libslirp (4.1.0-2ubuntu2.2) focal-security; urgency=medium

  * SECURITY UPDATE: DoS via buffer overread
    - debian/patches/CVE-2020-29129_30.patch: check pkt_len before reading
      protocol header in src/ncsi.c, src/slirp.c.
    - CVE-2020-29129
    - CVE-2020-29130
  * SECURITY UPDATE: data leak in bootp_input()
    - debian/patches/CVE-2021-3592-1.patch: add mtod_check() to src/mbuf.*.
    - debian/patches/CVE-2021-3592-2.patch: limit vendor-specific area to
      input packet memory buffer in src/bootp.*, src/mbuf.*.
    - debian/patches/CVE-2021-3592-3.patch: check bootp_input buffer size
      in src/bootp.c.
    - debian/patches/CVE-2021-3592-4.patch: fix regression in dhcp in
      src/bootp.c.
    - CVE-2021-3592
  * SECURITY UPDATE: data leak in udp6_input()
    - debian/patches/CVE-2021-3593.patch: check udp6_input buffer size in
      src/udp6.c.
    - CVE-2021-3593
  * SECURITY UPDATE: data leak in udp_input()
    - debian/patches/CVE-2021-3594.patch: check upd_input buffer size in
      src/udp.c.
    - CVE-2021-3594
  * SECURITY UPDATE: data leak in tftp_input()
    - debian/patches/CVE-2021-3595-1.patch: check tftp_input buffer size in
      src/tftp.c.
    - debian/patches/CVE-2021-3595-2.patch: introduce a header structure in
      src/tftp.*.
    - CVE-2021-3595

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Mon, 21 Jun 2021 08:43:06 -0400

libslirp (4.1.0-2ubuntu2.1) focal-security; urgency=medium

  * SECURITY UPDATE: OOB read in icmp6_send_echoreply()
    - debian/patches/CVE-2020-10756.patch: check message size in
      src/ip6_input.c.
    - CVE-2020-10756

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 23 Jul 2020 14:09:04 -0400

libslirp (4.1.0-2ubuntu2) focal; urgency=medium

  * SECURITY UPDATE: use-after-free in ip_reass()
    - debian/patches/CVE-2020-1983.patch: fix buffer handling in
      src/ip_input.c.
    - CVE-2020-1983

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Tue, 21 Apr 2020 07:18:28 -0400

libslirp (4.1.0-2ubuntu1) focal; urgency=medium

  * SECURITY UPDATE: buffer overflow via incorrect snprintf return codes
    - debian/patches/ubuntu/CVE-2020-8608-1.patch: add slirp_fmt() helpers
      to src/util.c, src/util.h.
    - debian/patches/ubuntu/CVE-2020-8608-2.patch: fix unsafe snprintf()
      usages in src/tcp_subr.c.
    - CVE-2020-8608

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 19 Feb 2020 08:57:46 -0500

libslirp (4.1.0-2) unstable; urgency=high

  * Closes: #949084, CVE-2020-7039:
    OOB buffer access while emulating tcp protocols in tcp_emu()
    This includes 3 patches:
     tcp_emu-fix-OOB-access-CVE-2020-7039.patch
     slirp-use-correct-size-while-emulating-commands-CVE-2020-7039.patch
     slirp-use-correct-size-while-emulating-IRC-commands-CVE-2020-7039.patch

 -- Michael Tokarev <mjt@tls.msk.ru>  Fri, 17 Jan 2020 14:24:00 +0300

libslirp (4.1.0-1) unstable; urgency=medium

  * new upstream release (4.1.0)
  * remove all patches (now everything is included upstream)
  * included 2 new symbols to libslirp0.symbols

 -- Michael Tokarev <mjt@tls.msk.ru>  Sat, 07 Dec 2019 16:10:42 +0300

libslirp (4.0.0-2) unstable; urgency=medium

  * fork_exec-correctly-parse-command-lines-that-contain-spaces.patch
  * bump Standards-Version to 4.4.1 (no changes)

 -- Michael Tokarev <mjt@tls.msk.ru>  Thu, 28 Nov 2019 13:58:14 +0300

libslirp (4.0.0-1) unstable; urgency=medium

  * initial release

 -- Michael Tokarev <mjt@tls.msk.ru>  Tue, 27 Aug 2019 15:55:43 +0300
