package/qemu: security bump to version 8.0.2

Fixes CVE-2023-0330: A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or use-after-free. See: https://lists.gnu.org/archive/html/qemu-devel/2023-06/msg00221.html Signed-off-by: Romain Naour <romain.naour@smile.fr> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-06-14 23:09:26 +02:00 · 2023-06-14 23:09:26 +02:00 · 0adcc6d693
parent 59df3875b5
commit 0adcc6d693
2 changed files with 2 additions and 2 deletions
--- a/package/qemu/qemu.hash
+++ b/package/qemu/qemu.hash
@ -1,4 +1,4 @@
 # Locally computed, tarball verified with GPG signature
-sha256  bb60f0341531181d6cc3969dd19a013d0427a87f918193970d9adb91131e56d0  qemu-8.0.0.tar.xz
+sha256  f060abd435fbe6794125e2c398568ffc3cfa540042596907a8b18edca34cf6a5  qemu-8.0.2.tar.xz
 sha256  6f04ae8364d0079a192b14635f4b1da294ce18724c034c39a6a41d1b09df6100  COPYING
 sha256  dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551  COPYING.LIB
--- a/package/qemu/qemu.mk
+++ b/package/qemu/qemu.mk
@ -6,7 +6,7 @@

 # When updating the version, check whether the list of supported targets
 # needs to be updated.
-QEMU_VERSION = 8.0.0
+QEMU_VERSION = 8.0.2
 QEMU_SOURCE = qemu-$(QEMU_VERSION).tar.xz
 QEMU_SITE = https://download.qemu.org
 QEMU_LICENSE = GPL-2.0, LGPL-2.1, MIT, BSD-3-Clause, BSD-2-Clause, Others/BSD-1c