From: ftpmaster@ftp-master.debian.org   
      
   -----BEGIN PGP SIGNED MESSAGE-----   
   Hash: SHA512   
      
   Format: 1.8   
   Date: Fri, 15 Aug 2025 12:54:40 +0300   
   Source: qemu   
   Architecture: source   
   Version: 1:10.0.2+ds-2+deb13u1   
   Distribution: trixie-security   
   Urgency: medium   
   Maintainer: Debian QEMU Team    
   Changed-By: Michael Tokarev    
   Closes: 1109989   
   Changes:   
    qemu (1:10.0.2+ds-2+deb13u1) trixie-security; urgency=medium   
    .   
      * d/binfmt-install: stop using C (Credentials) flag for binfmt_misc   
        registration.  qemu-user binaries were never meant to be used in   
        suid/sgid scenarios, but was used in debian since late 2009.  Any   
        foreign suid/sgid binary accessible to the users, in presence of   
        qemu-user binfmt, is trivially exploitable to gain elevated privileges.   
        This change might break existing setups since for many years people   
        relied on qemu-user binfmt working with suid binaries, but this is   
        a situation where it is definitely better be safe than sorry.   
      * pcie_sriov-Fix-configuration-and-state-synchronizati.patch   
        (Closes: #1109989, CVE-2025-54566, CVE-2025-54567)   
   Checksums-Sha1:   
    0fb120292fc6c74a4c2035bea94bd5b1992b8d12 12455 qemu_10.0.2+ds-2+deb13u1.dsc   
    0da721835b445ce31e3d69631ac878ebe218a6af 39449628 qemu_10.0.2+ds.orig.tar.xz   
    759580a21004aea649a42789c1a2de75cfd80a0a 139060 qemu_10.0.2+ds-   
   +deb13u1.debian.tar.xz   
    3ff3c108eaa1155c243ed73014836e75bb520694 7565 qemu_10.0.2+ds-2+   
   eb13u1_source.buildinfo   
   Checksums-Sha256:   
    b61a67c1b580435742e42613fa8d4d38f9abaa75fc9c034f7e650e62ed97720a 12455   
   qemu_10.0.2+ds-2+deb13u1.dsc   
    0901da33844a331bf8b3602b9c1fbd178e60b737c8e3ade678255bd090c9b9f1 39449628   
   qemu_10.0.2+ds.orig.tar.xz   
    7d77c31eaff3ce9ef265a9dbba0b5b05508003aad9a8d41cc7999063b671dd8f 139060   
   qemu_10.0.2+ds-2+deb13u1.debian.tar.xz   
    87d0ee897cce710d82f3077bea4cac389f354f83ed2e06385fcd2341f37af508 7565   
   qemu_10.0.2+ds-2+deb13u1_source.buildinfo   
   Files:   
    5891b15bfd0c8293134c785ae71bc44e 12455 otherosfs optional qemu_   
   0.0.2+ds-2+deb13u1.dsc   
    ab6f1a263053221b049421b31f683047 39449628 otherosfs optional qe   
   u_10.0.2+ds.orig.tar.xz   
    9845432790844d8e7a3c1f3ae7e81c9f 139060 otherosfs optional qemu   
   10.0.2+ds-2+deb13u1.debian.tar.xz   
    2266abbc4d5d97c2f288183f35847a9a 7565 otherosfs optional qemu_1   
   .0.2+ds-2+deb13u1_source.buildinfo   
      
   -----BEGIN PGP SIGNATURE-----   
      
   iQIzBAEBCgAdFiEEZKoqtTHVaQM2a/75gqpKJDselHgFAmifmcYACgkQgqpKJDse   
   lHg8WA/+JKNjfF6w5YN6nwUh5BTu6TcwWsCVebE58P50nb6acBiqMlFThTke+rH3   
   4PlDpgyv1fNFho2k0981aV3onvEJ8QuV3ZZEF0DxGW78CAJatHlOaDT/Xm3zde61   
   kD8kbvzn2hFz9OfSS+LG2QjADvqql8jOCOi9zmrTpppjuOowijCw5lzLG4NwOIQb   
   JXROzMuRhNVTy9RDL3nySvUli/JhofL4MBsDvor/GbShZOg5Z/wcsNTowi8e79Lg   
   Q+WZM9Zc8uXRgJ0HahDuVtTGTCpwbUTevhC5sCd1BRAfgDSmFjNcdJNnc+j/3iDw   
   oEypSzQ74G4qce9lrmAq9JQf0GlE5y0TsG9DCbsCj2dVsHizwT7mnfs2ER2pBdc1   
   wKgxBISEW0kvfZkoAXJ7zVazAdoCFCK60oYd8VlWTBvB8hWTKdOQrQvyg2yfdEa4   
   31D6PEGF8VoSa2EmC5arVysHkJ/OkzYtuXgqIF3JqVHWA/JAjo3HBpDCWWsgsZCj   
   K5rezyl+rUe4QSEreJfugJ73n7AxlIWufZ1wbUnfGfeDWHq7B1cuVIDtWffbfLez   
   2hkcc4Olw0+rUXwN5xMUlpIIR2PHU7YrRdvxpmosD8m2EmBYL70Kkd1p1D7NP7Hf   
   6Tthiibka6qaZNjEWsx7xCV21n8PPF+EYFJupvNOSV6DcPhYzNM=   
   =C28a   
   -----END PGP SIGNATURE-----   
      
      
   --==============y63618410407907495=Content-Type: application/pgp-signature   
      
   -----BEGIN PGP SIGNATURE-----   
      
   iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCaKuoEQAKCRCb9qggYcy5   
   IV5MAP4i9V+inL6Fj2vvMnOWKUYr88KdF4rRUeoOaNqdI6gijQD+PGTuvDo1pf9c   
   x2vg6tKh4LFxBdlylLfO7QKA01lqDQE=fXND   
   -----END PGP SIGNATURE-----   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)