation>
    <![CDATA[Disable graphics adapters if the virtual machines can be
    operated via the serial console]]>
      </mitigation>
    
      <credits>
        <reporter>
          <name>Jiang Xin</name>
          <email>jiangxin1@huawei.com</email>
        </reporter>
        <patcher>
          <name>Lin ZheCheng</name>
          <email>linzhecheng@huawei.com</email>
        </patcher>
      </credits>
    
      <lifecycle>
        <reported>20171228</reported>
        <published>20171225</published>
        <fixed>20180125</fixed>
      </lifecycle>
    
    
      <reference>
        <advisory type="CVE" id="2018-5683"/>
      </reference>
    
      <repository>
        <branch>
          <name>master</name>
          <tag state="fixed">v2.12.0</tag>
          <change state="fixed">191f59dc17396bb5a8da50f8c59b6e0a430711a4</change>
          <change state="merged">b3bbe959b5dc3bf07041946455cc8e8d562bfd1f</change>
          <tag state="vulnerable">v0.4.4</tag>
          <tag state="vulnerable">v0.5.0</tag>
          ...snip...
        </branch>
        <branch>
          <name>stable-2.11</name>
          <tag state="vulnerable">v2.11.1</tag>
          <tag state="vulnerable">v2.11.2</tag>
          <change state="vulnerable">e89f66eca974d2a9d5d89271c6041daefdab2105</change>
        </branch>
      </repository>
    
    </security-notice>

Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

Re: [Qemu-devel] [web PATCH 0/4] Add web section reporting information about CVEs in QEMU

[Paolo Bonzini]

On 19/10/2018 12:25, Daniel P. Berrangé wrote:
> I really don't want to use an application specific templating system.
> While we're using Jekyll for the website today, I don't think it is
> a good idea to assume that for the longer term.
> 
> Even today I can't actually run the jekyll website on my laptop because
> the qemu-web content uses templating syntax from an older version of
> Jekyll that has been deleted in the current Jekyll versions. So I have
> to hack the code to remove pieces, in order to do testing.

Note that you can use

   bundle install --path .gems
   bundle exec jekyll serve

in order to use locally-downloaded gems.

That said, we should indeed update Jekyll to a more recent version.

Paolo