-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 15 Aug 2025 12:54:40 +0300
Source: qemu
Binary: qemu-system-data
Architecture: all
Version: 1:10.0.2+ds-2+deb13u1
Distribution: trixie-security
Urgency: medium
Maintainer: all Build Daemon (x86-csail-02) <buildd_all-x86-csail-02@buildd.debian.org>
Changed-By: Michael Tokarev <mjt@tls.msk.ru>
Description:
 qemu-system-data - QEMU full system emulation (data files)
Closes: 1109989
Changes:
 qemu (1:10.0.2+ds-2+deb13u1) trixie-security; urgency=medium
 .
   * d/binfmt-install: stop using C (Credentials) flag for binfmt_misc
     registration.  qemu-user binaries were never meant to be used in
     suid/sgid scenarios, but was used in debian since late 2009.  Any
     foreign suid/sgid binary accessible to the users, in presence of
     qemu-user binfmt, is trivially exploitable to gain elevated privileges.
     This change might break existing setups since for many years people
     relied on qemu-user binfmt working with suid binaries, but this is
     a situation where it is definitely better be safe than sorry.
   * pcie_sriov-Fix-configuration-and-state-synchronizati.patch
     (Closes: #1109989, CVE-2025-54566, CVE-2025-54567)
Checksums-Sha1:
 49dbd38af497fa2a95467c31449a28f09cd26f79 2118872 qemu-system-data_10.0.2+ds-2+deb13u1_all.deb
 37b659176fcb1ca17e2ae6d708a4624f826eab8b 16145 qemu_10.0.2+ds-2+deb13u1_all-buildd.buildinfo
Checksums-Sha256:
 66fc820b6032db0755708cbc77237f21ac5f34b2a25d645f3d5ca4fd9392e9d5 2118872 qemu-system-data_10.0.2+ds-2+deb13u1_all.deb
 749ec9f18cf65596beb4d25ec73b4ee3d5598121d91d7dd4f828b795c78098ec 16145 qemu_10.0.2+ds-2+deb13u1_all-buildd.buildinfo
Files:
 0a57a6edc5fd6edb1d54bced3b6755b6 2118872 otherosfs optional qemu-system-data_10.0.2+ds-2+deb13u1_all.deb
 5c10009ee2f2b0822ce7d94e8ce293f8 16145 otherosfs optional qemu_10.0.2+ds-2+deb13u1_all-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEELusn8jY95Sf7obGlx30Wh8LXl/YFAmifoDYACgkQx30Wh8LX
l/ZduRAA4UAFgY4jPraV9pKI4aSPxFhystWDBd06jD64EIBxRwyIhCBKLY86gFk1
ojftO7J4l8jcCYoeQSS/2IQBdcqr9dwdb299Rxyny69XWLHGWgegj1IHqsKcd1OL
tHfoT+3Z3Tx9inurDNvfL9+Wf4D5YfL72J/20uwUCQYYSEkMMnLFDpJV1dg98upx
6XIfnafjAC45A7pDXsymKlJSqlsvDsTPrYtQTPCphkSsuwz7pkF9wA7YJ7gx8kw2
/e2CE0epaG2zw1biW52rtv873/EaJByCvvgSgwgjRqYQx7qoyftfArdB61qhXNkZ
+ojVBFFYsH7GdS7GHpgSzNTpj8bh9EVjLgt4gDLuSeTF+usQro8J81DKVAIohgmI
AdLTsRJFjNIg36NyhRBa4KI1dtVJrlqPW7reaeUf0EUeQFebZjrsERn2x9nQZ/X2
fziH30VL5NSUr/rJJtx5BI9wSF/6ExtiSSDUMGXDQcjLAtIEbL+mbmJ+9lpLWZhM
UwWldfyKihasFP/9PlhCINLXWOUufPTII+Y8iGWx0Ot/LYWyBcGLa1o3MLD5XDew
I99kSKtHqIpaku7R4U6QSTHi3oswoP4V63wrndIUvtDnzDRzUhoamvW0GufMbOaD
kI38kE+19/6k7774A4nizfMcms5hotTHBVgnUIUgdhgFuZqsHvQ=
=5A/o
-----END PGP SIGNATURE-----