+pve-qemu-kvm (2.9.1-3) stable; urgency=medium
+
+ * fix CVE-2017-15119: reject large nbd option requests
+
+ * fix CVE-2017-13672: vga: handle cirrus vbe mode wraparounds
+
+ * fix CVE-2017-15268: websocket issue with slow VNC clients
+
+ * fix CVE-2017-15289: cirrus: OOB access issue in mode4and5 write functions
+
+ * fix CVE-2017-15038: 9p: virtfs: information disclosure when reading
+ extended attributes
+
+ * various other vga stable fixes
+
+ -- Proxmox Support Team <support@proxmox.com> Wed, 29 Nov 2017 09:56:39 +0100
+
pve-qemu-kvm (2.9.1-2) stable; urgency=medium
* fix #1107: fix an issue where virtio devices would error on valid commands